[Openstack-security] [Bug 1625833] Change abandoned on horizon (master)
OpenStack Infra
1625833 at bugs.launchpad.net
Thu Sep 6 08:11:46 UTC 2018
Change abandoned by Ivan Kolodyazhny (e0ne at e0ne.info) on branch: master
Review: https://review.openstack.org/373540
Reason: This review is > 4 months without comment, and failed Jenkins the last time it was checked. We are abandoning this for now. Feel free to reactivate the review by pressing the restore button and leaving a 'recheck' comment to get fresh test results.
--
You received this bug notification because you are a member of OpenStack
Security SIG, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1625833
Title:
Prevent open redirects as a result of workflow action
Status in OpenStack Dashboard (Horizon):
Opinion
Status in OpenStack Security Advisory:
Won't Fix
Bug description:
For example:
/admin/flavors/create/?next=http://www.foobar.com/
If a user is tricked into clicking that link, the flavor create
workflow will be shown, but the redirect on form post will
unexpectedly take the user to another site.
Prevent this by checking that the next_url in WorkflowView.post is
same origin.
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1625833/+subscriptions
More information about the Openstack-security
mailing list