Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: None
Affects Version/s: None
Component/s: Console Plugin, Loki
Labels:
- bug

Blocked:
False
Ready:
False
Epic Link:
netobserv-console-plugin

Sprint:
NetObserv - Sprint 213, NetObserv - Sprint 214

SFDC Cases Links:
SFDC Cases Counter:

Description

Introducing just a double-quote " character in the filters table would cause the table to visualize a 503 error message.

In addition, its possible to inject LogQL commands as well as HTTP query parameters from the Network Traffic table.

As a vulnerability example, try to e.g. select the `Src Pod` label in the table filter and then place one of the following lines in the input text (including the quotes):

"|json|DstAddr=ip("172.0.0.0/8")|~"
"&limit=1000&foo="bar

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

NETOBSERV-133 screenshot2.png
88 kB
2022/02/04 8:05 PM
NETOBSERV-133 test note.odt
93 kB
2022/02/10 5:59 PM

Issue Links

links to

netobserv/network-observability-console-plugin#57: NETOBSERV-133: Fix logql injection from filters

Activity

People

Assignee:: Olivier Cazade

Reporter:: Mario Macias (Inactive)

QA Contact:: Jean Chen

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2022/01/07 4:56 PM

Updated:: 2022/10/26 1:24 PM

Resolved:: 2022/02/14 7:28 PM