OSSA-2020-008 has been published to relevant mailing lists and the
https://security.openstack.org/ site.
** Changed in: ossa
Assignee: (unassigned) => Gage Hugo (gagehugo)
** Changed in: ossa
Status: Incomplete => Fix Released
** Changed in: ossa
Importance: Undecided => Medium
** Summary changed:
- Open redirect in workflow forms (CVE-2020-29565)
+ [OSSA-2020-008] Open redirect in workflow forms (CVE-2020-29565)
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1865026
Title:
[OSSA-2020-008] Open redirect in workflow forms (CVE-2020-29565)
Status in OpenStack Dashboard (Horizon):
Fix Released
Status in OpenStack Security Advisory:
Fix Released
Bug description:
This affects all released versions of Horizon.
It is possible to make Horizon redirect to an arbitrary URL:
Steps of Reproduction:
1. Visit https://rhos-d.infra.prod.upshift.rdu2.redhat.com
2. Click on Instances
3. Pick any available instance and click on it.
4. On Right side - Click on Down arrow button
5. Hover on 'Edit Instance' and copy its link location and open in the same
browser in the same tab.
6. It will look like:
https://rhos-d.infra.prod.upshift.rdu2.redhat.com/dashboard/project/instances/<instance_id>/update?step=instance_info&next=<path_and_id>;
Change the &next= value with &next=https://evil.com and refresh the page ;
then click on Save Button.
7. It will redirect the page to Evil.com.
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1865026/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
