XSS Security Fixes, Small Bug Fixes and Minor Improvements
This release primarily fixes a number of XSS security issues in IXP Manager. These were discovered and responsibly disclosed by the GRNET IT Security Team and we thank them for that.
This release is a bugfix release and so there are no database schema changes.
Summary:
Release Summary
git --no-pager diff --shortstat v6.3.0 v6.3.1
78 files changed, 1390 insertions(+), 1155 deletions(-)
Upgrade Instructions
The official upgrade instructions can be found here.
The changes in this release as small improvements and bug fixes. There are no database changes or other complexities. Upgrading should be straight-forward.
Security Fixes
This release includes a fix for five XSS security bugs.
We judge four of these bugs have a CVSS score of CVSS:0.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:N. These can only be exploited by an authenticated superadmin user who would enter specifically crafted JavaScript code in specific input fields.
The final we judge as CVSS:4.6/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L as an attack exploiting this could be possible from a sufficiently sophisticated and motivated non-admin user who could find a way to inject a XSS payload into a logged database object and could then convince a superadmin to view that database change in the UI log tool. The GRNET IT Security Team have registered CVE-2023-36666 for this.
Credit to the GRNET IT Security Team for responsibly disclosing these issues.
Improvements
- Composer will install the latest OSS_SNMP library making more switches compatible with IXP Manager.
- All PHP framework and libraries used have been updated to latest versions as compatible with PHP 8.0.
- [NF] Filter by ports prewired only in patch panel management 844e16a; closes #814
missing lladdr ignoreno longer available in bird2 - removed from templates b81b89c- Route server config for bird2 now fixed to allow 32-bit asns via 493ba15)