You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ambari.apache.org by "Hudson (Jira)" <ji...@apache.org> on 2019/12/04 10:38:00 UTC

[jira] [Commented] (AMBARI-25439) XSS vulnerability for repo check hint

    [ https://issues.apache.org/jira/browse/AMBARI-25439?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16987728#comment-16987728 ] 

Hudson commented on AMBARI-25439:
---------------------------------

FAILURE: Integrated in Jenkins build Ambari-branch-2.7 #627 (See [https://builds.apache.org/job/Ambari-branch-2.7/627/])
AMBARI-25439. XSS vulnerability for repo check hint (aantonenko: [https://gitbox.apache.org/repos/asf?p=ambari.git&a=commit&h=3233d009445d524b93255a6a35de186416fb0ba6])
* (edit) ambari-web/app/controllers/installer.js


> XSS vulnerability for repo check hint
> -------------------------------------
>
>                 Key: AMBARI-25439
>                 URL: https://issues.apache.org/jira/browse/AMBARI-25439
>             Project: Ambari
>          Issue Type: Task
>          Components: ambari-web
>    Affects Versions: 2.7.5
>            Reporter: Antonenko Alexander
>            Assignee: Antonenko Alexander
>            Priority: Critical
>              Labels: pull-request-available
>             Fix For: 2.7.5
>
>          Time Spent: 1h
>  Remaining Estimate: 0h
>
> For now UI parses repo error hint as html. It is potential XSS vulnerability.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)