OpenStack Dashboard (Horizon)

  1. Series grizzly
  2. Bug #1247675
  3. Comment #22

Comment 22 for bug 1247675

Revision history for this message
Chris Chapman (chchapma) wrote : Re: [Bug 1247675] Re: [OSSA 2013-036] Insufficient sanitization of Instance Name in Horizon (CVE-2013-6858)

Hi Jeremy,

I want to confirm that this issue was also fixed on the "network topology"
page as well as the "Volumes" & "Images and Snapshots" pages.

Please confirm.

Thank you,
Chris

On 12/16/13 1:56 PM, "Jeremy Stanley" <email address hidden> wrote:

>** Changed in: ossa
> Status: Fix Committed => Fix Released
>
>--
>You received this bug notification because you are subscribed to the bug
>report.
>https://bugs.launchpad.net/bugs/1247675
>
>Title:
> [OSSA 2013-036] Insufficient sanitization of Instance Name in Horizon
> (CVE-2013-6858)
>
>Status in OpenStack Dashboard (Horizon):
> Fix Released
>Status in OpenStack Dashboard (Horizon) grizzly series:
> Fix Committed
>Status in OpenStack Dashboard (Horizon) havana series:
> Fix Committed
>Status in OpenStack Security Advisories:
> Fix Released
>
>Bug description:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Hello,
>
> My name is Chris Chapman, I am an Incident Manager with Cisco PSIRT.
>
> I would like to report the following XSS issue found in the OpenStack
> WebUI that was reported to Cisco.
>
> The details are as follows:
>
> The OpenStack web user interface is vulnerable to XSS:
>
> While launching (or editing) an instance, injecting <script> tags in
> the instance name results in the javascript being executed on the
> "Volumes" and the "Network Topology" page. This is a classic Stored
> XSS vulnerability.
>
> Recommendations:
> - - Sanitize the "Instance Name" string to prevent XSS.
> - - Sanitize all user input to prevent XSS.
> - - Consider utilizing Content Security Policy (CSP). This can be used
> to prevent inline javascript from executing & only load javascript
> files from approved domains. This would prevent XSS, even in
> scenarios where user input is not
> properly sanitized.
>
>
> Please include PSIRT-2070334443 in the subject line for all
> communications on this issue with Cisco going forward.
>
> If you can also include any case number that this issue is assigned
> that will help us track the issue.
>
> Thank you,
> Chris
>
> Chris Chapman | Incident Manager
> Cisco Product Security Incident Response Team - PSIRT
> Security Research and Operations
> Office: (949) 823-3167 | Direct: (562) 208-0043
> Email: <email address hidden>
> SIO: http://www.cisco.com/security
> PGP: 0x959B3169
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQEcBAEBCgAGBQJSc8QQAAoJEPMPZe6VmzFpLw8H/1h2ZhqKJs6nxZDGnDpn3N2t
> 6S6vwx3UYZGG5O1TTx1wrZkkHxckAg8GzMBJa6HFXPs1Zr0o9nhuLfvdKfShQFUA
> HqWMPOFPKid2LML2FMOGAWAdQAG6YTMknZ9d8JTvHI2BhluOsjxlOa0TBNr/Gm+Z
> iwAOBmAgJqU2nWx1iomiGhUpwX2oaQuqDyaosycpVtv0gQAtYsEf7zYdRNod7kB5
> 6CGEXJ8J161Bd04dta99onFAB1swroOpOgUopUoONK4nHDxot/MojnvusDmWe2Fs
> usVLh7d6hB3eDyWpVFhbKwSW+Bkmku1Tl0asCgm1Uy9DkrY23UGZuIqKhFs5A8U=
> =gycf
> -----END PGP SIGNATURE-----
>
>To manage notifications about this bug go to:
>https://bugs.launchpad.net/horizon/+bug/1247675/+subscriptions