Reviewed: https://review.opendev.org/750207 Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=252467100f75587e18df9c43ed5802ee8f0017fa Submitter: Zuul Branch: master
commit 252467100f75587e18df9c43ed5802ee8f0017fa Author: Radomir Dopieralski <[email protected]> Date: Mon Sep 7 21:03:36 2020 +0200 Fix open redirect Make sure the "next" URL is in the same origin as Horizon before redirecting to it. Change-Id: I06b2bfc8e3638591615547780c3fa34b0abe19f6 Closes-bug: #1865026 ** Changed in: horizon Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1865026 Title: Open redirect in workflow forms Status in OpenStack Dashboard (Horizon): Fix Released Status in OpenStack Security Advisory: Incomplete Bug description: This affects all released versions of Horizon. It is possible to make Horizon redirect to an arbitrary URL: Steps of Reproduction: 1. Visit https://rhos-d.infra.prod.upshift.rdu2.redhat.com 2. Click on Instances 3. Pick any available instance and click on it. 4. On Right side - Click on Down arrow button 5. Hover on 'Edit Instance' and copy its link location and open in the same browser in the same tab. 6. It will look like: https://rhos-d.infra.prod.upshift.rdu2.redhat.com/dashboard/project/instances/<instance_id>/update?step=instance_info&next=<path_and_id>; Change the &next= value with &next=https://evil.com and refresh the page ; then click on Save Button. 7. It will redirect the page to Evil.com. To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1865026/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
