Details
-
Bug
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
None
-
None
-
NEW
-
NEW
Description
GET request to: "auth/"
Stylesheet imports in question:
```
< link href="resources/4mjgh/common/keycloak/node_modules/patternfly/dist/css/patternfly.css" rel="stylesheet">
< link href="resources/4mjgh/common/keycloak/node_modules/patternfly/dist/css/patternfly-additions.css" rel="stylesheet">
< link href="resources/4mjgh/welcome/keycloak/css/welcome.css" rel="stylesheet">
```
Threat
Relative URLs can be dangerous since browser may not determine the correct directory. If the HTML uses path-relative CSS links, it may be susceptible to path-
relative stylesheet import (PRSSI) vulnerabilities. This could allow an attacker to take advantage of CSS imports with relative URLs by overwriting their target file.
Impact
An attacker may trick browsers into importing JavaScript or HTML code as a stylesheet. This has been shown to enable a number of different attacks, including
cross-site scripting (XSS) and exfiltration of CSRF tokens.
Solution
It is recommended to remove relative URLs and use absolute URLs in CSS imports.
The following alternatives can be applied to avoid PRSSI vulnerabilities.
- Set a DOCTYPE which does not allow Quirks mode as explained at https://hsivonen.fi/doctype/
- Set response header X-Frame-Options: deny
- Set response header X-Content-Type-Options: nosniff
- Define an HTML base tag to specify base URL for all relative URLs in a document.
