[jira] [Updated] (AMBARI-25384) Ambari Files View is Vulnerable to XSS attack
[ https://issues.apache.org/jira/browse/AMBARI-25384?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Zhiguo Wu updated AMBARI-25384: --- Fix Version/s: 2.8.0 > Ambari Files View is Vulnerable to XSS attack > - > > Key: AMBARI-25384 > URL: https://issues.apache.org/jira/browse/AMBARI-25384 > Project: Ambari > Issue Type: Bug > Components: ambari-views >Affects Versions: trunk, 2.6.2, 2.7.4 >Reporter: Akhil Naik >Assignee: Akhil Naik >Priority: Major > Labels: pull-request-available > Fix For: 2.8.0, 2.7.5 > > Attachments: Screen Shot 2019-09-24 at 6.05.19 PM.png > > Time Spent: 1h > Remaining Estimate: 0h > > Problem Statement : Ambari Files view is vulnerable to XSS attack, if the > Filename of the file uploaded in HDFS contains XSS scripts. > Reproduction : > 1) login to files view > 2) create a file called in your local system and upload it to files view: > > 3) try to delete the file or edit permission of the file. the malciious XSS > script will be executed in the Browser. this is a security Issue. > Please see attached screenshot -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: issues-unsubscr...@ambari.apache.org For additional commands, e-mail: issues-h...@ambari.apache.org
[jira] [Updated] (AMBARI-25384) Ambari Files View is Vulnerable to XSS attack
[ https://issues.apache.org/jira/browse/AMBARI-25384?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Akhil Naik updated AMBARI-25384: Fix Version/s: (was: trunk) > Ambari Files View is Vulnerable to XSS attack > - > > Key: AMBARI-25384 > URL: https://issues.apache.org/jira/browse/AMBARI-25384 > Project: Ambari > Issue Type: Bug > Components: ambari-views >Affects Versions: trunk, 2.6.2, 2.7.4 >Reporter: Akhil Naik >Assignee: Akhil Naik >Priority: Major > Labels: pull-request-available > Fix For: 2.7.5 > > Attachments: Screen Shot 2019-09-24 at 6.05.19 PM.png > > Time Spent: 40m > Remaining Estimate: 0h > > Problem Statement : Ambari Files view is vulnerable to XSS attack, if the > Filename of the file uploaded in HDFS contains XSS scripts. > Reproduction : > 1) login to files view > 2) create a file called in your local system and upload it to files view: > > 3) try to delete the file or edit permission of the file. the malciious XSS > script will be executed in the Browser. this is a security Issue. > Please see attached screenshot -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (AMBARI-25384) Ambari Files View is Vulnerable to XSS attack
[ https://issues.apache.org/jira/browse/AMBARI-25384?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] ASF GitHub Bot updated AMBARI-25384: Labels: pull-request-available (was: ) > Ambari Files View is Vulnerable to XSS attack > - > > Key: AMBARI-25384 > URL: https://issues.apache.org/jira/browse/AMBARI-25384 > Project: Ambari > Issue Type: Bug > Components: ambari-views >Affects Versions: trunk, 2.6.2, 2.7.4 >Reporter: Akhil Naik >Assignee: Akhil Naik >Priority: Major > Labels: pull-request-available > Attachments: Screen Shot 2019-09-24 at 6.05.19 PM.png > > > Problem Statement : Ambari Files view is vulnerable to XSS attack, if the > Filename of the file uploaded in HDFS contains XSS scripts. > Reproduction : > 1) login to files view > 2) create a file called in your local system and upload it to files view: > > 3) try to delete the file or edit permission of the file. the malciious XSS > script will be executed in the Browser. this is a security Issue. > Please see attached screenshot -- This message was sent by Atlassian Jira (v8.3.4#803005)