Uploaded image for project: 'Apache Drill'
  1. Apache Drill
  2. DRILL-7351

WebUI is Vulnerable to CSRF

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 1.16.0
    • 1.17.0
    • Web Server

    Description

      There is no way to protect the WebUI from CSRF and the fact that the value for the access-control-allow-origin header is '*' appears to confound this issue as well.

      The attached file demonstrates the vulnerability.

      Steps to replicate:

      1. Login to an instance of the Drill WebUI.
      2. Edit the attached drill-csrf.html. Replace DRILL_HOST with the hostname of the Drill WebUI from step #1.
      3. Load the file from #2 in the same browser as #1 either new tab or same window will do.
      4. Return to the Drill WebUI and click on 'Profiles'.

      Observed results:

      The query 'SELECT 100' appears in the list of executed queries (see: Screen Shot 2019-08-19 at 10.11.50 AM.png ).

      Expected results:

      It should be possible to whitelist or completely restrict code from other domain names to submit queries to the WebUI.

      Risks:

      Potential for code execution by unauthorized parties.

       

       

      Attachments

        1. drill-csrf.html
          0.3 kB
          Don Perial
        2. Screen Shot 2019-08-19 at 10.11.50 AM.png
          58 kB
          Don Perial

        Issue Links

          links to

          Web Link GitHub Pull Request #1864

          Activity

            People

              angozhiy Anton Gozhiy
              perialdon Don Perial
              Arina Ielchiieva Arina Ielchiieva
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: