[AMBARI-25387] Ambari-Web UI hosts Tab is vulnerable to XSS attack - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: trunk, 2.6.2, 2.7.3
Fix Version/s: 2.8.0, 2.7.5
Component/s: None
Labels:
- pull-request-available
- security

Description

Problem Statement : Ambari-Web UI hosts Tab is vulnerable to XSS attack

Issue reproduction :

1) Execute the Following CURL command to edit the Rack INFO .

curl -u admin:admin -H "X-Requested-By:ambari" -i -X PUT http://ambari-server:8080/api/v1/clusters/asnaik/hosts -d '{"RequestInfo":{"context":"Set Rack","query":"Hosts/host_name.in(abc.openstacklocal)"},"Body":{"Hosts":{"rack_info":"/default-rack/<IMG SRC='x' onerror=javascript:alert(domain);>"}}}'

where abc.openstacklocal is the host i want to change the rack info
(please note <IMG SRC='x' onerror=javascript:alert(domain);> we cannot add in UI via edit rack_info as in UI we checks for special characters)

XSS will be injected to DOM and following Alert will be displayed.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

Screen Shot 2019-10-01 at 4.02.07 PM.png
01/Oct/19 10:32
130 kB
Akhil Naik

Issue Links

links to

GitHub PR#3491

GitHub Pull Request #3091

Activity

People

Assignee:: Akhil Naik

Reporter:: Akhil Naik

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 01/Oct/19 10:32

Updated:: 14/Nov/22 16:37

Resolved:: 03/Oct/19 08:04

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

50m