[
https://issues.apache.org/jira/browse/DRILL-7351?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Arina Ielchiieva updated DRILL-7351:
------------------------------------
Labels: ready-to-commit (was: )
> WebUI is Vulnerable to CSRF
> ---------------------------
>
> Key: DRILL-7351
> URL: https://issues.apache.org/jira/browse/DRILL-7351
> Project: Apache Drill
> Issue Type: Bug
> Components: Web Server
> Affects Versions: 1.16.0
> Reporter: Don Perial
> Assignee: Anton Gozhiy
> Priority: Major
> Labels: ready-to-commit
> Fix For: 1.17.0
>
> Attachments: Screen Shot 2019-08-19 at 10.11.50 AM.png,
> drill-csrf.html
>
>
> There is no way to protect the WebUI from CSRF and the fact that the value
> for the access-control-allow-origin header is '*' appears to confound this
> issue as well.
> The attached file demonstrates the vulnerability.
> Steps to replicate:
> # Login to an instance of the Drill WebUI.
> # Edit the attached [^drill-csrf.html]. Replace DRILL_HOST with the hostname
> of the Drill WebUI from step #1.
> # Load the file from #2 in the same browser as #1 either new tab or same
> window will do.
> # Return to the Drill WebUI and click on 'Profiles'.
> Observed results:
> The query 'SELECT 100' appears in the list of executed queries (see:
> [^Screen Shot 2019-08-19 at 10.11.50 AM.png] ).
> Expected results:
> It should be possible to whitelist or completely restrict code from other
> domain names to submit queries to the WebUI.
> Risks:
> Potential for code execution by unauthorized parties.
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
