Bug #21468: XSS in API account description - Rudder - Issue Tracker

Actions

Copy link

Bug #21468

closed

Bug #21442: Various XSS vulnerabilities in the interface

XSS in API account description

Added by Alexis Mousset almost 2 years ago. Updated 11 months ago.

Status:

Released

Priority:

N/A

Assignee:

François ARMAND

Category:

Security

Target version:

7.1.3

Pull Request:

https://github.com/Normation/rudder/p...

Severity:

UX impact:

User visibility:

Effort required:

Priority:

Name check:

To do

Fix check:

To do

Regression:

Description

Even if the API accound management is now implemented in Elm it is vulnerable to an XSS in the description tooltip as we build it as raw string inside an attribute.

The impact here is low as the API accounts page or API is only available to administrators.

History
Notes
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Rudder

Custom queries

Bug #21468

XSS in API account description

Updated by Alexis Mousset almost 2 years ago

Updated by Alexis Mousset almost 2 years ago

Updated by Alexis Mousset almost 2 years ago

Updated by Alexis Mousset almost 2 years ago

Updated by Alexis Mousset almost 2 years ago

Updated by Alexis Mousset almost 2 years ago

Updated by Alexis Mousset 11 months ago