Uploaded image for project: 'JBoss BPMS Platform'
  1. JBoss BPMS Platform
  2. RHBPMS-4627

CVE-2017-7463 business-central: Reflected XSS in artifact upload error message [bpms-6.4.x]

    XMLWordPrintable

Details

    • CR1
    • Hide
      • Start JBoss BPM Suite/BRMS on EAP 6.4.12+
      • Go to business central, login and then access Authoring -> Artifact Repository
      • Upload the attached inject-script-1.0.pom.xml and you should see an alert with the value 1.
      Show
      Start JBoss BPM Suite/BRMS on EAP 6.4.12+ Go to business central, login and then access Authoring -> Artifact Repository Upload the attached inject-script-1.0.pom.xml and you should see an alert with the value 1.

    Description

      When uploading a pom.xml with errors to business central using Artifact Repository, it is possible to execute malicious scripts because the error message is showed in an HTML mode, allowing scripts execution. Take for example the following script.pom.xml:

      <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <groupId>example</groupId>
  <artifactId>inject-script</artifactId>
  <version>1.0</version>
  
  <dependencies>
  	<dependency>
  		<groupId>example</groupId>
  		<artifactId>}}proj&lt;script&gt;alert(1)&lt;/script&gt;</artifactId>
  		<version>1.0</version>
  	</dependency>
  </dependencies>
</project>

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. RHPAM-173 Artifact repository upload functionality allows malicious code injection

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Activity

            People

              trikkola Toni Rikkola
              rhn-support-wsiqueir William Siqueira
              Kirill Gaevskii Kirill Gaevskii
              Kirill Gaevskii Kirill Gaevskii
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: