ESA-22: XSS in the Eucalyptus Management Console

23 views
Skip to first unread message

Eucalyptus Security Team

unread,
Aug 27, 2014, 1:36:19 PM8/27/14
to security...@eucalyptus.com
ESA-22: XSS in the Eucalyptus Management Console

====================================================================
Eucalyptus Security Advisory

Advisory ID: ESA-22
Issue Date: 2014-08-13
Last Updated: 2014-08-27
Severity Level: Critical
Affected Versions: Eucalyptus Management Console 4.0.0
CVE Number: CVE-2013-4770
====================================================================

OVERVIEW
------------

An XSS vulnerability has been identified in the Eucalyptus Management Console version 4.0.0. An update is now available in 4.0.1 that resolves this issue. We recommend updating all affected Eucalyptus installations immediately.


DESCRIPTION
-------------

The Eucalyptus Management Console (EMC) is a web-based interface for using Eucalyptus and AWS-compatible services. A sandbox-bypass vulnerability has been identified in AngularJS, a web application framework that serves as an EMC dependency. This vulnerability, combined with a lack of proper output encoding in some places within the EMC, allows for XSS attacks by cloud users. The XSS vulnerability allows for execution of potentially arbitrary JavaScript code and can lead to privilege escalation or complete compromise of the cloud.

Eucalyptus would like to thank the following individuals for finding and reporting the issue:
- Jann Horn, who discovered the Sandbox-Bypass vulnerability in AngularJS
- Mario Heiderich of Cure53, who found and reported the vulnerability in the EMC
- Dennis Felsch of Ruhr-University Bochum, who set up the test-server infrastructure


SOLUTION
-------------

Eucalyptus Management Console version 4.0.1 resolves this issue. Please see http://www.eucalyptus.com/download/eucalyptus for instructions on downloading and upgrading to the latest Eucalyptus software.


CONTACT and HELP
-------------

Contact the Eucalyptus Security Team at secu...@eucalyptus.com.

signature.asc
Reply all
Reply to author
Forward
0 new messages