Description

In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this information from Profile page afterwards.

Remediation

References

https://lists.apache.org/thread.html/608658a55d09e16542db41121a0a972c97448214cdc04071fd4db923%40%3Cdev.drill.apache.org%3E

Related Vulnerabilities

CVE-2020-7656 Vulnerability in maven package org.webjars.bowergithub.jquery:jquery

CVE-2022-4137 Vulnerability in maven package org.keycloak:keycloak-services

CVE-2018-14041 Vulnerability in maven package org.webjars.bower:bootstrap

CVE-2019-10349 Vulnerability in maven package org.jenkins-ci.plugins:depgraph-view

CVE-2019-5422 Vulnerability in npm package buttle

Severity

Medium

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N