Solr
  1. Solr
  2. SOLR-7949

Thers is a xss issue in plugins/stats page of Admin Web UI.

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 4.9, 4.10.4, 5.2.1
    • Fix Version/s: 5.3.1, 5.4, 6.0
    • Component/s: web gui
    • Labels:
      None

      Description

      Open Solr Admin Web UI, select a core(such as collection1) and then click "Plugins/stats",and type a url like "http://127.0.0.1:8983/solr/#/collection1/plugins/cache?entry=score=<img src=1 onerror=alert(1);> to the browser address, you will get alert box with "1".

      I changed follow code to resolve this problem:
      The Original code:
      for( var i = 0; i < entry_count; i++ )

      { $( 'a[data-bean="' + entries[i] + '"]', frame_element ) .parent().addClass( 'expanded' ); }

      The Changed code:
      for( var i = 0; i < entry_count; i++ )

      { $( 'a[data-bean="' + entries[i].esc() + '"]', frame_element ) .parent().addClass( 'expanded' ); }

        Activity

        Hide
        ASF subversion and git services added a comment -

        Commit 1696782 from janhoy@apache.org in branch 'dev/trunk'
        [ https://svn.apache.org/r1696782 ]

        SOLR-7949: Resolve XSS issue in Admin UI stats page

        Show
        ASF subversion and git services added a comment - Commit 1696782 from janhoy@apache.org in branch 'dev/trunk' [ https://svn.apache.org/r1696782 ] SOLR-7949 : Resolve XSS issue in Admin UI stats page
        Hide
        ASF subversion and git services added a comment -

        Commit 1696903 from janhoy@apache.org in branch 'dev/branches/branch_5x'
        [ https://svn.apache.org/r1696903 ]

        SOLR-7949: Resolve XSS issue in Admin UI stats page (backport)

        Show
        ASF subversion and git services added a comment - Commit 1696903 from janhoy@apache.org in branch 'dev/branches/branch_5x' [ https://svn.apache.org/r1696903 ] SOLR-7949 : Resolve XSS issue in Admin UI stats page (backport)
        Hide
        Jan Høydahl added a comment -

        davidchiu thanks for your bug reports. I don't know if you do all your research in FireBug or if you download the full Solr source code and build yourself. If you do the latter, please consider uploading your findings as a patch file. See more in https://wiki.apache.org/solr/HowToContribute

        Show
        Jan Høydahl added a comment - davidchiu thanks for your bug reports. I don't know if you do all your research in FireBug or if you download the full Solr source code and build yourself. If you do the latter, please consider uploading your findings as a patch file. See more in https://wiki.apache.org/solr/HowToContribute
        Hide
        davidchiu added a comment - - edited

        OK,I will try to uploading patch files when finding bugs。

        Show
        davidchiu added a comment - - edited OK,I will try to uploading patch files when finding bugs。
        Hide
        Upayavira added a comment -

        Thanks! And, please note that there is a new instance of the UI, backed by AngularJS that will at some point take over from the one you have been reviewing. I would love to have your eye cast over that one too. It should be feature-to-feature compatible with the old one. In Solr 5.3 it is at http://localhost:8983/solr/index.html#

        Show
        Upayavira added a comment - Thanks! And, please note that there is a new instance of the UI, backed by AngularJS that will at some point take over from the one you have been reviewing. I would love to have your eye cast over that one too. It should be feature-to-feature compatible with the old one. In Solr 5.3 it is at http://localhost:8983/solr/index.html#
        Hide
        ASF subversion and git services added a comment -

        Commit 1697341 from janhoy@apache.org in branch 'dev/branches/lucene_solr_5_3'
        [ https://svn.apache.org/r1697341 ]

        SOLR-7949: Resolve XSS issue in Admin UI stats page (backport)

        Show
        ASF subversion and git services added a comment - Commit 1697341 from janhoy@apache.org in branch 'dev/branches/lucene_solr_5_3' [ https://svn.apache.org/r1697341 ] SOLR-7949 : Resolve XSS issue in Admin UI stats page (backport)
        Hide
        Jan Høydahl added a comment -

        Resolved and backported to 5.3.1.
        If/when 5.3.1 is released, we should move changes entries for trunk and branch_5x; they now say 5.4

        Show
        Jan Høydahl added a comment - Resolved and backported to 5.3.1. If/when 5.3.1 is released, we should move changes entries for trunk and branch_5x; they now say 5.4
        Hide
        Miriam Celi added a comment -

        Does this issue also affect version 5.3.0?

        Show
        Miriam Celi added a comment - Does this issue also affect version 5.3.0?
        Hide
        Upayavira added a comment -

        Miriam Celi from the fix version, it looks like it was resolved in 5.3.1, so yes, it is in 5.3.0.

        Show
        Upayavira added a comment - Miriam Celi from the fix version, it looks like it was resolved in 5.3.1, so yes, it is in 5.3.0.
        Hide
        Miriam Celi added a comment -

        I wasn't sure if 5.3.0 was one of the affected versions, since the Details included at the top of the record only lists 4.9, 4.10.4, 5.2.1 as affected versions. Perhaps Affected Versions should be set to "All versions prior to 5.3.1" in order to avoid confusion???

        Show
        Miriam Celi added a comment - I wasn't sure if 5.3.0 was one of the affected versions, since the Details included at the top of the record only lists 4.9, 4.10.4, 5.2.1 as affected versions. Perhaps Affected Versions should be set to "All versions prior to 5.3.1" in order to avoid confusion???

          People

          • Assignee:
            Jan Høydahl
            Reporter:
            davidchiu
          • Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development