Reviewed: https://review.opendev.org/757122 Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=8a963626e12ee25cf2f9ab29c172b16f5bbce4c9 Submitter: Zuul Branch: master
commit 8a963626e12ee25cf2f9ab29c172b16f5bbce4c9 Author: Ivan Kolodyazhny <[email protected]> Date: Fri Oct 9 17:58:32 2020 +0300 Added validation for csrf_failure GET argument During csrf_failure argument validation horizon drops unknown messages so nobody can't inject any message to login view. Change-Id: I78a7592562a6249629f4d236ca59eb83d9094123 Closes-Bug: #1898465 ** Changed in: horizon Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1898465 Title: In Openstack Horizon component it was observed that the application is taking input from URL and reflecting it into the webpage Status in OpenStack Dashboard (Horizon): Fix Released Status in OpenStack Security Advisory: Won't Fix Bug description: Impact: An attacker can use text injection vulnerability to present a customized message on the application that can phish users into believing that the message is legitimate. The intent is typical to tick victims, although sometimes the actual purpose may be to simply misrepresent the organization or an individual. This attack is typically used as, or in conjunction with, social engineering because the attack is exploiting a code-based vulnerability and a user’s trust Recommendation: It is recommended not to take user input and reflect to the webpage via parameter. It would a better option if these contents can be hardcoded into the codebase. Affected Parameter: csrf_failure POC: Navigate to https://SAMPLE.com/auth/login/?csrf_failure=HI,%20THE%20CONTENT%20IS%20HIJACKED%20PLEASE%20VISIT%20EVIL.COM The malicious content will get injection into the web-page. To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1898465/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
