Bug 1311636

Summary: graphite-web: Persistent XSS due to unsanitized path of graph target
Product: [Other] Security Response Reporter: Adam Mariš <amaris>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abaron, aortega, apevec, ayoung, carnil, ceph-eng-bugs, chrisw, dallan, gkotton, jonathansteffan, jschluet, lhh, lpeer, markmc, piotr1212, rbryant, sclewis, sisharma, srevivo, tdecacqu
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-05-18 07:00:33 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1311644, 1311645    
Bug Blocks: 1311652    

Description Adam Mariš 2016-02-24 16:22:12 UTC 
A persistent XSS vulnerability in the target parameter was found. A malicious user could save javascript code in his graph and the javascript will be executed on any user that accessed this graph. It is not possible to steal the cookie because the httponly flag is present, but the attacker could do other malicious actions.

Upstream bug:

https://github.com/graphite-project/graphite-web/pull/1470

CVE request:

http://seclists.org/oss-sec/2016/q1/376
Comment 1 Adam Mariš 2016-02-24 16:35:03 UTC 
Created graphite-web tracking bugs for this issue:

Affects: fedora-all [bug 1311644]
Affects: epel-all [bug 1311645]