[
https://issues.apache.org/jira/browse/AMBARI-24420?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16694708#comment-16694708
]
Robert Levas commented on AMBARI-24420:
---------------------------------------
[~juliaw]...
Thanks for the report. Can you email this to
[[email protected]|mailto:[email protected]] and
[[email protected]|mailto:[email protected]] with details on
how to reproduce the issue. Do not add these details here since we do not want
suck information out in the public until the vulnerability is fixed.
> XSS in Ambari Add Host Wizard
> -----------------------------
>
> Key: AMBARI-24420
> URL: https://issues.apache.org/jira/browse/AMBARI-24420
> Project: Ambari
> Issue Type: Bug
> Components: ambari-client
> Affects Versions: 2.7.1
> Reporter: Julia
> Assignee: Robert Levas
> Priority: Critical
>
> It is possible for an attacker to steal information or access from users by
> executing malicious JavaScript. This is possible due to the use of a
> javascript "eval()" function when loading the SSH private key. Leveraging
> this any malicious data in any file uploaded, not just private keys, would
> execute. In the case of private keys, malicious script in the metadata of the
> key would execute. An attacker could directly scrap and information on the
> page, modify its appearance, or steal the users sessions information.
>
> Repro:
>
> +{color:#0066cc}[https://xxxxx.azurehdinsight.net/#/main/host/add/step1]{color}+
> !https://msdata.visualstudio.com/0cd33d4d-ce7c-416d-ab00-26e15edb66e6/_apis/wit/attachments/f65e2526-613e-4af7-910e-7a19a4376a6d?fileName=attachfilehandler.png!
>
>
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
