RethinkDB Cross-Site Scripting Vulnerability in Secondary Index Handler

A cross-site scripting (XSS) vulnerability has been identified in RethinkDB versions through 2.4.3. The issue arises in the Secondary Index Handler component, where improper handling of user input allows for the injection of malicious scripts. This vulnerability can be exploited remotely, and a public proof-of-concept is available.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, create a new secondary index in the RethinkDB web interface. After the index is created, delete it three times in a row. This action will trigger the execution of any injected JavaScript code.

Remediation

To address this vulnerability, it is recommended to implement proper output encoding and strengthen security policies. This includes HTML-encoding all data from SQL query results before displaying it on the web interface, blocking or sanitizing dangerous URI schemes like data:, javascript:, and blob:, and enhancing the Content Security Policy to disallow data: URIs in certain contexts. Additionally, raw SQL execution console output should be treated as plain text or sanitized to remove executable elements.