Uploaded image for project: 'Zeppelin'
  1. Zeppelin
  2. ZEPPELIN-4335

Deleting a Notebook is vulnerable to XSS attach

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 0.8.0, 0.8.1
    • 0.8.2
    • zeppelin-web
    • None

    Description

      Problem Statement : Deleting a Notebook is vulnerable to XSS attach

      Issue reproducing :

      1) create a notebook
      2) give the permission to notebook as : <script>alert('hi')</script> (press space after writing this, not enter key)
      3) after this, try to delete the notebook, the BootstrapDialog that popups stating insufficient privilages is vulnerable to XSS attack

      analysis : https://github.com/apache/zeppelin/blob/dda5a145249538eb5a49e452e34f9c5779e0ad87/zeppelin-web/src/components/websocket/websocket-event.factory.js#L110

      in thi part of code we should sanitize the input given to bootStrapDialog with _.escape

      Attachments

        1. XSS attack.mov
          23.33 MB
          Akhil Naik

        Issue Links

          duplicates

          Task - A task that needs to be done. ZEPPELIN-4333 Escape popup dialog title and message

          • Major - Major loss of function.
          • Closed
          links to

          Web Link GitHub Pull Request #3452

          Web Link GitHub Pull Request #3453

          Activity

            People

              asnaik Akhil Naik
              asnaik Akhil Naik
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 1h 40m
                  1h 40m