Project

General

Profile

Actions

Bug #21442

closed

Various XSS vulnerabilities in the interface

Added by Alexis Mousset over 2 years ago. Updated over 1 year ago.

Status:
Resolved
Priority:
N/A
Category:
Security
Target version:
Severity:
Critical - prevents main use of Rudder | no workaround | data loss | security
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No

Description

With information from nodes:

  • When running a remote run from the interface the output is not escaped
  • In node details, the software tab information are not escaped
  • In all nodes list (Nodes, Groups pages, etc.), the OS column is not escaped

(the last too are also visible for pending nodes so it can be trigerred from anyone in the allowed networks.

and with lower impact (potential privilege escalation inside Rudder):

  • tags in rules and directives, when hovering the tag in the lists (directives and rules pages)
  • api accounts details when hovering

Files

Screenshot from 2022-07-20 17-23-25.png (47.6 KB) Screenshot from 2022-07-20 17-23-25.png Alexis Mousset, 2022-07-20 17:23
injection.json (662 Bytes) injection.json Nicolas CHARLES, 2022-07-20 17:28

Subtasks 17 (0 open17 closed)

Bug #21443: Vulnerability in elm virtual-domReleasedFrançois ARMANDActions
Bug #21450: Vulnerability in elm virtual-dom - 7.0ReleasedFrançois ARMANDActions
Bug #21453: Vulnerability in elm virtual-dom - 7.1ReleasedFrançois ARMANDActions
Bug #21455: Vulnerability in elm virtual-dom - 7.2ReleasedFrançois ARMANDActions
Rudder plugins - Bug #21456: Vulnerability in elm virtual-dom - 7.2 - pluginsRejectedActions
Bug #21449: Software inventory name and version XSSReleasedAlexis MoussetActions
Bug #21452: XSS in node list columns value in 6.2ReleasedAlexis MoussetActions
Bug #21457: XSS in remote-runReleasedAlexis MoussetActions
Bug #21461: parent tiket broken the ouputReleasedFrançois ARMANDActions
Bug #21458: JS escape in tagsReleasedAlexis MoussetActions
Bug #21462: xss in tags tooltipsReleasedNicolas CHARLESActions
Bug #21467: parent ticket didn't solve the issue in 7.0: tags are not safe in rule page (tree, rule & and directive tags in rule details)RejectedActions
Bug #21468: XSS in API account descriptionReleasedFrançois ARMANDActions
Bug #21469: XSS in API directive tags in rules pageReleasedFrançois ARMANDActions
Bug #21474: CSS for tags is brokenReleasedAlexis MoussetActions
Bug #21471: XSS in node details tooltip and node column title in 7.0ReleasedAlexis MoussetActions
Bug #21473: Machine ID style is broken by parentReleasedAlexis MoussetActions

Related issues 1 (0 open1 closed)

Related to Rudder - Bug #19456: Lack of HTML escaping in nodes listReleasedNicolas CHARLESActions
Actions #3

Updated by Alexis Mousset over 2 years ago

  • Subject changed from Remote run output displays allows JS injections to Various XSS vulnerabilities in the interface
Actions #4

Updated by Alexis Mousset over 2 years ago

  • Description updated (diff)
Actions #5

Updated by Alexis Mousset over 2 years ago

  • Subtask #21443 added
Actions #6

Updated by François ARMAND over 2 years ago

  • Status changed from New to In progress
  • Assignee set to François ARMAND
Actions #7

Updated by François ARMAND over 2 years ago

  • Related to Bug #19456: Lack of HTML escaping in nodes list added
Actions #8

Updated by Alexis Mousset over 2 years ago

  • Description updated (diff)
Actions #9

Updated by François ARMAND over 2 years ago

  • Subtask #21449 added
Actions #10

Updated by François ARMAND over 2 years ago

  • Subtask #21452 added
Actions #11

Updated by François ARMAND over 2 years ago

  • Subtask #21457 added
Actions #12

Updated by François ARMAND over 2 years ago

  • Subtask #21458 added
Actions #13

Updated by Nicolas CHARLES over 2 years ago

  • Subtask #21462 added
Actions #14

Updated by Alexis Mousset over 2 years ago

  • Subtask #21468 added
Actions #15

Updated by François ARMAND over 2 years ago

  • Subtask #21471 added
Actions #16

Updated by Alexis Mousset over 2 years ago

  • Subtask #21469 added
Actions #17

Updated by Alexis Mousset about 2 years ago

  • Status changed from In progress to Resolved
  • Regression set to No
Actions #18

Updated by Alexis Mousset almost 2 years ago

  • Target version changed from old 6.1 issues to relocate to 6.1.21
Actions #19

Updated by Alexis Mousset over 1 year ago

  • Private changed from Yes to No
Actions

Also available in: Atom PDF