[ https://issues.apache.org/jira/browse/DRILL-7351?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Arina Ielchiieva updated DRILL-7351: ------------------------------------ Fix Version/s: 1.17.0 > WebUI is Vulnerable to CSRF > --------------------------- > > Key: DRILL-7351 > URL: https://issues.apache.org/jira/browse/DRILL-7351 > Project: Apache Drill > Issue Type: Bug > Components: Web Server > Affects Versions: 1.16.0 > Reporter: Don Perial > Assignee: Anton Gozhiy > Priority: Major > Fix For: 1.17.0 > > Attachments: Screen Shot 2019-08-19 at 10.11.50 AM.png, > drill-csrf.html > > > There is no way to protect the WebUI from CSRF and the fact that the value > for the access-control-allow-origin header is '*' appears to confound this > issue as well. > The attached file demonstrates the vulnerability. > Steps to replicate: > # Login to an instance of the Drill WebUI. > # Edit the attached [^drill-csrf.html]. Replace DRILL_HOST with the hostname > of the Drill WebUI from step #1. > # Load the file from #2 in the same browser as #1 either new tab or same > window will do. > # Return to the Drill WebUI and click on 'Profiles'. > Observed results: > The query 'SELECT 100' appears in the list of executed queries (see: > [^Screen Shot 2019-08-19 at 10.11.50 AM.png] ). > Expected results: > It should be possible to whitelist or completely restrict code from other > domain names to submit queries to the WebUI. > Risks: > Potential for code execution by unauthorized parties. > > -- This message was sent by Atlassian Jira (v8.3.2#803003)