webui icon indicating copy to clipboard operation
webui copied to clipboard
verified publisher icon ansibleguy

Problem: Potential Cross-site scripting

Open ntrampham opened this issue 1 year ago • 7 comments

Versions

latest

Scope

Backend (API)

Issue

Report.pdf

ntrampham avatar May 17 '24 22:05 ntrampham

Greetings!

Thank you for reporting this issue. Had overlooked that validation.

ansibleguy avatar May 20 '24 09:05 ansibleguy

Hi

Would you mind publishing a CVE for this?

ntrampham avatar May 20 '24 15:05 ntrampham

I actually do not know how to publish a CVE. Would have to read into it.. Using this form? https://cveform.mitre.org/

ansibleguy avatar May 20 '24 16:05 ansibleguy

Yes, absolutely right!

ntrampham avatar May 20 '24 16:05 ntrampham

That would be great if you can setup a security policy for the repo you own here https://github.com/ansibleguy/webui/security.

This would allow users to draft a report on their own. You will then only need to approve and publish it. Ref: https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/publishing-a-repository-security-advisory#

ntrampham avatar May 20 '24 16:05 ntrampham

Alright. Have added the policy and security advisories are now enabled. Would you mind testing the validation-fix in version 0.0.21?

ansibleguy avatar May 20 '24 16:05 ansibleguy

Fix looks good. I am no longer able to reproduce the vulnerability. Please go ahead and publish a security advisory for this.

ntrampham avatar May 20 '24 18:05 ntrampham

Here you go: https://github.com/ansibleguy/webui/security/advisories/GHSA-927p-xrc2-x2gj

Thank you again for reporting it.

Have a nice day

ansibleguy avatar May 28 '24 14:05 ansibleguy

Note: CSP is configured since the last release. This feature helps prevent XSS in possible future vulnerabilities. https://github.com/ansibleguy/webui/commit/5cbe2f8f536c3a80dca7b379013afa23314c8467

superstes avatar Aug 28 '24 05:08 superstes