I've switched the security advisory task back to incomplete for now,
while the vulnerability managers debate whether this requires errata
publication or a completely new advisory.
** Changed in: ossa
Status: Fix Released => Incomplete
** Changed in: ossa
Importance: Medium => Undecided
** Changed in: ossa
Assignee: Jeremy Stanley (fungi) => (unassigned)
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1927677
Title:
[OSSA-2021-002] Open Redirect in noVNC proxy (CVE-2021-3654)
Status in OpenStack Compute (nova):
Fix Released
Status in OpenStack Compute (nova) stein series:
Confirmed
Status in OpenStack Compute (nova) train series:
Confirmed
Status in OpenStack Compute (nova) ussuri series:
Confirmed
Status in OpenStack Compute (nova) victoria series:
Confirmed
Status in OpenStack Compute (nova) wallaby series:
Confirmed
Status in OpenStack Security Advisory:
Incomplete
Bug description:
This bug report is related to Security.
Currently novnc is allowing open direction, which could potentially be
used for phishing attempts
To test.
https://<sites' vnc domain>//example.com/%2F..
include .. at the end
For example:
http://vncproxy.my.domain.com//example.com/%2F..
It will redirect to example.com. You can replace example.com with some
legitimate domain or spoofed domain.
The description of the risk is
By modifying untrusted URL input to a malicious site, an attacker may
successfully launch a phishing scam and steal user credentials.
Because the server name in the modified link is identical to the original
site, phishing attempts may have a more trustworthy appearance.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1927677/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
