Akhil S Naik created AMBARI-25384:
-------------------------------------
Summary: Ambari Files View is Vulnerable to XSS attack
Key: AMBARI-25384
URL: https://issues.apache.org/jira/browse/AMBARI-25384
Project: Ambari
Issue Type: Bug
Components: ambari-views
Affects Versions: trunk, 2.6.2, 2.7.4
Reporter: Akhil S Naik
Assignee: Akhil S Naik
Attachments: Screen Shot 2019-09-24 at 6.05.19 PM.png
Problem Statement : Ambari Files view is vulnerable to XSS attack, if the
Filename of the file uploaded in HDFS contains XSS scripts.
Reproduction :
1) login to files view
2) create a file called in your local system and upload it to files view: <svg
onload= alert(document.domain)>
3) try to delete the file or edit permission of the file. the malciious XSS
script will be executed in the Browser. this is a security Issue.
Please see attached screenshot
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
