Closed Bug 772058 Opened 12 years ago Closed 12 years ago

Security issue: Bugzilla attachments can contain malicious meta redirects

Categories

(Bugzilla :: Attachments & Requests, defect)

Product:
Bugzilla
Component:
Attachments & Requests
Version:
2.10
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 256348

People

(Reporter: eusebiu.blindu, Unassigned)

References

(
URL
)

Details

User Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11

Steps to reproduce:

Upload a file with a malicious meta redirect


Actual results:

Viewing the attachment
https://landfill.bugzilla.org/bugzilla-4.2-branch/show_bug.cgi?id=17158

is sending me to a bad (offensive) website

This could be used by hackers to create malicious redirects


Expected results:

Viewing the attachment should not have redirected the page
The exact malicious url is this one

https://landfill.bugzilla.org/bugzilla-4.2-branch/attachment.cgi?id=2320
Group: bugzilla-security
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.