Jenkins fails to sanitize input before adding it to the page

2014.01.17
Risk: Low
Local: No
Remote: Yes
CWE: N/A

Hi all, We recently received a report from Teguh P. Alko about an issue affecting Jenkins. Input was not sanitized before adding it to the page. The fix is public here since the start of 2013: https://github.com/jenkinsci/jenkins/commit/f8d2a0ba6c2e261f48287bdd95bd7a2d7a8d2d0e This could be used for copy and paste attacks, with the end result being similar to that of cross-site scripting attacks. It has been assigned CVE-2013-6488. Please credit at least "Teguh P. Alko" in any advisories. I am Cc'ing Reed to see if he knows who the other independent reporter is (from that Jira "SECURITY-46" bug in the above commit; as I understand it those bugs are not made public but I could be wrong). war/src/main/webapp/scripts/hudson-behavior.js @@ -1635,7 +1635,7 @@ function createSearchBox(searchURL) { function updatePos() { function max(a,b) { if(a>b) return a; else return b; } - sizer.innerHTML = box.value; + sizer.innerHTML = box.value.escapeHTML(); var w = max(sizer.offsetWidth,minW.offsetWidth); box.style.width = comp.style.width =

References:

https://github.com/jenkinsci/jenkins/commit/f8d2a0ba6c2e261f48287bdd95bd7a2d7a8d2d0e


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top