You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zeppelin.apache.org by "Akhil S Naik (Jira)" <ji...@apache.org> on 2019/09/19 05:49:00 UTC

[jira] [Created] (ZEPPELIN-4335) Deleting a Notebook is vulnerable to XSS attach

Akhil S Naik created ZEPPELIN-4335:
--------------------------------------

             Summary: Deleting a Notebook is vulnerable to XSS attach
                 Key: ZEPPELIN-4335
                 URL: https://issues.apache.org/jira/browse/ZEPPELIN-4335
             Project: Zeppelin
          Issue Type: Bug
          Components: zeppelin-web
    Affects Versions: 0.8.1, 0.8.0
            Reporter: Akhil S Naik
            Assignee: Akhil S Naik
         Attachments: XSS attack.mov

Problem Statement : Deleting a Notebook is vulnerable to XSS attach

Issue reproducing :

1) create a notebook
2) give the permission to notebook as : <script>alert('hi')</script> (press space after writing this, not enter key)
3) after this, try to delete the notebook, the BootstrapDialog that popups stating insufficient privilages is vulnerable to XSS attack


analysis : https://github.com/apache/zeppelin/blob/dda5a145249538eb5a49e452e34f9c5779e0ad87/zeppelin-web/src/components/websocket/websocket-event.factory.js#L110

in thi part of code we should sanitize the input given to bootStrapDialog with _.escape





--
This message was sent by Atlassian Jira
(v8.3.4#803005)