Reviewed: https://review.openstack.org/447064 Committed: https://git.openstack.org/cgit/openstack/ossa/commit/?id=d9fb681d40ed9b2ec535b3ffa49451edfd199167 Submitter: Jenkins Branch: master
commit d9fb681d40ed9b2ec535b3ffa49451edfd199167 Author: Tristan Cacqueray <[email protected]> Date: Fri Mar 17 16:49:35 2017 +0000 Adds OSSA-2017-003 (CVE-2017-7400) Change-Id: Iead38e4f72cfe54102612a07a4001862cb5fd32c Closes-Bug: #1667086 ** Changed in: ossa Status: In Progress => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2017-7400 -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1667086 Title: [OSSA-2017-003] XSS in federation mappings UI (CVE-2017-7400) Status in OpenStack Dashboard (Horizon): Fix Released Status in OpenStack Security Advisory: Fix Released Bug description: Found in Mitaka Steps: - Setup federation in keystone and horizon - Launch and login to horizon as an admin - Click on the Federation->Mappings tab - Create or update a mapping with the following content that contains javascript [ { "local": [ { "domain": { "name": "Default" }, "group": { "domain": { "name": "Default" }, "name": "Federated Users" }, "user": { "name": "{<script>alert('test');</script>}", "email": "{1}" }, "groups": "{2}" } ], "remote": [ { "type": "REMOTE_USER" }, { "type": "MELLON_userEmail" }, { "type": "MELLON_groups" } ] } ] Now whenever this Federation->Mapping page is shown, the javascript will execute. It appears other pages in horizon protect against such attacks (such as Users, Groups, etc). So I'm guessing that the rendering of this page just needs to be escaped to ignore tags. To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1667086/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
