Project

General

Profile

Actions

Bug #15250

closed

Potential XSS in HAProxy GUI when editing frontend listener actions or backend pool ACL actions.

Added by Jim Pingle about 1 year ago. Updated about 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
haproxy
Target version:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:

Description

Both haproxy_listeners_edit.php and haproxy_pool_edit.php define a custom cell drawing function which, unlike the standard one in the package, lacks encoding for its values when they are displayed.

As a consequence, values entered into the fields for frontend listener custom actions and backend ACL actions are printed back to the user without encoding, allowing HTML values to be passed which are then interpreted by the browser.

Actions #1

Updated by Jim Pingle about 1 year ago

  • Status changed from In Progress to Feedback
  • % Done changed from 0 to 100

Fixed in https://github.com/pfsense/FreeBSD-ports/commit/953068694131b523e8906ee70b444c59c53d3eff

Fix also merged back into Plus 23.09.1, Plus 23.09, CE 2.7.2, CE 2.7.1 branches.

Actions #2

Updated by Jim Pingle about 1 year ago

  • Private changed from Yes to No

Updated packages are now available.

Actions #3

Updated by Kris Phillips about 1 year ago

Updated 0.63_3 package is available in 24.03 repos, but has not yet been merged into 23.09.1. Package 0.63_2 is still the current package available.

Actions #4

Updated by Jim Pingle about 1 year ago

  • Status changed from Feedback to Resolved

That is the latest version for 23.09.1. The version on dev snaps had already had a port revision bump for a change that wasn't backward compatible so they were bumped independently so that dev snapshots were still a higher version to ensure they would still be reinstalled on upgrade. Both branches/versions have this change included.

Actions

Also available in: Atom PDF