Project

General

Profile

Actions

Bug #21462

closed

Bug #21442: Various XSS vulnerabilities in the interface

xss in tags tooltips

Added by Nicolas CHARLES over 2 years ago. Updated over 1 year ago.

Status:
Released
Priority:
N/A
Category:
Security
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:

Description

the tooltip of tags is not safe, in rule page and tree, but directives are safe
happens in 6.2 and 7.0; 6.1 has been fixed


Subtasks 1 (0 open1 closed)

Bug #21467: parent ticket didn't solve the issue in 7.0: tags are not safe in rule page (tree, rule & and directive tags in rule details)RejectedActions
Actions #1

Updated by Nicolas CHARLES over 2 years ago

  • Description updated (diff)
  • Target version changed from old 6.1 issues to relocate to 6.2.16
Actions #2

Updated by François ARMAND over 2 years ago

  • Status changed from New to In progress
  • Assignee set to François ARMAND
Actions #3

Updated by François ARMAND over 2 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from François ARMAND to Nicolas CHARLES
  • Pull Request set to https://github.com/Normation/rudder/pull/4392
Actions #4

Updated by Anonymous over 2 years ago

  • Status changed from Pending technical review to Pending release
Actions #5

Updated by Nicolas CHARLES over 2 years ago

  • Subtask #21467 added
Actions #6

Updated by François ARMAND over 2 years ago

  • Fix check changed from To do to Checked
Actions #7

Updated by Alexis Mousset over 2 years ago

This bug has been fixed in Rudder 6.2.16, 7.0.5 and 7.1.3 which were released today.

Actions #8

Updated by Alexis Mousset over 2 years ago

  • Status changed from Pending release to Released
Actions #9

Updated by Alexis Mousset over 1 year ago

  • Private changed from Yes to No
Actions

Also available in: Atom PDF