The namespace edit form allows a number of arbitrary links. The URL field for these links is not properly sanitized in all cases. It allows javascript: schema links, for one example. This could be used to dump all the cookies, including the RH SSH JWT token, to external domains by means like the following:
The namespace edit form allows a number of arbitrary links. The URL field for these links is not properly sanitized in all cases. It allows
javascript:
schema links, for one example. This could be used to dump all the cookies, including the RH SSH JWT token, to external domains by means like the following: