I agree on the C1 class.
** Changed in: ossa
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1625833
Title:
Prevent open redirects as a result of workflow action
Status in OpenStack Dashboard (Horizon):
In Progress
Status in OpenStack Security Advisory:
Won't Fix
Bug description:
For example:
/admin/flavors/create/?next=http://www.foobar.com/
If a user is tricked into clicking that link, the flavor create
workflow will be shown, but the redirect on form post will
unexpectedly take the user to another site.
Prevent this by checking that the next_url in WorkflowView.post is
same origin.
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1625833/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
