You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Hudson (Jira)" <ji...@apache.org> on 2019/12/04 10:38:00 UTC
[jira] [Commented] (AMBARI-25439) XSS vulnerability for repo check
hint
[ https://issues.apache.org/jira/browse/AMBARI-25439?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16987728#comment-16987728 ]
Hudson commented on AMBARI-25439:
---------------------------------
FAILURE: Integrated in Jenkins build Ambari-branch-2.7 #627 (See [https://builds.apache.org/job/Ambari-branch-2.7/627/])
AMBARI-25439. XSS vulnerability for repo check hint (aantonenko: [https://gitbox.apache.org/repos/asf?p=ambari.git&a=commit&h=3233d009445d524b93255a6a35de186416fb0ba6])
* (edit) ambari-web/app/controllers/installer.js
> XSS vulnerability for repo check hint
> -------------------------------------
>
> Key: AMBARI-25439
> URL: https://issues.apache.org/jira/browse/AMBARI-25439
> Project: Ambari
> Issue Type: Task
> Components: ambari-web
> Affects Versions: 2.7.5
> Reporter: Antonenko Alexander
> Assignee: Antonenko Alexander
> Priority: Critical
> Labels: pull-request-available
> Fix For: 2.7.5
>
> Time Spent: 1h
> Remaining Estimate: 0h
>
> For now UI parses repo error hint as html. It is potential XSS vulnerability.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)