Project

General

Profile

Bug #6149

Updated by Dominic Cleal over 5 years ago

*EMBARGOED until further notice*

The host YAML view (preview of YAML data for Puppet) is vulnerable to cross-site scripting attacks, when data relating to the host (such as parameters) contains HTML content.

1. Edit a host, add a parameter with HTML as its name or value
2. View the host, click the YAML button

Back