Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-41935

Unsanitized input into IgnitionServer from HTTP header

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Normal Normal
    • None
    • 4.14.z, 4.15.z, 4.17.z, 4.16.z, 4.18.0
    • HyperShift
    • None
    • Hypershift Sprint 259
    • 1
    • False
    • Hide

      None

      Show
      None

      Error from SNYK code:

      https://prow.ci.openshift.org/view/gs/test-platform-results/pr-logs/pull/openshift_release/56687/rehearse-56687-pull-ci-openshift-hypershift-main-security/1834567227643269120 

      ✗ [High] Cross-site Scripting (XSS) 
        Path: ignition-server/cmd/start.go, line 250 
        Info: Unsanitized input from an HTTP header flows into Write, where it is used to render an HTML page returned to the user. This may result in a Reflected Cross-Site Scripting attack (XSS).
      

              jparrill@redhat.com Juan Manuel Parrilla Madrid
              jparrill@redhat.com Juan Manuel Parrilla Madrid
              Jie Zhao Jie Zhao
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: