[Openstack-security] [Bug 1625833] Re: Prevent open redirects as a result of workflow action
Jeremy Stanley
fungi at yuggoth.org
Tue Sep 27 15:33:06 UTC 2016
** Changed in: horizon
Status: New => In Progress
** Information type changed from Public Security to Public
** Tags added: security
--
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1625833
Title:
Prevent open redirects as a result of workflow action
Status in OpenStack Dashboard (Horizon):
In Progress
Status in OpenStack Security Advisory:
Won't Fix
Bug description:
For example:
/admin/flavors/create/?next=http://www.foobar.com/
If a user is tricked into clicking that link, the flavor create
workflow will be shown, but the redirect on form post will
unexpectedly take the user to another site.
Prevent this by checking that the next_url in WorkflowView.post is
same origin.
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1625833/+subscriptions
More information about the Openstack-security
mailing list