Actions
Bug #15560
closed[API] Restrict endpoints and/or prompt user before giving out token
Status:
Duplicate
Priority:
Normal
Assigned To:
-
Category:
-
Target version:
-
Story points:
-
Description
The '/login' endpoint does not check that the 'return_to' parameter is recognized and authorized to accept tokens. As a result, if a user clicks on a malicious link and proceeds to log in, the token may be sent to a malicious site of the attacker's choosing, gaining full access to the user account.
Possible solutions:
- Prompt user when redirecting to an unrecognized URL (this has the drawback that non-expert users will still just click "ok")
- Whitelist endpoints: we already have the concept of "ApiClient" which is basically this, but currently isn't used to restrict sending tokens, although it slightly restricts the permission of the token itself (a token sent to an "untrusted" client can't be used to list/create other tokens, but can still do everything else).
- Associate endpoints with clusters, and whitelist which clusters that get the full-access token.
Updated by Peter Amstutz over 4 years ago
- Status changed from New to In Progress
Updated by Peter Amstutz over 4 years ago
- Status changed from In Progress to New
Updated by Tom Clegg over 4 years ago
- Status changed from New to Duplicate
- Target version deleted (
To Be Groomed)
Actions