Source: horizon Version: 3:23.0.0-5 Severity: important Tags: patch As reported in launchpad:
https://bugs.launchpad.net/horizon/+bug/1982676 The "success_url" param is used when updating the project snapshot and it lacks sanitizing the input URL that allows an attacker to redirect the user to another website. For instance, the URL below will redirect you to https://hacker.com: https://xxx.com/project/snapshots/a54c1d97-d354-4171-9602-52fdf0949e83/update/?success_url=https://hacker.com Impact: The attacker can trick redirect users to the cloned website to steal information, a so-called Phishing Attack. Patches available here: https://review.opendev.org/q/Ied142440965b1a722e7a4dd1be3b1be3b3e1644b
