You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While taking a quick look at the web interface, a
XSS issue has been found. It is possible to execute JavaScript
in a victims' browser after tricking the victim into
opening a specially crafted URL.
The GET variable is retrieved in file get_context.php, line 89
and placed into the variable $user['host_regex'] without
escaping. This variable is then placed into the $set_host_regex_value
variable in file header.php, line 494 and printed at line 518.
Temporary Workaround and Fix
Apply the following patch to properly encode the variable:
Sorry for reporting this so late, there were some health issues and a vacation in the way.
=== Security Advisory ===
Ganglia-Web 3.5.10 - XSS
Affected Version
At least ganglia-web-3.5.8 and ganglia-web-3.5.10
Problem Overview
Technical Risk: medium
Likelihood of Exploitation: medium
Vendor: Open Source / Debian
Reported by: Eric Sesterhenn snakebyte@gmx.de
Advisory updates: http://www.rusty-ice.de/advisory/advisory_2013002.txt
Advisory Status: Private
Problem Impact
While taking a quick look at the web interface, a
XSS issue has been found. It is possible to execute JavaScript
in a victims' browser after tricking the victim into
opening a specially crafted URL.
Problem Description
The following URL opens a JavaScript popup in the users'
browser:
http://localhost/ganglia-web-3.5.8/?r=custom&cs=1&ce=1&s=by+name&c=1&h=&host_regex=%27%3E%3Cscript%3Ealert%281%29%3C/script%3E&max_graphs=0&tab=m&vn=&hide-hf=false&sh=1&z=small&hc=0
The GET variable is retrieved in file get_context.php, line 89
and placed into the variable $user['host_regex'] without
escaping. This variable is then placed into the $set_host_regex_value
variable in file header.php, line 494 and printed at line 518.
Temporary Workaround and Fix
Apply the following patch to properly encode the variable:
--- header.php.old 2013-09-30 21:07:26.272287657 +0200
+++ header.php 2013-09-30 21:09:42.226281990 +0200
@@ -491,7 +491,7 @@ $data->assign("custom_time", $custom_tim
/////////////////////////////////////////////////////////////////////////
if ( $context == "cluster" ) {
if ( isset($user['host_regex']) && $user['host_regex'] != "" )
else
$set_host_regex_value="";
History
30.09.2013 - Issue detected
22.11.2013 - Verified with 3.5.10
The text was updated successfully, but these errors were encountered: