Description

In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this information from Profile page afterwards.

Remediation

References

https://lists.apache.org/thread.html/608658a55d09e16542db41121a0a972c97448214cdc04071fd4db923%40%3Cdev.drill.apache.org%3E

Related Vulnerabilities

CVE-2022-1274 Vulnerability in maven package org.keycloak:keycloak-services

CVE-2010-2103 Vulnerability in maven package org.apache.axis2:axis2

CVE-2019-10325 Vulnerability in maven package io.jenkins.plugins:warnings-ng

CVE-2010-5312 Vulnerability in maven package org.webjars:jquery-ui

CVE-2020-2096 Vulnerability in maven package org.jenkins-ci.plugins:gitlab-hook

Severity

Medium

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N