ESA-27: XSS in the Eucalyptus Management Console
====================================================================
Eucalyptus Security Advisory
Advisory ID: ESA-27
Issue Date: 2014-10-20
Last Updated: 2014-11-03
Severity Level: Critical
Affected Versions: Eucalyptus Management Console 4.0.1
CVE Number: CVE-2014-5039
====================================================================
OVERVIEW
------------
An XSS vulnerability has been identified in the Eucalyptus Management Console version 4.0.1. An update is now available in 4.0.2 that resolves this issue. We recommend updating all affected Eucalyptus installations immediately.
DESCRIPTION
-------------
The Eucalyptus Management Console is a web-based interface for using Eucalyptus and AWS-compatible services. A sandbox-bypass vulnerability has been identified in AngularJS v1.2.19-1.2.23, which is a dependency for EMC v4.0.1. This vulnerability allows for XSS attacks by cloud users on some pages within the EMC. The XSS vulnerability can lead to privilege escalation or a complete compromise of the cloud.
Eucalyptus would like to thank the following individuals for finding and reporting the issue:
- Mario Heiderich of Cure53, who found and reported the vulnerability in the EMC
- Dennis Felsch of Ruhr-University Bochum, who set up the test-server infrastructure
- Mathias Karlsson, who discovered the sandbox bypass vulnerability in AngularJS
SOLUTION
-------------
Eucalyptus Management Console version 4.0.2 resolves this issue. Please see
http://www.eucalyptus.com/download/eucalyptus for instructions on downloading and upgrading to the latest Eucalyptus software.
CONTACT and HELP
-------------
Contact the Eucalyptus Security Team at
secu...@eucalyptus.com.