blob: ce05b9a8670c0540b8479bc45e455e12f862a5ea (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
---
security:
- |
A vulnerability in the console proxies (novnc, serial, spice) that allowed
open redirection has been `patched`_. The novnc, serial, and spice console
proxies are implemented as websockify servers and the request handler
inherits from the python standard SimpleHTTPRequestHandler. There is a
`known issue`_ in the SimpleHTTPRequestHandler which allows open redirects
by way of URLs in the following format::
http://vncproxy.my.domain.com//example.com/%2F..
which if visited, will redirect a user to example.com.
The novnc, serial, and spice console proxies will now reject requests that
pass a redirection URL beginning with "//" with a 400 Bad Request.
.. _patched: https://bugs.launchpad.net/nova/+bug/1927677
.. _known issue: https://bugs.python.org/issue32084
|
