[OOZIE-3202] Oozie web console 'Custom Filter' can be attacked by XSS vulnerability - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 4.1.0, 4.0.1, 4.2.0, 4.3.0, 4.3.1
Fix Version/s: None
Component/s: workflow
Labels:
None
Environment:

No sepcial environment is needed.

Description

Step1. Open oozie web console

Step2. Click 'Custom Filter' and 'Custom Filter'(menu)

Step3. Input something like '<img src=11 onerror=alert(1)>' into 'Filter text', then click 'OK'

Then we get some problem:

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

image-2018-03-28-18-32-33-384.png
28/Mar/18 10:33
2 kB
YijieShen
image-2018-03-28-18-32-53-630.png
28/Mar/18 10:34
3 kB
YijieShen
image-2018-03-28-18-34-17-974.png
28/Mar/18 10:35
2 kB
YijieShen
image-2018-03-28-18-34-34-268.png
28/Mar/18 10:35
0.9 kB
YijieShen

Activity

People

Assignee:: Unassigned

Reporter:: YijieShen

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 28/Mar/18 10:36

Updated:: 28/Mar/18 10:39