request #10829 XSS in autocompleters API responses

Artifact

Infos

Artifact ID#10829

Submitted byThomas Gerbet (tgerbet)

Last Modified On2017-12-11 13:12

Submitted on2017-11-20 14:45

Rank11055

Details

Summary *

XSS in autocompleters API responses

Original Submission

A XSS can injected in the responses of project and user autocompleters.

Impact

An attacker could use this vulnerability to force a victim to execute uncontrolled code.
CVSSv3 score: 5.4 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Exploitation

Set the real name of a user to something like <img src=a onerror=alert(1)> and then access to the page https://<tuleap_instance>/user/autocomplete.php?return_type=json_for_select_2&name=<query_to_match_your_user>

References

CWE 79
OWASP Cross-site Scripting

CategoryOther

Reported in versionAll

PlatformEmpty

Is an Enhancement or an internal improvement?

[ ] enhancement
[ ] internal improvement

CC listEmpty

Stage

Assigned toEmpty

StatusClosed

Close date2017-11-20

Attachments

Connected artifacts

Artifact links

Releases

Fixed in

	Artifact ID	Project	Tracker	Summary	Status	Last Update Date	Submitted By	Assigned to
	rel #10588	Tuleap	Releases	9.15	Delivered	2017-07-12 17:01	Manuel Vacelet (vaceletm)

Reverse artifact links

Empty

AttachmentsEmpty

References

Cross references

Referencing request #10829

Git commit

tuleap/tuleap/stable

Merge commit 'refs/changes/60/9960/1' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD 924f4f56b2

Yannis ROSSETTO (rossettoy) , 2017-11-20 15:34

request #10829: XSS in autocompleters API responses a9585a01cc

Thomas Gerbet (tgerbet) , 2017-11-20 14:52

Show items referenced by request #10829

Referenced by request #10829

Artifact Tracker v5

rel #10588 9.15

Other

Follow-ups

Yannis ROSSETTO (rossettoy)

2017-11-20 15:35

Integrated into Tuleap 9.14.99.54

Status changed from Under review to Closed
Connected artifacts
- Added Fixed in: rel #10588
Close date set to 2017-11-20

Thomas Gerbet (tgerbet)

2017-11-20 14:54

A patch is under review: gerrit #9960.

Status changed from Under implementation to Under review