Project

General

Profile

Actions
Copy link

Bug #17698

closed

Bug #17641: Markdown descriptions in directives and groups are evaluated, resulting in Javascript execution

Tooltips in interface tree evaluate scripts

Added by Nicolas CHARLES almost 4 years ago. Updated 9 months ago.

Status:
Released
Priority:
N/A
Assignee:
François ARMAND
Category:
Security
Target version:
5.0.18
Pull Request:
https://github.com/Normation/rudder/p...
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
To do
Regression:

Description

Trees in Directives and Active Technique pages display tooltips containing the description of the Technique.
However, this tooltip evaluates everything that is in the description, especially Javascript, that would get executed when hovering over a malicious Technique

For instance, creating a technique with decription <script>alert("bob");</script> and hovering over the technique in directives page or the active technique page shows the alert

Escaping the content of the tooltip fixes the issue

Related issues 1 (0 open1 closed)

Related to Rudder - Bug #14221: we can inject html & javascript in Rudder tablesReleasedFrançois ARMANDActions
Actions
Copy link

Also available in: Atom PDF