Bug 1311636 - graphite-web: Persistent XSS due to unsanitized path of graph target
graphite-web: Persistent XSS due to unsanitized path of graph target
Status: CLOSED WONTFIX
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20160218,repor...
: Security
Depends On: 1311645 1311644
Blocks: 1311652
  Show dependency treegraph
 
Reported: 2016-02-24 11:22 EST by Adam Mariš
Modified: 2016-05-18 03:00 EDT (History)
21 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-05-18 03:00:33 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Adam Mariš 2016-02-24 11:22:12 EST
A persistent XSS vulnerability in the target parameter was found. A malicious user could save javascript code in his graph and the javascript will be executed on any user that accessed this graph. It is not possible to steal the cookie because the httponly flag is present, but the attacker could do other malicious actions.

Upstream bug:

https://github.com/graphite-project/graphite-web/pull/1470

CVE request:

http://seclists.org/oss-sec/2016/q1/376
Comment 1 Adam Mariš 2016-02-24 11:35:03 EST
Created graphite-web tracking bugs for this issue:

Affects: fedora-all [bug 1311644]
Affects: epel-all [bug 1311645]

Note You need to log in before you can comment on or make changes to this bug.