Bug #2979

csrf vulnerability in sunstone

Added by Jaime Melis about 7 years ago.

Status:ClosedStart date:06/12/2014
Priority:HighDue date:
Assignee:-% Done:


Target version:Release 4.6.2
Resolution:invalid Pull request:
Affected Versions:OpenNebula 4.6


Dennis Felsch and Mario Heiderich from the Ruhr-Universit├Ąt Bochumhave reported a series of vulnerabilites that consist on Sunstone being vulnerable to malicious CSRF exploits and vulnerabilities in the core XML sanitization leading to malformed XML exploits, which allowed for DoS attacks.

This issues have been addressed in the "csrf-fix" branch and have been included in the OpenNebula 4.6.2 maintenance release

Also available in: Atom PDF