Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1375147 - (CVE-2016-6519) CVE-2016-6519 openstack-manila-ui: persistent XSS in metadata field
CVE-2016-6519 openstack-manila-ui: persistent XSS in metadata field
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20160915,repor...
: Security
Depends On: 1376644 1376220 1376221 1376222 1376223 1376642 1376643
Blocks: 1375148
  Show dependency treegraph
 
Reported: 2016-09-12 05:48 EDT by Martin Prpič
Modified: 2016-12-15 21:02 EST (History)
20 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A cross-site scripting flaw was discovered in openstack-manila-ui's Metadata field contained in its "Create Share" form. A user could inject malicious HTML/JavaScript code that would then be reflected in the "Shares" overview. Remote, authenticated, but unprivileged users could exploit this vulnerability to steal session cookies and escalate their privileges.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-12-15 21:02:40 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
CVE-2016-6519 patch (7.94 KB, text/plain)
2016-09-12 05:50 EDT, Martin Prpič 		no flags Details
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:2115 normal SHIPPED_LIVE Moderate: openstack-manila-ui security update 2016-10-26 14:22:28 EDT
Red Hat Product Errata RHSA-2016:2116 normal SHIPPED_LIVE Moderate: openstack-manila-ui security update 2016-10-26 14:22:16 EDT
Red Hat Product Errata RHSA-2016:2117 normal SHIPPED_LIVE Moderate: openstack-manila-ui security update 2016-10-26 14:22:04 EDT

  None (edit)
Description Martin Prpič 2016-09-12 05:48:43 EDT 
The following flaw was reported in OpenStack's manila-ui:

It was discovered that the Metadata field in the "Create Share" form allows users to inject malicious HTML/JavaScript code that will be reflected in the "Shares" overview. The issue comes from a mark_safe() call on the user supplied metadata.

https://github.com/openstack/manila-ui/blob/d5fe23e4ba30846acdd09fa1dc61a415016a7e26/manila_ui/dashboards/project/shares/shares/tabs.py#L49

Remote, authenticated, but unprivileged users could exploit this vulnerability to escalate privileges by stealing session cookies.
Comment 1 Martin Prpič 2016-09-12 05:50 EDT 
Created attachment 1200138 [details]
CVE-2016-6519 patch
Comment 9 Summer Long 2016-09-15 23:28:31 EDT 
Created openstack-manila-ui tracking bugs for this issue:

Affects: openstack-rdo [bug 1376642]
Affects: fedora-23 [bug 1376643]
Affects: fedora-all [bug 1376644]
Comment 11 Summer Long 2016-09-21 22:11:46 EDT 
Acknowledgments:

Name: SUSE
Upstream: Niklaus Schiess
Comment 16 errata-xmlrpc 2016-10-26 10:22:45 EDT 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 9.0 (Mitaka)

Via RHSA-2016:2117 https://rhn.redhat.com/errata/RHSA-2016-2117.html
Comment 17 errata-xmlrpc 2016-10-26 10:23:32 EDT 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 8.0 (Liberty)

Via RHSA-2016:2116 https://rhn.redhat.com/errata/RHSA-2016-2116.html
Comment 18 errata-xmlrpc 2016-10-26 10:23:59 EDT 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7

Via RHSA-2016:2115 https://rhn.redhat.com/errata/RHSA-2016-2115.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.