[jira] [Comment Edited] (AMBARI-24420) XSS in Ambari Add Host Wizard

Thu, 10 Jan 2019 09:49:39 -0800 


    [ 
https://issues.apache.org/jira/browse/AMBARI-24420?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16694708#comment-16694708
 ] 

Robert Levas edited comment on AMBARI-24420 at 1/10/19 5:38 PM:
----------------------------------------------------------------

[~juliaw]...

Thanks for the report.  Can you email this to 
[[email protected]|mailto:[email protected]] and 
[[email protected]|mailto:[email protected]] with details on 
how to reproduce the issue.  Do not add these details here since we do not want 
such information out in the public until the vulnerability is fixed. 

 


was (Author: rlevas):
[~juliaw]...

Thanks for the report.  Can you email this to 
[[email protected]|mailto:[email protected]] and 
[[email protected]|mailto:[email protected]] with details on 
how to reproduce the issue.  Do not add these details here since we do not want 
suck information out in the public until the vulnerability is fixed. 

 

> XSS in Ambari Add Host Wizard
> -----------------------------
>
>                 Key: AMBARI-24420
>                 URL: https://issues.apache.org/jira/browse/AMBARI-24420
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-client
>    Affects Versions: 2.7.1
>            Reporter: Julia
>            Assignee: Robert Levas
>            Priority: Critical
>
> It is possible for an attacker to steal information or access from users by 
> executing malicious JavaScript. This is possible due to the use of a 
> javascript "eval()" function when loading the SSH private key. Leveraging 
> this any malicious data in any file uploaded, not just private keys, would 
> execute. In the case of private keys, malicious script in the metadata of the 
> key would execute. An attacker could directly scrap and information on the 
> page, modify its appearance, or steal the users sessions information.
>  
> Repro:
>  
> +{color:#0066cc}[https://xxxxx.azurehdinsight.net/#/main/host/add/step1]{color}+
> !https://msdata.visualstudio.com/0cd33d4d-ce7c-416d-ab00-26e15edb66e6/_apis/wit/attachments/f65e2526-613e-4af7-910e-7a19a4376a6d?fileName=attachfilehandler.png!
>  
>  
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to