You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Nitiraj Singh Rathore (JIRA)" <ji...@apache.org> on 2018/08/23 10:27:00 UTC
[jira] [Resolved] (AMBARI-24509) Security vulnerabilities with Hive
view (XSS)
[ https://issues.apache.org/jira/browse/AMBARI-24509?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nitiraj Singh Rathore resolved AMBARI-24509.
--------------------------------------------
Resolution: Fixed
UI will not accept input with javascript in its text.
> Security vulnerabilities with Hive view (XSS)
> ---------------------------------------------
>
> Key: AMBARI-24509
> URL: https://issues.apache.org/jira/browse/AMBARI-24509
> Project: Ambari
> Issue Type: Bug
> Components: ambari-views
> Affects Versions: 2.6.0
> Reporter: Nitiraj Singh Rathore
> Assignee: Nitiraj Singh Rathore
> Priority: Major
> Labels: pull-request-available
> Fix For: 2.6.2
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> It is possible for an attacker to steal information or access from users by executing malicious javascript. This is possible due to hive directly taking data/information from events and directly populating messages, this includes directly inserting data that contains html or javascript code. Leveraging this one user could create a malicious message to steal access or information of another user. Upon viewing the malicious message the vicitim would be comprimised by directly scraping any information on the page, modify its appearence, or having their session information stolen.
> Bug reproduce steps:
> 1. go to Hive view from Ambari
> 2. click on 'Tables' and click on '+' to create a new table
> 3. In the table name input: '"<img src=x onerror=alert(document.domain)>"' and add a column with name <img src=x onerror=alert(document.domain)> and datatype TINYINT and click on create
> 4. There is a javascript popup showing the document name and domain name
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)