t oo created AIRFLOW-4186:
-----------------------------
Summary: [security] ui - Application is vulnerable to redirection
attacks
Key: AIRFLOW-4186
URL: https://issues.apache.org/jira/browse/AIRFLOW-4186
Project: Apache Airflow
Issue Type: Bug
Components: security, ui
Reporter: t oo
|Issue Details|
|The Web server uses user-controlled input data to construct a redirection URL
when the "X-Forwarded-Host" header is added to a request. This header is not
added by default by the application, but causes a redirect to be performed when
provided by a user.|
| | | | | |
|The application's "X-Forwarded-Host" header is included with the site
google.com, causing the application to respond with a 302 redirect to that
location.|
|The application successfully redirects to the specified website.|
|Business Impact/Attack Scenario| | | |
|An attacker who is able to intercept and modify client HTTP requests before
reaching the application server could redirect the clients to a malicious host.|
|Recommendation| | | | |
|Use the server’s name as the redirection destination where possible, or
validate header values against a known whitelist.|
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
