Bug 1305786
Summary: | Unsanitized input in username field on login page | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Martin Prpič <mprpic> | ||||||
Component: | pcs | Assignee: | Tomas Jelinek <tojeline> | ||||||
Status: | CLOSED ERRATA | QA Contact: | cluster-qe <cluster-qe> | ||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | medium | ||||||||
Version: | 7.2 | CC: | cfeist, cluster-maint, idevat, omular, rsteiger, tojeline | ||||||
Target Milestone: | rc | ||||||||
Target Release: | --- | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | pcs-0.9.151-1.el7 | Doc Type: | Bug Fix | ||||||
Doc Text: |
Cause:
User enters username containing HTML code to login page and submits the login form.
Consequence:
Login page reloads showing an error message informing about unsuccessful login. HTML code in username is interpreted as part of the page.
Fix:
Properly sanitize username when rendering it in login page.
Result:
Username cannot be used for HTML injection anymore.
|
Story Points: | --- | ||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2016-11-03 20:57:15 UTC | Type: | Bug | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Description
Martin Prpič
2016-02-09 08:58:35 UTC
Created attachment 1127307 [details]
proposed fix 1
Created attachment 1127308 [details]
proposed fix 2
Test: enter the following text to the login form and submit it: test' name=username><script>alert('hello')</script> This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune with any questions Before fix: [vm-rhel72-1 ~] $ rpm -q pcs pcs-0.9.143-15.el7.x86_64 1 Open pcs web ui 2 enter the following text to the login form and submit it: test' name=username><script>alert('hello')</script> 3 alert box apears After Fix: [vm-rhel72-1 ~] $ rpm -q pcs pcs-0.9.151-1.el7.x86_64 1 Open pcs web ui 2 enter the following text to the login form and submit it: test' name=username><script>alert('hello')</script> 3 alert box does not apear Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2016-2596.html |