Project

General

Profile

Actions
Copy link

Bug #17641

closed

Markdown descriptions in directives and groups are evaluated, resulting in Javascript execution

Bug #17641: Markdown descriptions in directives and groups are evaluated, resulting in Javascript execution

Added by Nicolas CHARLES over 5 years ago. Updated over 2 years ago.

Status:
Released
Priority:
N/A
Assignee:
Vincent MEMBRÉ
Category:
Security
Target version:
6.0.7
Pull Request:
https://github.com/Normation/rudder/p...
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
To do
Regression:

Description

We can use markdown for Directives and Groups description, to have more friendly description
However, it's possible to put script with this markdown, that gets executed when displaying the group or directive details (and also in change request list)

This ticket fixes the issue by using the showdown xss filter to prevent evaluation of javascript in markdown

Subtasks 1 (0 open1 closed)

Bug #17698: Tooltips in interface tree evaluate scripts ReleasedFrançois ARMANDActions

Updated by Nicolas CHARLES over 5 years ago Actions
Copy link
 #1

  • Description updated (diff)

Updated by Nicolas CHARLES over 5 years ago Actions
Copy link
 #2

  • Subject changed from description in directives are evaluated, and we can inject whatever we want to description in directives and groups are evaluated, and we can inject whatever we want

Updated by Nicolas CHARLES over 5 years ago Actions
Copy link
 #3

https://github.com/showdownjs/showdown/issues/454

filtering has to be done server side

Updated by Nicolas CHARLES over 5 years ago Actions
Copy link
 #4

  • Status changed from New to In progress
  • Assignee set to Nicolas CHARLES

Updated by Nicolas CHARLES over 5 years ago Actions
Copy link
 #5

  • Status changed from In progress to Pending technical review
  • Assignee changed from Nicolas CHARLES to Vincent MEMBRÉ
  • Pull Request set to https://github.com/Normation/rudder/pull/3060

Updated by Nicolas CHARLES over 5 years ago Actions
Copy link
 #6

  • Status changed from Pending technical review to Pending release

Updated by Nicolas CHARLES over 5 years ago Actions
Copy link
 #7

  • Subject changed from description in directives and groups are evaluated, and we can inject whatever we want to Markdown descriptions in directives and groups are evaluated, resulting in Javascript execution
  • Description updated (diff)

Updated by Vincent MEMBRÉ over 5 years ago Actions
Copy link
 #8

This bug has been fixed in Rudder 6.0.7 and 6.1.1 which were released today.

Updated by Vincent MEMBRÉ over 5 years ago Actions
Copy link
 #9

  • Status changed from Pending release to Released
  • Private changed from Yes to No
Actions
Copy link

Also available in: PDF Atom