Description

In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this information from Profile page afterwards.

Remediation

References

https://lists.apache.org/thread.html/608658a55d09e16542db41121a0a972c97448214cdc04071fd4db923%40%3Cdev.drill.apache.org%3E

Related Vulnerabilities

CVE-2021-32859 Vulnerability in maven package org.webjars.npm:github-com-baremetrics-calendar

CVE-2016-4003 Vulnerability in maven package org.apache.struts:struts2-core

CVE-2021-44585 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-base-core

CVE-2019-25075 Vulnerability in maven package io.gravitee.management:gravitee-management-api-service

CVE-2022-45387 Vulnerability in maven package org.jenkins-ci.plugins:bart

Severity

Medium

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N