The following flaw was reported in OpenStack's manila-ui: It was discovered that the Metadata field in the "Create Share" form allows users to inject malicious HTML/JavaScript code that will be reflected in the "Shares" overview. The issue comes from a mark_safe() call on the user supplied metadata. https://github.com/openstack/manila-ui/blob/d5fe23e4ba30846acdd09fa1dc61a415016a7e26/manila_ui/dashboards/project/shares/shares/tabs.py#L49 Remote, authenticated, but unprivileged users could exploit this vulnerability to escalate privileges by stealing session cookies.
Created attachment 1200138 [details] CVE-2016-6519 patch
Created openstack-manila-ui tracking bugs for this issue: Affects: openstack-rdo [bug 1376642] Affects: fedora-23 [bug 1376643] Affects: fedora-all [bug 1376644]
Acknowledgments: Name: SUSE Upstream: Niklaus Schiess
This issue has been addressed in the following products: Red Hat OpenStack Platform 9.0 (Mitaka) Via RHSA-2016:2117 https://rhn.redhat.com/errata/RHSA-2016-2117.html
This issue has been addressed in the following products: Red Hat OpenStack Platform 8.0 (Liberty) Via RHSA-2016:2116 https://rhn.redhat.com/errata/RHSA-2016-2116.html
This issue has been addressed in the following products: Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 Via RHSA-2016:2115 https://rhn.redhat.com/errata/RHSA-2016-2115.html