Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-24509

Security vulnerabilities with Hive view (XSS)

Log workAgile BoardRank to TopRank to BottomAttach filesAttach ScreenshotBulk Copy AttachmentsBulk Move AttachmentsVotersWatch issueWatchersCreate sub-taskConvert to sub-taskLinkCloneLabelsUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    Description

      It is possible for an attacker to steal information or access from users by executing malicious javascript. This is possible due to hive directly taking data/information from events and directly populating messages, this includes directly inserting data that contains html or javascript code. Leveraging this one user could create a malicious message to steal access or information of another user. Upon viewing the malicious message the vicitim would be comprimised by directly scraping any information on the page, modify its appearence, or having their session information stolen.

      Bug reproduce steps:
      1. go to Hive view from Ambari
      2. click on 'Tables' and click on '+' to create a new table
      3. In the table name input: '"<img src=x onerror=alert(document.domain)>"' and add a column with name <img src=x onerror=alert(document.domain)> and datatype TINYINT and click on create
      4. There is a javascript popup showing the document name and domain name

      Attachments

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            nitiraj.rathore Nitiraj Singh Rathore Assign to me
            nitiraj.rathore Nitiraj Singh Rathore
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

              Estimated:
              Original Estimate - Not Specified
              Not Specified
              Remaining:
              Remaining Estimate - 0h
              0h
              Logged:
              Time Spent - 40m
              40m

              Slack

                Issue deployment