[Openstack-security] [Bug 1625833] Re: Prevent open redirects as a result of workflow action
David Lyle
dklyle0 at gmail.com
Wed Apr 26 22:32:52 UTC 2017
I'm really having a tough time seeing the threat here. And I can see
beneficial uses of this in a case where a secondary UI may be linking to
workflows in Horizon.
--
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1625833
Title:
Prevent open redirects as a result of workflow action
Status in OpenStack Dashboard (Horizon):
In Progress
Status in OpenStack Security Advisory:
Won't Fix
Bug description:
For example:
/admin/flavors/create/?next=http://www.foobar.com/
If a user is tricked into clicking that link, the flavor create
workflow will be shown, but the redirect on form post will
unexpectedly take the user to another site.
Prevent this by checking that the next_url in WorkflowView.post is
same origin.
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1625833/+subscriptions
More information about the Openstack-security
mailing list