Description

In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this information from Profile page afterwards.

Remediation

References

https://lists.apache.org/thread.html/608658a55d09e16542db41121a0a972c97448214cdc04071fd4db923%40%3Cdev.drill.apache.org%3E

Related Vulnerabilities

CVE-2016-6810 Vulnerability in maven package org.apache.activemq:activemq-web-console

CVE-2020-2190 Vulnerability in maven package org.jenkins-ci.plugins:script-security

CVE-2019-1003042 Vulnerability in maven package org.6wind.jenkins:lockable-resources

CVE-2021-30109 Vulnerability in npm package froala-editor

CVE-2020-2137 Vulnerability in maven package org.jenkins-ci.plugins:timestamper

Severity

Medium

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N