** Also affects: nova/stein
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1927677

Title:
  [OSSA-2021-002] Open Redirect in noVNC proxy (CVE-2021-3654)

Status in OpenStack Compute (nova):
  Fix Released
Status in OpenStack Compute (nova) stein series:
  New
Status in OpenStack Compute (nova) train series:
  In Progress
Status in OpenStack Compute (nova) ussuri series:
  Fix Committed
Status in OpenStack Compute (nova) victoria series:
  Fix Committed
Status in OpenStack Compute (nova) wallaby series:
  Fix Released
Status in OpenStack Security Advisory:
  Fix Released

Bug description:
  This bug report is related to Security.

  Currently novnc is allowing open direction, which could potentially be
  used for phishing attempts

  To test.
  https://<sites' vnc domain>//example.com/%2F..
  include .. at the end

  For example:
  http://vncproxy.my.domain.com//example.com/%2F..

  It will redirect to example.com. You can replace example.com with some
  legitimate domain or spoofed domain.

  The description of the risk  is
  By modifying untrusted URL input to a malicious site, an attacker may 
successfully launch a phishing scam and steal user credentials.
  Because the server name in the modified link is identical to the original 
site, phishing attempts may have a more trustworthy appearance.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1927677/+subscriptions


-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

Reply via email to