| Summary: | ikiwiki: osm plugin does not correctly sanitize parameters | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Ratul Gupta <ratulg> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | thomas.moschny |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-06-07 13:44:54 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Bug Depends On: | 1039939 | ||
| Bug Blocks: | |||
Created ikiwiki tracking bugs for this issue: Affects: fedora-all [bug 1039939] ikiwiki-3.20140125-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. ikiwiki-3.20140125-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. Can we close this ticket? |
It was found that the osm plugin for ikiwiki uses htmlscrubber (if enabled) to sanitize some parameters. Even when it is enabled, it was found that it still does not correctly escape some fields. In particular, the "name" parameter is included verbatim, breaking involuntarily javascript when the name contains a single quote/apostrophe ('). Due to this, javascript code injection might become trivial. References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731797