Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-25384

Ambari Files View is Vulnerable to XSS attack

    XMLWordPrintableJSON

Details

    Description

      Problem Statement : Ambari Files view is vulnerable to XSS attack, if the Filename of the file uploaded in HDFS contains XSS scripts.

      Reproduction :

      1) login to files view

      2) create a file called in your local system and upload it to files view: <svg onload= alert(document.domain)>

      3) try to delete the file or edit permission of the file. the malciious XSS script will be executed in the Browser. this is a security Issue.

      Please see attached screenshot

      Attachments

        Activity

          People

            asnaik Akhil Naik
            asnaik Akhil Naik
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 1h
                1h