Bug 1968760

Summary: openstack-nova: novnc allows open redirection [openstack-17.0]
Product: Red Hat OpenStack Reporter: melanie witt <mwitt>
Component: openstack-novaAssignee: melanie witt <mwitt>
Status: CLOSED ERRATA QA Contact: James Parker <jparker>
Severity: medium Docs Contact:
Priority: high    
Version: 17.0 (Wallaby)CC: dasmith, eglynn, jhakimra, jparker, kchamart, nova-maint, sbauza, sgordon, stephenfin, vromanso
Target Milestone: AlphaKeywords: Security, Triaged
Target Release: 17.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-nova-23.2.2-0.20220705171705.7074ac0.el9ost Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1961337 Environment:
Last Closed: 2022-09-21 12:15:48 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1961337    
Bug Blocks: 1961346, 1961351    

Description melanie witt 2021-06-07 22:38:29 UTC 
+++ This bug was initially created as a clone of Bug #1961337 +++

Copied from the upstream bug [1]:

"This bug report is related to Security.

Currently novnc is allowing open direction, which could potentially be used for phishing attempts

To test.
https://<sites' vnc domain>//example.com/%2F..
include .. at the end

For example:
http://vncproxy.my.domain.com//example.com/%2F..

It will redirect to example.com. You can replace example.com with some legitimate domain or spoofed domain.

The description of the risk is
By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
Because the server name in the modified link is identical to the original site, phishing attempts may have a more trustworthy appearance."

[1] https://bugs.launchpad.net/nova/+bug/1927677
Comment 11 errata-xmlrpc 2022-09-21 12:15:48 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Release of components for Red Hat OpenStack Platform 17.0 (Wallaby)), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2022:6543