OpenStack Security Advisory

  1. Bug #1982676
  2. Comment #21

Comment 21 for bug 1982676

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to horizon (stable/wallaby)

Reviewed: https://review.opendev.org/c/openstack/horizon/+/862902
Committed: https://opendev.org/openstack/horizon/commit/beed6bf6f6f83df9972db5fb539d64175ce12ce9
Submitter: "Zuul (22348)"
Branch: stable/wallaby

commit beed6bf6f6f83df9972db5fb539d64175ce12ce9
Author: manchandavishal <email address hidden>
Date: Wed Sep 14 22:17:58 2022 +0530

    Fix success_url parameter issue for Edit Snapshot

    The "success_url" param is used when updating the project snapshot
    [1] and it lacks sanitizing the input URL that allows an attacker to
    redirect the user to another website. This patch update 'Updateview'
    class to not use the "sucess_url" method.

    Closes-bug: #1982676

    [1] https://github.com/openstack/horizon/blob/master/openstack_dashboard/dashboards/project/snapshots/views.py#L109

    Change-Id: Ied142440965b1a722e7a4dd1be3b1be3b3e1644b
    (cherry picked from commit 79d139594290779b2f74ca894332aa7f2f7e4735)