[AMBARI-25329] Ambari breadcrumbs xss vulnerability - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Resolved
Priority: Blocker
Resolution: Fixed
Affects Version/s: 2.7.4
Fix Version/s: 2.8.0, 2.7.4
Component/s: ambari-web
Labels:
- pull-request-available

Description

Special characters should be encoded when displayed in Ambari Views.

If special characters are not encoded, then scripts (<script>alert("xss!")</script>) may be executed due to user input. For example, issues may occur by placing special character in the Display Name field of an Ambari View.

Attachments

Issue Links

links to

GitHub PR#3482

GitHub Pull Request #3040

Activity

People

Assignee:: Antonenko Alexander

Reporter:: Antonenko Alexander

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 01/Jul/19 11:41

Updated:: 10/Nov/22 17:58

Resolved:: 01/Jul/19 18:45

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

1h 20m