[jira] [Commented] (GEODE-10411) XSS vulnerabiltiy in Pulse data browser
[ https://issues.apache.org/jira/browse/GEODE-10411?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17585561#comment-17585561 ] ASF subversion and git services commented on GEODE-10411: - Commit 1e6f850be8a0884585ce7456531330464e94493a in geode's branch refs/heads/develop from Joris Melchior [ https://gitbox.apache.org/repos/asf?p=geode.git;h=1e6f850be8 ] GEODE-10411: fix XSS vulnerability in pulse (#7836) * GEODE-10411: fix XSS vulnerability in pulse - html encode data coming from Geode queries - add cookie parameters to increase browsing security * Fix spotless check errors > XSS vulnerabiltiy in Pulse data browser > --- > > Key: GEODE-10411 > URL: https://issues.apache.org/jira/browse/GEODE-10411 > Project: Geode > Issue Type: Bug > Components: pulse >Affects Versions: 1.12.9, 1.12.10, 1.14.4, 1.14.5, 1.15.0, 1.15.1, 1.16.0 >Reporter: Joris Melchior >Assignee: Joris Melchior >Priority: Major > Labels: needsTriage, pull-request-available > > # Description: > Stored XSS via data injection into Geode database, the injected > payload eventually gets executed on Pulse web application when the > admin querying data from Geode. > # PoC: > Step 1: With Geode up and running, run gfsh command to get into > interactive mode: > shell$ gfsh > Step 2: In gfsh console, execute the following command to insert a > data entry into regionA (assume that regionA is created before). Note > that the value of this data entry contains JavaScript code: > gfsh> put --region=regionA --key="test" --value="alert(1)" > Step 3: Open browser to query editor of Pulse web application at > https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2F192.168.93.153%3A7070%2Fpulse%2FdataBrowser.html&data=05%7C01%7Cbakera%40vmware.com%7Cc06e6de8d92c4519303708da54fa7d03%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C637915732081233095%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=ykaOkxe1hlaE7xl8XQNgBQz2%2Ful1QPxrUChoBkuaeyY%3D&reserved=0 > (assume that already > logged in as admin), execute the following query: > SELECT * FROM /regionA > Step 4: Data from regionA will be retrieved, the XSS payload > eventually get executed > # Why this is an issue? > Developer maybe saves user-controlled data to Geode database, users > maybe submit data via an arbitrary client application (for example, a > web application), the use of gfsh console just simplifies the PoC. > # IMPACT: > Exploiting this XSS vulnerability, an attacker can steal the admin's > session cookie, therefore take over the admin account. > # CVSS: 7.6 HIGH > (https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.first.org%2Fcvss%2Fcalculator%2F3.0%23CVSS%3A3.0%2FAV%3AN%2FAC%3AL%2FPR%3AN%2FUI%3AR%2FS%3AU%2FC%3AH%2FI%3AL%2FA%3AL&data=05%7C01%7Cbakera%40vmware.com%7Cc06e6de8d92c4519303708da54fa7d03%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C637915732081233095%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=W5dDA8kMdT1IVeUVX6mhWHhZ2HnAZbXErEB%2F0Tjs5hg%3D&reserved=0 > ) > (re-calculate if not correct) > # Fix: > The Pulse web application must URL encode data retrieved from Geode database. > # Credit: > The issue is found by Nguyen Thai Hung (@nth347), Viettel Cyber Security. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (GEODE-10412) Destry region command doesn't clear the region related expired tombstones
[
https://issues.apache.org/jira/browse/GEODE-10412?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
ASF GitHub Bot updated GEODE-10412:
---
Labels: pull-request-available (was: )
> Destry region command doesn't clear the region related expired tombstones
> -
>
> Key: GEODE-10412
> URL: https://issues.apache.org/jira/browse/GEODE-10412
> Project: Geode
> Issue Type: Bug
>Reporter: Jakov Varenina
>Assignee: Jakov Varenina
>Priority: Major
> Labels: pull-request-available
>
> Tombstones in geode are kept on two maps: expiredTombstones and tombstones
> (non-expired ones). When a region is destroyed, it must clear all the related
> expired and non-expired tombstones from memory. Due to the below code bug,
> expired tombstones aren't cleared when non-expired tombstones are available
> during the region destruction:
> {code:java}
> private boolean removeIf(Predicate predicate) {
> return removeUnexpiredIf(predicate) || removeExpiredIf(predicate);
> }
> {code}
> Because of the above, non-expired tombstones are never removed from memory,
> preventing other tombstones from being cleared. Since other tombstones never
> expire, the compaction is not done, and therefore the disk is filled, causing
> the issues.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (GEODE-10412) Destry region command doesn't clear the region related expired tombstones
[
https://issues.apache.org/jira/browse/GEODE-10412?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mario Kevo updated GEODE-10412:
---
Labels: (was: needsTriage)
> Destry region command doesn't clear the region related expired tombstones
> -
>
> Key: GEODE-10412
> URL: https://issues.apache.org/jira/browse/GEODE-10412
> Project: Geode
> Issue Type: Bug
>Reporter: Jakov Varenina
>Assignee: Jakov Varenina
>Priority: Major
>
> Tombstones in geode are kept on two maps: expiredTombstones and tombstones
> (non-expired ones). When a region is destroyed, it must clear all the related
> expired and non-expired tombstones from memory. Due to the below code bug,
> expired tombstones aren't cleared when non-expired tombstones are available
> during the region destruction:
> {code:java}
> private boolean removeIf(Predicate predicate) {
> return removeUnexpiredIf(predicate) || removeExpiredIf(predicate);
> }
> {code}
> Because of the above, non-expired tombstones are never removed from memory,
> preventing other tombstones from being cleared. Since other tombstones never
> expire, the compaction is not done, and therefore the disk is filled, causing
> the issues.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Assigned] (GEODE-10412) Destry region command doesn't clear the region related expired tombstones
[
https://issues.apache.org/jira/browse/GEODE-10412?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jakov Varenina reassigned GEODE-10412:
--
Assignee: Jakov Varenina
> Destry region command doesn't clear the region related expired tombstones
> -
>
> Key: GEODE-10412
> URL: https://issues.apache.org/jira/browse/GEODE-10412
> Project: Geode
> Issue Type: Bug
>Reporter: Jakov Varenina
>Assignee: Jakov Varenina
>Priority: Major
> Labels: needsTriage
>
> Tombstones in geode are kept on two maps: expiredTombstones and tombstones
> (non-expired ones). When a region is destroyed, it must clear all the related
> expired and non-expired tombstones from memory. Due to the below code bug,
> expired tombstones aren't cleared when non-expired tombstones are available
> during the region destruction:
> {code:java}
> private boolean removeIf(Predicate predicate) {
> return removeUnexpiredIf(predicate) || removeExpiredIf(predicate);
> }
> {code}
> Because of the above, non-expired tombstones are never removed from memory,
> preventing other tombstones from being cleared. Since other tombstones never
> expire, the compaction is not done, and therefore the disk is filled, causing
> the issues.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (GEODE-10412) Destry region command doesn't clear the region related expired tombstones
[
https://issues.apache.org/jira/browse/GEODE-10412?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jakov Varenina updated GEODE-10412:
---
Description:
Tombstones in geode are kept on two maps: expiredTombstones and tombstones
(non-expired ones). When a region is destroyed, it must clear all the related
expired and non-expired tombstones from memory. Due to the below code bug,
expired tombstones aren't cleared when non-expired tombstones are available
during the region destruction:
{code:java}
private boolean removeIf(Predicate predicate) {
return removeUnexpiredIf(predicate) || removeExpiredIf(predicate);
}
{code}
Because of the above, non-expired tombstones are never removed from memory,
preventing other tombstones from being cleared. Since other tombstones never
expire, the compaction is not done, and therefore the disk is filled, causing
the issues.
was:
Tombstones in geode are kept on two maps: expiredTombstones and tombstones
(non-expired ones). When a region is destroyed, it must clear all the related
expired and non-expired tombstones from memory. Due to the below code bug,
expired tombstones aren't cleared when non-expired tombstones are available
during the region destruction:
{code:java}
private boolean removeIf(Predicate predicate) {
return removeUnexpiredIf(predicate) || removeExpiredIf(predicate);
}
{code}
Because of the above, non-expired tombstones are never removed from memory,
preventing other tombstones from being cleared. Since other tombstones never
expire, the compaction is not done, and therefore the disk is filled, causing
the issues.
> Destry region command doesn't clear the region related expired tombstones
> -
>
> Key: GEODE-10412
> URL: https://issues.apache.org/jira/browse/GEODE-10412
> Project: Geode
> Issue Type: Bug
>Reporter: Jakov Varenina
>Priority: Major
> Labels: needsTriage
>
> Tombstones in geode are kept on two maps: expiredTombstones and tombstones
> (non-expired ones). When a region is destroyed, it must clear all the related
> expired and non-expired tombstones from memory. Due to the below code bug,
> expired tombstones aren't cleared when non-expired tombstones are available
> during the region destruction:
> {code:java}
> private boolean removeIf(Predicate predicate) {
> return removeUnexpiredIf(predicate) || removeExpiredIf(predicate);
> }
> {code}
> Because of the above, non-expired tombstones are never removed from memory,
> preventing other tombstones from being cleared. Since other tombstones never
> expire, the compaction is not done, and therefore the disk is filled, causing
> the issues.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (GEODE-10412) Destry region command doesn't clear the region related expired tombstones
[
https://issues.apache.org/jira/browse/GEODE-10412?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jakov Varenina updated GEODE-10412:
---
Description:
Tombstones in geode are kept on two maps: expiredTombstones and tombstones
(non-expired ones). When a region is destroyed, it must clear all the related
expired and non-expired tombstones from memory. Due to the below code bug,
expired tombstones aren't cleared when non-expired tombstones are available
during the region destruction:
{code:java}
private boolean removeIf(Predicate predicate) {
return removeUnexpiredIf(predicate) || removeExpiredIf(predicate);
}
{code}
Because of the above, non-expired tombstones are never removed from memory,
preventing other tombstones from being cleared. Since other tombstones never
expire, the compaction is not done, and therefore the disk is filled, causing
the issues.
was:
Tombstones in geode are kept on two maps: expiredTombstones and tombstones
(non-expired ones). When a region is destroyed, it must clear all the related
expired and non-expired tombstones from memory. Due to the below code bug,
expired tombstones aren't cleared when non-expired tombstones are available
during the region destruction:
private boolean removeIf(Predicate predicate) {
return removeUnexpiredIf(predicate) || removeExpiredIf(predicate);
}
Because of the above, non-expired tombstones are never removed from memory,
preventing other tombstones from being cleared. Since other tombstones never
expire, the compaction is not done, and therefore the disk is filled, causing
the issues.
> Destry region command doesn't clear the region related expired tombstones
> -
>
> Key: GEODE-10412
> URL: https://issues.apache.org/jira/browse/GEODE-10412
> Project: Geode
> Issue Type: Bug
>Reporter: Jakov Varenina
>Priority: Major
> Labels: needsTriage
>
> Tombstones in geode are kept on two maps: expiredTombstones and tombstones
> (non-expired ones). When a region is destroyed, it must clear all the related
> expired and non-expired tombstones from memory. Due to the below code bug,
> expired tombstones aren't cleared when non-expired tombstones are available
> during the region destruction:
>
> {code:java}
> private boolean removeIf(Predicate predicate) {
> return removeUnexpiredIf(predicate) || removeExpiredIf(predicate);
> }
> {code}
>
> Because of the above, non-expired tombstones are never removed from memory,
> preventing other tombstones from being cleared. Since other tombstones never
> expire, the compaction is not done, and therefore the disk is filled, causing
> the issues.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Created] (GEODE-10412) Destry region command doesn't clear the region related expired tombstones
Jakov Varenina created GEODE-10412:
--
Summary: Destry region command doesn't clear the region related
expired tombstones
Key: GEODE-10412
URL: https://issues.apache.org/jira/browse/GEODE-10412
Project: Geode
Issue Type: Bug
Reporter: Jakov Varenina
Tombstones in geode are kept on two maps: expiredTombstones and tombstones
(non-expired ones). When a region is destroyed, it must clear all the related
expired and non-expired tombstones from memory. Due to the below code bug,
expired tombstones aren't cleared when non-expired tombstones are available
during the region destruction:
private boolean removeIf(Predicate predicate) {
return removeUnexpiredIf(predicate) || removeExpiredIf(predicate);
}
Because of the above, non-expired tombstones are never removed from memory,
preventing other tombstones from being cleared. Since other tombstones never
expire, the compaction is not done, and therefore the disk is filled, causing
the issues.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (GEODE-10412) Destry region command doesn't clear the region related expired tombstones
[
https://issues.apache.org/jira/browse/GEODE-10412?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alexander Murmann updated GEODE-10412:
--
Labels: needsTriage (was: )
> Destry region command doesn't clear the region related expired tombstones
> -
>
> Key: GEODE-10412
> URL: https://issues.apache.org/jira/browse/GEODE-10412
> Project: Geode
> Issue Type: Bug
>Reporter: Jakov Varenina
>Priority: Major
> Labels: needsTriage
>
> Tombstones in geode are kept on two maps: expiredTombstones and tombstones
> (non-expired ones). When a region is destroyed, it must clear all the related
> expired and non-expired tombstones from memory. Due to the below code bug,
> expired tombstones aren't cleared when non-expired tombstones are available
> during the region destruction:
> private boolean removeIf(Predicate predicate) {
> return removeUnexpiredIf(predicate) || removeExpiredIf(predicate);
> }
> Because of the above, non-expired tombstones are never removed from memory,
> preventing other tombstones from being cleared. Since other tombstones never
> expire, the compaction is not done, and therefore the disk is filled, causing
> the issues.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
