All the vulnerabilites related to openstack - horizon
Vulnerability from fkie_nvd
Published
2020-12-04 08:15
Modified
2024-11-21 05:24
Severity ?
Summary
An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provided malicious URL.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73CBE2A7-7561-403A-BA84-D72179C49B63",
"versionEndExcluding": "15.3.2",
"versionStartIncluding": "15.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A14EB5AB-402A-4485-A46A-1689E6F16AB2",
"versionEndExcluding": "16.2.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B65C2BD-8285-45AE-9C73-35749668B047",
"versionEndExcluding": "18.3.3",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08C9AD76-3326-499F-B860-D22EC858FD52",
"versionEndIncluding": "18.5.0",
"versionStartIncluding": "18.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the \"next\" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provided malicious URL."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en OpenStack Horizon versiones 15.3.2, versiones 16.x anteriores a 16.2.1, versiones 17.x y versiones 18.x anteriores a 18.3.3, versiones 18.4.x y 18.5.x.\u0026#xa0;Se presenta una falta de comprobaci\u00f3n del par\u00e1metro \"next\", lo que permitir\u00eda a alguien proporcionar una URL maliciosa en Horizon que puede causar un redireccionamiento autom\u00e1tico a la URL maliciosa proporcionada"
}
],
"id": "CVE-2020-29565",
"lastModified": "2024-11-21T05:24:12.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-04T08:15:11.143",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/08/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1865026"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://review.opendev.org/c/openstack/horizon/+/758841/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://review.opendev.org/c/openstack/horizon/+/758843/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://security.openstack.org/ossa/OSSA-2020-008.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4820"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/08/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1865026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://review.opendev.org/c/openstack/horizon/+/758841/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://review.opendev.org/c/openstack/horizon/+/758843/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://security.openstack.org/ossa/OSSA-2020-008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4820"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-31 15:55
Modified
2024-11-21 02:19
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-3475.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2014/07/08/6 | Mailing List, Patch | |
| cve@mitre.org | http://www.securityfocus.com/bid/68456 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://bugs.launchpad.net/horizon/+bug/1320235 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2014/07/08/6 | Mailing List, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/68456 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/horizon/+bug/1320235 | Issue Tracking, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AF1648D-62B1-4F76-8A20-2018978EE155",
"versionEndExcluding": "2013.2.4",
"versionStartIncluding": "2013.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9660BD9-614A-416E-BF0C-F254DD95B6C0",
"versionEndExcluding": "2014.1.2",
"versionStartIncluding": "2014.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:juno-1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A3DF8E5-464D-46CC-B96C-B7CD91298C42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B9CF774-FFAA-45D0-B212-DEF4C6BE7A85",
"versionEndIncluding": "juno-1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-3475."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en el panel Groups en OpenStack Dashboard (Horizon) anterior a 2013.2.4, 2014.1 anterior a 2014.1.2, y Juno anterior a Juno-2 permite a administradores remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una direcci\u00f3n de email de un usuarios, una vulnerabilidad diferente a CVE-2014-3475."
}
],
"id": "CVE-2014-8578",
"lastModified": "2024-11-21T02:19:22.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-10-31T15:55:04.337",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/08/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68456"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1320235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/08/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1320235"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-31 15:55
Modified
2024-11-21 02:08
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2, when used with Heat, allows remote Orchestration template owners or catalogs to inject arbitrary web script or HTML via a crafted template.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2014/07/08/6 | Mailing List, Patch | |
| secalert@redhat.com | http://www.securityfocus.com/bid/68459 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://bugs.launchpad.net/horizon/+bug/1308727 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2014/07/08/6 | Mailing List, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/68459 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/horizon/+bug/1308727 | Issue Tracking, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AF1648D-62B1-4F76-8A20-2018978EE155",
"versionEndExcluding": "2013.2.4",
"versionStartIncluding": "2013.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9660BD9-614A-416E-BF0C-F254DD95B6C0",
"versionEndExcluding": "2014.1.2",
"versionStartIncluding": "2014.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:juno-1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A3DF8E5-464D-46CC-B96C-B7CD91298C42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2, when used with Heat, allows remote Orchestration template owners or catalogs to inject arbitrary web script or HTML via a crafted template."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la secci\u00f3n Orchestration/Stack en el cuadro de mandos Horizon Orchestration en OpenStack Dashboard (Horizon) anterior a 2013.2.4, 2014.1 anterior a 2014.1.2, y Juno anterior a Juno-2, cuando utilizado con Heat, permite a due\u00f1os o cat\u00e1logos de plantillas Orchestration inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una plantilla manipulada."
}
],
"id": "CVE-2014-3473",
"lastModified": "2024-11-21T02:08:10.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-31T15:55:03.743",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/08/6"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68459"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1308727"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/08/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1308727"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-03 14:59
Modified
2024-11-21 03:31
Severity ?
Summary
OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openstack | horizon | 9.0.0 | |
| openstack | horizon | 9.0.0 | |
| openstack | horizon | 9.0.0 | |
| openstack | horizon | 9.0.0 | |
| openstack | horizon | 9.0.0 | |
| openstack | horizon | 9.0.0 | |
| openstack | horizon | 9.0.1 | |
| openstack | horizon | 9.1.0 | |
| openstack | horizon | 9.1.1 | |
| openstack | horizon | 10.0.0 | |
| openstack | horizon | 10.0.0 | |
| openstack | horizon | 10.0.0 | |
| openstack | horizon | 10.0.0 | |
| openstack | horizon | 10.0.0 | |
| openstack | horizon | 10.0.0 | |
| openstack | horizon | 10.0.0 | |
| openstack | horizon | 10.0.1 | |
| openstack | horizon | 10.0.2 | |
| openstack | horizon | 11.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:horizon:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A4F67B5-5856-4D19-87C5-BE69829D44C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:9.0.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "96C77F76-2C3F-4901-9C2F-E701ABB4D3A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:9.0.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "7A1AFF40-ED11-4C9E-8C17-78C0569145ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:9.0.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "41ECAF99-BA35-4B46-A307-F9E86A8674A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:9.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "76B0BAD7-980F-4F27-BE31-DD2029F83D9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:9.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4D9EC72C-6608-4F29-B910-2B4C766A1F0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "583BDBA0-7B0B-4B9B-89B8-DE63C6104D56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ED8DF61B-8B37-444A-9285-6584A99FAA89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:9.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18E64BFC-A3C7-4726-95E1-0287DA436432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B25B3CE-D980-46CE-B322-534E2163F18F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:10.0.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "331A89F0-E511-4960-A95A-075A6CB62EBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:10.0.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "F7792D86-9841-4069-B6B0-74AA4907F1DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:10.0.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "508B31E5-9356-4AF8-9292-02D34F9C46F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:10.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D0313866-F422-43AB-A279-856E7CEAEC67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:10.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "460EB309-8D97-45CE-B3B9-C490518A7741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:10.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "B20B5BDA-8B1C-4A1C-95CF-BC9CDFBA6910",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BEBDB8-402D-44CA-A9A6-EE360BD0FB94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:10.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD40295F-72D3-42CE-9F1B-FE3FC5CF52AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7187E4A2-1780-48AF-AAE9-2E1B48B2B50C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping."
},
{
"lang": "es",
"value": "OpenStack Horizon 9.x a trav\u00e9s de 9.1.1, 10.x en versiones hasta 10.0.2 y 11.0.0 permite a los administradores autenticados remotos realizar ataques XSS a trav\u00e9s de una asignaci\u00f3n de federaci\u00f3n manipulada."
}
],
"id": "CVE-2017-7400",
"lastModified": "2024-11-21T03:31:49.143",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-03T14:59:00.167",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97324"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2017:1598"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2017:1739"
},
{
"source": "cve@mitre.org",
"url": "https://launchpad.net/bugs/1667086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:1598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:1739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://launchpad.net/bugs/1667086"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-05 22:55
Modified
2024-11-21 01:38
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:horizon:2012.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC7F2DB-92EA-4074-8882-367721CC1705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:folsom-1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E72EACB-1FA6-4F1D-A3C8-D255C705AAAD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en el mecanismo de actualizaci\u00f3n del visor de registro en horizon/static/horizon/js/horizon.js en OpenStack Dashboard (Horizon) Folsom-1 y v2012.1 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de la consola de invitado."
}
],
"id": "CVE-2012-2094",
"lastModified": "2024-11-21T01:38:28.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-06-05T22:55:11.153",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079160.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49024"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49071"
},
{
"source": "secalert@redhat.com",
"url": "http://ubuntu.com/usn/usn-1439-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/81742"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/horizon/+bug/977944"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76136"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/openstack/horizon/commit/7f8c788aa70db98ac904f37fa4197fcabb802942"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.launchpad.net/openstack/msg10211.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079160.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ubuntu.com/usn/usn-1439-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/81742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/horizon/+bug/977944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/openstack/horizon/commit/7f8c788aa70db98ac904f37fa4197fcabb802942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.launchpad.net/openstack/msg10211.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-12 15:59
Modified
2024-11-21 02:18
Severity ?
Summary
OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service via a large number of requests to the login page.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92305AB5-154F-4FBC-8A82-B37F6EBFAED3",
"versionEndExcluding": "2014.1.3",
"versionStartIncluding": "2014.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CC8F36E-4E93-4FA7-BA05-52D25BE3A38E",
"versionEndExcluding": "2014.2.1",
"versionStartIncluding": "2014.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1C288F-326B-497B-B26C-D26E01262DDB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service via a large number of requests to the login page."
},
{
"lang": "es",
"value": "OpenStack Dashboard (Horizon) anterior a 2014.1.3 y 2014.2.x anterior a 2014.2.1 no maneja correctamente los archivos de sesiones cuando utiliza un motor de sesi\u00f3n db o memcached, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio a trav\u00e9s de un n\u00famero grande de solicitudes en la p\u00e1gina de inicio de sesi\u00f3n."
}
],
"id": "CVE-2014-8124",
"lastModified": "2024-11-21T02:18:36.417",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-12T15:59:09.557",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147520.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.openstack.org/pipermail/openstack-announce/2014-December/000308.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0839.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0845.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61186"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1394370"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147520.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.openstack.org/pipermail/openstack-announce/2014-December/000308.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0839.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0845.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/61186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1394370"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-05 23:55
Modified
2024-11-21 01:41
Severity ?
Summary
Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by mistake.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:horizon:2012.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC7F2DB-92EA-4074-8882-367721CC1705",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by mistake."
},
{
"lang": "es",
"value": "Una vulnerabilidad de redireci\u00f3n abierta en views/auth_forms.py en OpenStack Dashboard (Horizon) Essex (2012.1) permite a atacantes remotos redirigir a los usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing a trav\u00e9s de una URL en el par\u00e1metro siguiente a auth/login/. NOTA: este problema se le asign\u00f3 originalmente CVE-2012-3542 por error"
}
],
"id": "CVE-2012-3540",
"lastModified": "2024-11-21T01:41:05.647",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-09-05T23:55:02.460",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50480"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/08/30/4"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/08/30/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/55329"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1565-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/horizon/+bug/1039077"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78196"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/openstack/horizon/commit/35eada8a27323c0f83c400177797927aba6bc99b"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.launchpad.net/openstack/msg16278.html"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.launchpad.net/openstack/msg16281.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50480"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/08/30/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/08/30/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1565-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/horizon/+bug/1039077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/openstack/horizon/commit/35eada8a27323c0f83c400177797927aba6bc99b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.launchpad.net/openstack/msg16278.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.launchpad.net/openstack/msg16281.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-31 15:55
Modified
2024-11-21 02:08
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to inject arbitrary web script or HTML via a network name.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AF1648D-62B1-4F76-8A20-2018978EE155",
"versionEndExcluding": "2013.2.4",
"versionStartIncluding": "2013.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9660BD9-614A-416E-BF0C-F254DD95B6C0",
"versionEndExcluding": "2014.1.2",
"versionStartIncluding": "2014.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:juno-1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A3DF8E5-464D-46CC-B96C-B7CD91298C42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to inject arbitrary web script or HTML via a network name."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en horizon/static/horizon/js/horizon.instances.js en el men\u00fa Launch Instance en OpenStack Dashboard (Horizon) anterior a 2013.2.4, 2014.1 anterior a 2014.1.2, y Juno anterior a Juno-2 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un nombre de red."
}
],
"id": "CVE-2014-3474",
"lastModified": "2024-11-21T02:08:11.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-31T15:55:04.227",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/08/6"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68460"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1322197"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://review.openstack.org/#/c/105477"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/08/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1322197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://review.openstack.org/#/c/105477"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-23 17:55
Modified
2024-11-21 01:59
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topology" page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openstack | horizon | * | |
| opensuse | opensuse | 13.1 | |
| canonical | ubuntu_linux | 12.10 | |
| canonical | ubuntu_linux | 13.04 | |
| canonical | ubuntu_linux | 13.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "801F21B7-CE52-41D3-9A7C-F4BCA5B114C9",
"versionEndIncluding": "2013.2",
"versionStartIncluding": "2013.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*",
"matchCriteriaId": "EFAA48D9-BEB4-4E49-AD50-325C262D46D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) \"Volumes\" or (2) \"Network Topology\" page."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en OpenStack Dashboard (Horizon) 2013.2 y anteriores versiones permiten a usuarios locales inyectar script web o HTML arbitrario a trav\u00e9s de un nombre de instancia en (1) \"Volumes\" o (2) \"Network Topology\"."
}
],
"id": "CVE-2013-6858",
"lastModified": "2024-11-21T01:59:49.603",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-11-23T17:55:03.557",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/55770"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/56117"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/63787"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2062-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1247675"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/55770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/56117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/63787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2062-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1247675"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-08-20 20:59
Modified
2024-11-21 02:28
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:horizon:2014.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84CFBFFA-AFD0-4734-87DE-49750BF73CDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:2014.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "779D1F72-063B-4971-8941-A275000F37E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:2014.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "309BE103-2695-452E-BA22-63D0D3A64840",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:2014.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4DBBD189-70DE-495C-8CFA-CC76A17B7813",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:2015.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70952F8E-7283-42B0-861D-30B62BB0D115",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1C288F-326B-497B-B26C-D26E01262DDB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la secci\u00f3n Orchestration/Stack en OpenStack Dashboard (Horizon) 2014.2 en versiones anteriores a 2014.2.4 y 2015.1.x en versiones anteriores a 2015.1.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de la descripci\u00f3n de par\u00e1metros en una plantilla heat, la cual no se maneja correctamente en el atributo help_text en la clase Field."
}
],
"id": "CVE-2015-3219",
"lastModified": "2024-11-21T02:28:55.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-08-20T20:59:00.117",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.openstack.org/pipermail/openstack-announce/2015-June/000361.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1679.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3617"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/09/7"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/75109"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1453074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.openstack.org/pipermail/openstack-announce/2015-June/000361.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1679.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/09/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/75109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1453074"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-05 23:55
Modified
2024-11-21 01:41
Severity ?
Summary
OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:folsom-3:*:*:*:*:*:*:*",
"matchCriteriaId": "95F66BD8-E885-4C11-B41D-8D3004BF106D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user\u0027s default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540."
},
{
"lang": "es",
"value": "OpenStack Keystone, tal como se utiliza en OpenStack Folsom Folsom antes-rc1 y OpenStack Essex (2012.1), permite a atacantes remotos a\u00f1adir un usuario arbitrario a trav\u00e9s de una solicitud para actualizar el usuario por defecto para la API de administraci\u00f3n. NOTA: este identificador originalmente fue incorrectamente asignado a otro problema, pero el identificador correcto es CVE-2012-3540."
}
],
"id": "CVE-2012-3542",
"lastModified": "2024-11-21T01:41:05.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-05T23:55:02.523",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50467"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50494"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/08/30/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/55326"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1552-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/keystone/+bug/1040626"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/openstack/keystone/commit/5438d3b5a219d7c8fa67e66e538d325a61617155"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/openstack/keystone/commit/c13d0ba606f7b2bdc609a7f388334e5efec3f3aa"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.launchpad.net/openstack/msg16282.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/08/30/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1552-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/keystone/+bug/1040626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/openstack/keystone/commit/5438d3b5a219d7c8fa67e66e538d325a61617155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/openstack/keystone/commit/c13d0ba606f7b2bdc609a7f388334e5efec3f3aa"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.launchpad.net/openstack/msg16282.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-05 22:55
Modified
2024-11-21 01:38
Severity ?
Summary
Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:horizon:2012.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC7F2DB-92EA-4074-8882-367721CC1705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:folsom-1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E72EACB-1FA6-4F1D-A3C8-D255C705AAAD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie."
},
{
"lang": "es",
"value": "Vulnerabilidad de fijaci\u00f3n de sesi\u00f3n en OpenStack Dashboard (Horizon) Folsom-1 y v2012.1 permite a atacantes remotos secuestrar sesiones web a trav\u00e9s de la cookie SessionID."
}
],
"id": "CVE-2012-2144",
"lastModified": "2024-11-21T01:38:35.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-06-05T22:55:11.233",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081173.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49024"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49071"
},
{
"source": "secalert@redhat.com",
"url": "http://ubuntu.com/usn/usn-1439-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/05/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/81741"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/53399"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/horizon/+bug/978896"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75423"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/openstack/horizon/commit/041b1c44c7d6cf5429505067c32f8f35166a8bab"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081173.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ubuntu.com/usn/usn-1439-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/05/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/81741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/horizon/+bug/978896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/openstack/horizon/commit/041b1c44c7d6cf5429505067c32f8f35166a8bab"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-15 14:55
Modified
2024-11-21 02:01
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to inject arbitrary web script or HTML via the description field of a Heat template.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:horizon:2013.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0483AAA-083F-43EB-A5C7-88906B4C5280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:2013.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82D6AC4D-B5EA-469D-8694-963329FA1D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:2013.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "154DE353-D067-411F-990B-1ECAAE60B06E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:2013.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8A20528E-C9E3-4CA0-8AF9-AF807772EE98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to inject arbitrary web script or HTML via the description field of a Heat template."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en el dashboard de Horizon Orchestration en OpenStack Dashboard (tambi\u00e9n conocido como Horizon) 2013.2 anterior a 2013.2.4i y icehouse before icehouse-rc2 permite a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s del campo descripci\u00f3n de una plantilla Heat."
}
],
"id": "CVE-2014-0157",
"lastModified": "2024-11-21T02:01:29.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-15T14:55:04.187",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2014/04/08/8"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/66706"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://launchpad.net/bugs/1289033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2014/04/08/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/66706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://launchpad.net/bugs/1289033"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-07-12 19:59
Modified
2024-11-21 02:52
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1AEAD3CD-47C1-4450-8C85-BFE200CCD7D3",
"versionEndIncluding": "8.0.1",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A4F67B5-5856-4D19-87C5-BE69829D44C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "583BDBA0-7B0B-4B9B-89B8-DE63C6104D56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "31EC146C-A6F6-4C0D-AF87-685286262DAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9DAA72A4-AC7D-4544-89D4-5B07961D5A95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B8C725-34CF-4340-BE7B-37E58CF706D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B152EDF3-3140-4343-802F-F4F1C329F5C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en OpenStack Dashboard (Horizon) 8.0.1 y versiones anteriores y 9.0.0 hasta la versi\u00f3n 9.0.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrario inyectando una plantilla AngularJS en un formulario del cuadro de mandos."
}
],
"id": "CVE-2016-4428",
"lastModified": "2024-11-21T02:52:08.957",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-07-12T19:59:03.257",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3617"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/17/4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1268"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1269"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1270"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1271"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1272"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1567673"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://review.openstack.org/329996"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://review.openstack.org/329997"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://review.openstack.org/329998"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://security.openstack.org/ossa/OSSA-2016-010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/17/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1567673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://review.openstack.org/329996"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://review.openstack.org/329997"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://review.openstack.org/329998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://security.openstack.org/ossa/OSSA-2016-010.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-31 15:55
Modified
2024-11-21 02:08
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-8578.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2014/07/08/6 | Mailing List, Patch | |
| secalert@redhat.com | http://www.securityfocus.com/bid/68456 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://bugs.launchpad.net/horizon/+bug/1320235 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2014/07/08/6 | Mailing List, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/68456 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/horizon/+bug/1320235 | Issue Tracking, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AF1648D-62B1-4F76-8A20-2018978EE155",
"versionEndExcluding": "2013.2.4",
"versionStartIncluding": "2013.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9660BD9-614A-416E-BF0C-F254DD95B6C0",
"versionEndExcluding": "2014.1.2",
"versionStartIncluding": "2014.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:juno-1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A3DF8E5-464D-46CC-B96C-B7CD91298C42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-8578."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en el panel de usuarios (admin/users/) en OpenStack Dashboard (Horizon) anterior a 2013.2.4, 2014.1 anterior a 2014.1.2, y Juno anterior a Juno-2 permite a administradores remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una direcci\u00f3n de email de un usuario, una vulnerabilidad diferente a CVE-2014-8578."
}
],
"id": "CVE-2014-3475",
"lastModified": "2024-11-21T02:08:11.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-31T15:55:04.290",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/08/6"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68456"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1320235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/08/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1320235"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-22 19:16
Modified
2024-11-21 07:29
Severity ?
Summary
Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9DB83B-F156-40BE-BB31-C7CFA9ECA922",
"versionEndIncluding": "20.1.4",
"versionStartIncluding": "19.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter."
}
],
"id": "CVE-2022-45582",
"lastModified": "2024-11-21T07:29:27.527",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-22T19:16:30.107",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1982676"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/openstack/horizon/blob/master/horizon/workflows/views.py#L96-L102"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00033.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1982676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/openstack/horizon/blob/master/horizon/workflows/views.py#L96-L102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00000.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-07-31 10:45
Modified
2024-11-21 01:40
Severity ?
Summary
OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:essex:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F50B9DA6-B071-4B48-A486-54CB3E64AE58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:folsom-1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E72EACB-1FA6-4F1D-A3C8-D255C705AAAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:keystone:2012.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8DACEFF0-BA6A-4184-A1AB-397438034AF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:keystone:2012.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5BD2FC1-7C36-4532-813A-DED5F0BD1FFF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password."
},
{
"lang": "es",
"value": "OpenStack Keystone antes de v2012.1.1, como se usa en OpenStack Folsom antes de Folsom-1 y OpenStack Essex, no implementan apropiadamente la expiraci\u00f3n de los token, lo que permite a usuarios autenticados remotamente evitar restricciones de acceso (1) creando nuevos token a trav\u00e9s de la cadena de token, (2) aprovechando la posesi\u00f3n de un token de una cuenta de usuario deshabilitada o (3) aprovechando la posesi\u00f3n de un token de una cuenta con una contrase\u00f1a cambiada"
}
],
"id": "CVE-2012-3426",
"lastModified": "2024-11-21T01:40:51.183",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-07-31T10:45:42.670",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626"
},
{
"source": "secalert@redhat.com",
"url": "http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d"
},
{
"source": "secalert@redhat.com",
"url": "http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/50045"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/50494"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/27/4"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1552-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/keystone/+bug/996595"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/keystone/+bug/997194"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/keystone/+bug/998185"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/27/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1552-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/keystone/+bug/996595"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/keystone/+bug/997194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/keystone/+bug/998185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-30 20:15
Modified
2024-11-21 01:44
Severity ?
Summary
The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092841.html | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/security/cve/cve-2012-5474 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5474 | Exploit, Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://security-tracker.debian.org/tracker/CVE-2012-5474 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092841.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/cve-2012-5474 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5474 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2012-5474 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | openstack | 2.0 | |
| openstack | horizon | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 18 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openstack:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37D6E384-E455-40CF-B644-9EEFF2294CC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6776CA5F-D924-4BBD-983D-C1EAF6931079",
"versionEndExcluding": "2012.1.1",
"versionStartIncluding": "2012.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*",
"matchCriteriaId": "E14271AE-1309-48F3-B9C6-D7DEEC488279",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value."
},
{
"lang": "es",
"value": "El archivo /etc/openstack-dashboard/local_settings dentro de Red Hat OpenStack Platform versi\u00f3n 2.0 y RHOS Essex Release (paquete python-django-horizon versiones anteriores a la versi\u00f3n 2012.1.1) es de tipo world readable y expone el valor de la clave secreta."
}
],
"id": "CVE-2012-5474",
"lastModified": "2024-11-21T01:44:43.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-30T20:15:11.137",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092841.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2012-5474"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5474"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-5474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092841.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2012-5474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-5474"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-311"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-05-19 18:59
Modified
2024-11-21 02:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance image, (2) Nova flavor or (3) Host Aggregate.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:horizon:2015.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70952F8E-7283-42B0-861D-30B62BB0D115",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1C288F-326B-497B-B26C-D26E01262DDB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance image, (2) Nova flavor or (3) Host Aggregate."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en OpenStack Dashboard (Horizon) 2015.1.0 permiten a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de los metadatos en (1) una imagen Glance, (2) un sabor Nova o (3) Host Aggregate."
}
],
"id": "CVE-2015-3988",
"lastModified": "2024-11-21T02:30:12.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-05-19T18:59:08.510",
"references": [
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1679.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/05/12/9"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/05/14/14"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/74666"
},
{
"source": "cve@mitre.org",
"url": "https://security.openstack.org/ossa/OSSA-2015-009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1679.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/05/12/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2015/05/14/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/74666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.openstack.org/ossa/OSSA-2015-009.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-30 20:15
Modified
2024-11-21 01:44
Severity ?
Summary
Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/cve-2012-5476 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5476 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://security-tracker.debian.org/tracker/CVE-2012-5476 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/cve-2012-5476 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5476 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2012-5476 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openstack | horizon | 2012.2 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:horizon:2012.2:*:*:*:*:*:*:*",
"matchCriteriaId": "60C013E6-E148-4452-BCEB-C5D81E65E55D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value."
},
{
"lang": "es",
"value": "En RHOS Essex Preview (versi\u00f3n 2012.2) del paquete del panel de control de OpenStack, el archivo /etc/quantum/quantum.conf es de tipo world readable y expone la contrase\u00f1a de administrador y el valor del token."
}
],
"id": "CVE-2012-5476",
"lastModified": "2024-11-21T01:44:43.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-30T20:15:11.217",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2012-5476"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5476"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-5476"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2012-5476"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5476"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-5476"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-14 19:55
Modified
2024-11-21 01:55
Severity ?
Summary
The Identity v3 API in OpenStack Dashboard (Horizon) before 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to change a user password by leveraging the authentication token for that user.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.openstack.org/pipermail/openstack/2013-November/003299.html | Vendor Advisory | |
| secalert@redhat.com | https://bugs.launchpad.net/horizon/+bug/1237989 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.openstack.org/pipermail/openstack/2013-November/003299.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/horizon/+bug/1237989 | Issue Tracking, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7E5E20-1AE0-41D8-BFF5-F04EED9E6470",
"versionEndExcluding": "2013.2",
"versionStartIncluding": "2013.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Identity v3 API in OpenStack Dashboard (Horizon) before 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to change a user password by leveraging the authentication token for that user."
},
{
"lang": "es",
"value": "La API Identity v3 en OpenStack Dashboard (Horizon) anterior a 2013.2 no requiere la contrase\u00f1a actual cuando cambia contrase\u00f1as para cuentas de usuarios, lo que facilita a atacantes remotos cambiar una contrase\u00f1a de usuario mediante el aprovechamiento del token de autenticaci\u00f3n para este usuario."
}
],
"id": "CVE-2013-4471",
"lastModified": "2024-11-21T01:55:38.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-14T19:55:10.277",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.openstack.org/pipermail/openstack/2013-November/003299.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1237989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.openstack.org/pipermail/openstack/2013-November/003299.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1237989"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-08-22 14:55
Modified
2024-11-21 02:08
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via a new host aggregate name.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AF1648D-62B1-4F76-8A20-2018978EE155",
"versionEndExcluding": "2013.2.4",
"versionStartIncluding": "2013.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9660BD9-614A-416E-BF0C-F254DD95B6C0",
"versionEndExcluding": "2014.1.2",
"versionStartIncluding": "2014.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:juno-1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A3DF8E5-464D-46CC-B96C-B7CD91298C42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:juno-2:*:*:*:*:*:*:*",
"matchCriteriaId": "6460A643-EDE2-40E7-9AC8-49385F68139D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via a new host aggregate name."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la interfaz Host Aggregates en OpenStack Dashboard (Horizon) anterior a 2013.2.4, 2014.1 anterior a 2014.1.2, y Juno anterior a Juno-3 permite a administradores remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un nombre de agregado de anfitri\u00f3n nuevo."
}
],
"id": "CVE-2014-3594",
"lastModified": "2024-11-21T02:08:28.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-08-22T14:55:07.377",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1335.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1336.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2014/q3/413"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/69291"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1349491"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95378"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://review.openstack.org/#/c/115310"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://review.openstack.org/#/c/115311"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://review.openstack.org/#/c/115313/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1335.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1336.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2014/q3/413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/69291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1349491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95378"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://review.openstack.org/#/c/115310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://review.openstack.org/#/c/115311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://review.openstack.org/#/c/115313/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2017-7400
Vulnerability from cvelistv5
Published
2017-04-03 14:00
Modified
2024-08-05 16:04
Severity ?
EPSS score ?
Summary
OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/97324 | vdb-entry, x_refsource_BID | |
| https://launchpad.net/bugs/1667086 | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2017:1598 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2017:1739 | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:10.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "97324",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97324"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/bugs/1667086"
},
{
"name": "RHSA-2017:1598",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1598"
},
{
"name": "RHSA-2017:1739",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1739"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "97324",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97324"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/bugs/1667086"
},
{
"name": "RHSA-2017:1598",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1598"
},
{
"name": "RHSA-2017:1739",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1739"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97324",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97324"
},
{
"name": "https://launchpad.net/bugs/1667086",
"refsource": "CONFIRM",
"url": "https://launchpad.net/bugs/1667086"
},
{
"name": "RHSA-2017:1598",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1598"
},
{
"name": "RHSA-2017:1739",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1739"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-7400",
"datePublished": "2017-04-03T14:00:00",
"dateReserved": "2017-04-03T00:00:00",
"dateUpdated": "2024-08-05T16:04:10.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-45582
Vulnerability from cvelistv5
Published
2023-08-22 00:00
Modified
2024-08-03 14:17
Severity ?
EPSS score ?
Summary
Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:17:03.817Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1982676"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/openstack/horizon/blob/master/horizon/workflows/views.py#L96-L102"
},
{
"name": "[debian-lts-announce] 20231130 [SECURITY] [DLA 3676-1] horizon security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00033.html"
},
{
"name": "[debian-lts-announce] 20231201 [SECURITY] [DLA 3678-1] horizon security update - CORRECTED ANNOUNCEMENT",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-01T06:06:23.853990",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.launchpad.net/horizon/+bug/1982676"
},
{
"url": "https://github.com/openstack/horizon/blob/master/horizon/workflows/views.py#L96-L102"
},
{
"name": "[debian-lts-announce] 20231130 [SECURITY] [DLA 3676-1] horizon security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00033.html"
},
{
"name": "[debian-lts-announce] 20231201 [SECURITY] [DLA 3678-1] horizon security update - CORRECTED ANNOUNCEMENT",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00000.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-45582",
"datePublished": "2023-08-22T00:00:00",
"dateReserved": "2022-11-21T00:00:00",
"dateUpdated": "2024-08-03T14:17:03.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2094
Vulnerability from cvelistv5
Published
2012-06-05 22:00
Modified
2024-08-06 19:26
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/49024 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/76136 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/81742 | vdb-entry, x_refsource_OSVDB | |
| http://ubuntu.com/usn/usn-1439-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://bugs.launchpad.net/horizon/+bug/977944 | x_refsource_MISC | |
| http://secunia.com/advisories/49071 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079160.html | vendor-advisory, x_refsource_FEDORA | |
| https://lists.launchpad.net/openstack/msg10211.html | mailing-list, x_refsource_MLIST | |
| https://github.com/openstack/horizon/commit/7f8c788aa70db98ac904f37fa4197fcabb802942 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:07.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "49024",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49024"
},
{
"name": "openstack-horizon-xss(76136)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76136"
},
{
"name": "81742",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/81742"
},
{
"name": "USN-1439-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1439-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/horizon/+bug/977944"
},
{
"name": "49071",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49071"
},
{
"name": "FEDORA-2012-6108",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079160.html"
},
{
"name": "[openstack] 20120417 [OSSA 2012-004] XSS vulnerability in Horizon log viewer",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.launchpad.net/openstack/msg10211.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/horizon/commit/7f8c788aa70db98ac904f37fa4197fcabb802942"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "49024",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49024"
},
{
"name": "openstack-horizon-xss(76136)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76136"
},
{
"name": "81742",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/81742"
},
{
"name": "USN-1439-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1439-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/horizon/+bug/977944"
},
{
"name": "49071",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49071"
},
{
"name": "FEDORA-2012-6108",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079160.html"
},
{
"name": "[openstack] 20120417 [OSSA 2012-004] XSS vulnerability in Horizon log viewer",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.launchpad.net/openstack/msg10211.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/horizon/commit/7f8c788aa70db98ac904f37fa4197fcabb802942"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2094",
"datePublished": "2012-06-05T22:00:00",
"dateReserved": "2012-04-04T00:00:00",
"dateUpdated": "2024-08-06T19:26:07.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3540
Vulnerability from cvelistv5
Published
2012-09-05 23:00
Modified
2024-08-06 20:13
Severity ?
EPSS score ?
Summary
Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by mistake.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/78196 | vdb-entry, x_refsource_XF | |
| https://bugs.launchpad.net/horizon/+bug/1039077 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/08/30/4 | mailing-list, x_refsource_MLIST | |
| https://github.com/openstack/horizon/commit/35eada8a27323c0f83c400177797927aba6bc99b | x_refsource_CONFIRM | |
| http://www.ubuntu.com/usn/USN-1565-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.securityfocus.com/bid/55329 | vdb-entry, x_refsource_BID | |
| https://lists.launchpad.net/openstack/msg16281.html | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/50480 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2012/08/30/5 | mailing-list, x_refsource_MLIST | |
| https://lists.launchpad.net/openstack/msg16278.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:13:50.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openstackdashboard-next-open-redirect(78196)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78196"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1039077"
},
{
"name": "[oss-security] 20120830 [OSSA 2012-012] Horizon, Open redirect through \u0027next\u0027 parameter (CVE-2012-3542)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/30/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/horizon/commit/35eada8a27323c0f83c400177797927aba6bc99b"
},
{
"name": "USN-1565-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1565-1"
},
{
"name": "55329",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55329"
},
{
"name": "[openstack] 20120830 Re: [OSSA 2012-012] Horizon, Open redirect through \u0027next\u0027 parameter (CVE-2012-3540)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.launchpad.net/openstack/msg16281.html"
},
{
"name": "50480",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50480"
},
{
"name": "[oss-security] 20120830 Re: [Openstack] [OSSA 2012-012] Horizon, Open redirect through \u0027next\u0027 parameter (CVE-2012-3540)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/30/5"
},
{
"name": "[openstack] 20120830 [OSSA 2012-012] Horizon, Open redirect through \u0027next\u0027 parameter (CVE-2012-3542)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.launchpad.net/openstack/msg16278.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by mistake."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openstackdashboard-next-open-redirect(78196)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78196"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1039077"
},
{
"name": "[oss-security] 20120830 [OSSA 2012-012] Horizon, Open redirect through \u0027next\u0027 parameter (CVE-2012-3542)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/30/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/horizon/commit/35eada8a27323c0f83c400177797927aba6bc99b"
},
{
"name": "USN-1565-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1565-1"
},
{
"name": "55329",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55329"
},
{
"name": "[openstack] 20120830 Re: [OSSA 2012-012] Horizon, Open redirect through \u0027next\u0027 parameter (CVE-2012-3540)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.launchpad.net/openstack/msg16281.html"
},
{
"name": "50480",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50480"
},
{
"name": "[oss-security] 20120830 Re: [Openstack] [OSSA 2012-012] Horizon, Open redirect through \u0027next\u0027 parameter (CVE-2012-3540)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/30/5"
},
{
"name": "[openstack] 20120830 [OSSA 2012-012] Horizon, Open redirect through \u0027next\u0027 parameter (CVE-2012-3542)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.launchpad.net/openstack/msg16278.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3540",
"datePublished": "2012-09-05T23:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:13:50.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4471
Vulnerability from cvelistv5
Published
2014-05-14 19:00
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
The Identity v3 API in OpenStack Dashboard (Horizon) before 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to change a user password by leveraging the authentication token for that user.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.openstack.org/pipermail/openstack/2013-November/003299.html | mailing-list, x_refsource_MLIST | |
| https://bugs.launchpad.net/horizon/+bug/1237989 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Openstack] 20131122 [OSSG][OSSN] Authenticated users are able to update passwords without providing their current password",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.openstack.org/pipermail/openstack/2013-November/003299.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1237989"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Identity v3 API in OpenStack Dashboard (Horizon) before 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to change a user password by leveraging the authentication token for that user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-05-14T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[Openstack] 20131122 [OSSG][OSSN] Authenticated users are able to update passwords without providing their current password",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.openstack.org/pipermail/openstack/2013-November/003299.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1237989"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4471",
"datePublished": "2014-05-14T19:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3426
Vulnerability from cvelistv5
Published
2012-07-31 10:00
Modified
2024-08-06 20:05
Severity ?
EPSS score ?
Summary
OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/keystone/+bug/998185"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/keystone/+bug/997194"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz"
},
{
"name": "50494",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50494"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/keystone/+bug/996595"
},
{
"name": "[oss-security] 20120727 [OSSA 2012-010] Various Keystone token expiration issues (CVE-2012-3426)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/27/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626"
},
{
"name": "USN-1552-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1552-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d"
},
{
"name": "50045",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50045"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-07T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/keystone/+bug/998185"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/keystone/+bug/997194"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz"
},
{
"name": "50494",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50494"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/keystone/+bug/996595"
},
{
"name": "[oss-security] 20120727 [OSSA 2012-010] Various Keystone token expiration issues (CVE-2012-3426)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/27/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626"
},
{
"name": "USN-1552-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1552-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d"
},
{
"name": "50045",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50045"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3426",
"datePublished": "2012-07-31T10:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-8578
Vulnerability from cvelistv5
Published
2014-10-31 15:00
Modified
2024-09-17 01:30
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-3475.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/68456 | vdb-entry, x_refsource_BID | |
| https://bugs.launchpad.net/horizon/+bug/1320235 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2014/07/08/6 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:18:48.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "68456",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68456"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1320235"
},
{
"name": "[oss-security] 20140708 [OSSA 2014-023] Multiple XSS vulnerabilities in Horizon (CVE-2014-3473, CVE-2014-3474, and CVE-2014-3475)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/08/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-3475."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-31T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "68456",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68456"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1320235"
},
{
"name": "[oss-security] 20140708 [OSSA 2014-023] Multiple XSS vulnerabilities in Horizon (CVE-2014-3473, CVE-2014-3474, and CVE-2014-3475)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/08/6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-3475."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68456",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68456"
},
{
"name": "https://bugs.launchpad.net/horizon/+bug/1320235",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/horizon/+bug/1320235"
},
{
"name": "[oss-security] 20140708 [OSSA 2014-023] Multiple XSS vulnerabilities in Horizon (CVE-2014-3473, CVE-2014-3474, and CVE-2014-3475)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/08/6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8578",
"datePublished": "2014-10-31T15:00:00Z",
"dateReserved": "2014-10-31T00:00:00Z",
"dateUpdated": "2024-09-17T01:30:57.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-3219
Vulnerability from cvelistv5
Published
2015-08-20 20:00
Modified
2024-08-06 05:39
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.openstack.org/pipermail/openstack-announce/2015-June/000361.html | mailing-list, x_refsource_MLIST | |
| https://bugs.launchpad.net/horizon/+bug/1453074 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/75109 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2016/dsa-3617 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2015-1679.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.openwall.com/lists/oss-security/2015/06/09/7 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:31.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[openstack-announce] 20150609 [OSSA 2015-010] XSS in Horizon Heat stack creation (CVE-2015-3219)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.openstack.org/pipermail/openstack-announce/2015-June/000361.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1453074"
},
{
"name": "75109",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75109"
},
{
"name": "DSA-3617",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3617"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "RHSA-2015:1679",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1679.html"
},
{
"name": "[oss-security] 20150609 [OSSA 2015-010] XSS in Horizon Heat stack creation (CVE-2015-3219)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/09/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-22T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[openstack-announce] 20150609 [OSSA 2015-010] XSS in Horizon Heat stack creation (CVE-2015-3219)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.openstack.org/pipermail/openstack-announce/2015-June/000361.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1453074"
},
{
"name": "75109",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75109"
},
{
"name": "DSA-3617",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3617"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "RHSA-2015:1679",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1679.html"
},
{
"name": "[oss-security] 20150609 [OSSA 2015-010] XSS in Horizon Heat stack creation (CVE-2015-3219)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/09/7"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[openstack-announce] 20150609 [OSSA 2015-010] XSS in Horizon Heat stack creation (CVE-2015-3219)",
"refsource": "MLIST",
"url": "http://lists.openstack.org/pipermail/openstack-announce/2015-June/000361.html"
},
{
"name": "https://bugs.launchpad.net/horizon/+bug/1453074",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/horizon/+bug/1453074"
},
{
"name": "75109",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75109"
},
{
"name": "DSA-3617",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3617"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "RHSA-2015:1679",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1679.html"
},
{
"name": "[oss-security] 20150609 [OSSA 2015-010] XSS in Horizon Heat stack creation (CVE-2015-3219)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/06/09/7"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3219",
"datePublished": "2015-08-20T20:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:31.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-6858
Vulnerability from cvelistv5
Published
2013-11-23 17:00
Modified
2024-08-06 17:46
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topology" page.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/63787 | vdb-entry, x_refsource_BID | |
| http://www.ubuntu.com/usn/USN-2062-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://bugs.launchpad.net/horizon/+bug/1247675 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/55770 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html | vendor-advisory, x_refsource_SUSE | |
| http://secunia.com/advisories/56117 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:46:23.886Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "63787",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63787"
},
{
"name": "USN-2062-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2062-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1247675"
},
{
"name": "55770",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55770"
},
{
"name": "openSUSE-SU-2015:0078",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html"
},
{
"name": "56117",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56117"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) \"Volumes\" or (2) \"Network Topology\" page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-20T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "63787",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/63787"
},
{
"name": "USN-2062-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2062-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1247675"
},
{
"name": "55770",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55770"
},
{
"name": "openSUSE-SU-2015:0078",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html"
},
{
"name": "56117",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56117"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6858",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) \"Volumes\" or (2) \"Network Topology\" page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "63787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63787"
},
{
"name": "USN-2062-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2062-1"
},
{
"name": "https://bugs.launchpad.net/horizon/+bug/1247675",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/horizon/+bug/1247675"
},
{
"name": "55770",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55770"
},
{
"name": "openSUSE-SU-2015:0078",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html"
},
{
"name": "56117",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56117"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6858",
"datePublished": "2013-11-23T17:00:00",
"dateReserved": "2013-11-23T00:00:00",
"dateUpdated": "2024-08-06T17:46:23.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3473
Vulnerability from cvelistv5
Published
2014-10-31 15:00
Modified
2024-08-06 10:43
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2, when used with Heat, allows remote Orchestration template owners or catalogs to inject arbitrary web script or HTML via a crafted template.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2014/07/08/6 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/68459 | vdb-entry, x_refsource_BID | |
| https://bugs.launchpad.net/horizon/+bug/1308727 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:06.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140708 [OSSA 2014-023] Multiple XSS vulnerabilities in Horizon (CVE-2014-3473, CVE-2014-3474, and CVE-2014-3475)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/08/6"
},
{
"name": "68459",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68459"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1308727"
},
{
"name": "openSUSE-SU-2015:0078",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2, when used with Heat, allows remote Orchestration template owners or catalogs to inject arbitrary web script or HTML via a crafted template."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-16T17:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20140708 [OSSA 2014-023] Multiple XSS vulnerabilities in Horizon (CVE-2014-3473, CVE-2014-3474, and CVE-2014-3475)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/08/6"
},
{
"name": "68459",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68459"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1308727"
},
{
"name": "openSUSE-SU-2015:0078",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3473",
"datePublished": "2014-10-31T15:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:43:06.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5474
Vulnerability from cvelistv5
Published
2019-12-30 19:36
Modified
2024-08-06 21:05
Severity ?
EPSS score ?
Summary
The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2012-5474 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5474 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/cve-2012-5474 | x_refsource_MISC | |
| http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092841.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | python-django-horizon | python-django-horizon |
Version: before 2012.1.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-5474"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5474"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2012-5474"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092841.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "python-django-horizon",
"vendor": "python-django-horizon",
"versions": [
{
"status": "affected",
"version": "before 2012.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Dashboard /etc/openstack-dashboard/local_settings secret key exposure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-30T19:36:51",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-5474"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5474"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2012-5474"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092841.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5474",
"datePublished": "2019-12-30T19:36:51",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4428
Vulnerability from cvelistv5
Published
2016-07-12 19:00
Modified
2024-08-06 00:32
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2016:1268 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2016:1270 | vendor-advisory, x_refsource_REDHAT | |
| http://www.debian.org/security/2016/dsa-3617 | vendor-advisory, x_refsource_DEBIAN | |
| https://access.redhat.com/errata/RHSA-2016:1272 | vendor-advisory, x_refsource_REDHAT | |
| https://security.openstack.org/ossa/OSSA-2016-010.html | x_refsource_CONFIRM | |
| https://review.openstack.org/329997 | x_refsource_CONFIRM | |
| https://bugs.launchpad.net/horizon/+bug/1567673 | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2016:1269 | vendor-advisory, x_refsource_REDHAT | |
| http://www.openwall.com/lists/oss-security/2016/06/17/4 | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2016:1271 | vendor-advisory, x_refsource_REDHAT | |
| https://review.openstack.org/329998 | x_refsource_CONFIRM | |
| https://review.openstack.org/329996 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:24.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2016:1268",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1268"
},
{
"name": "RHSA-2016:1270",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1270"
},
{
"name": "DSA-3617",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3617"
},
{
"name": "RHSA-2016:1272",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1272"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.openstack.org/ossa/OSSA-2016-010.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://review.openstack.org/329997"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1567673"
},
{
"name": "RHSA-2016:1269",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1269"
},
{
"name": "[oss-security] 20160617 [OSSA-2016-010] XSS in Horizon client side template (CVE-2016-4428)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/17/4"
},
{
"name": "RHSA-2016:1271",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1271"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://review.openstack.org/329998"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://review.openstack.org/329996"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2016:1268",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1268"
},
{
"name": "RHSA-2016:1270",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1270"
},
{
"name": "DSA-3617",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3617"
},
{
"name": "RHSA-2016:1272",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1272"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.openstack.org/ossa/OSSA-2016-010.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://review.openstack.org/329997"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1567673"
},
{
"name": "RHSA-2016:1269",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1269"
},
{
"name": "[oss-security] 20160617 [OSSA-2016-010] XSS in Horizon client side template (CVE-2016-4428)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/06/17/4"
},
{
"name": "RHSA-2016:1271",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1271"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://review.openstack.org/329998"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://review.openstack.org/329996"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-4428",
"datePublished": "2016-07-12T19:00:00",
"dateReserved": "2016-05-02T00:00:00",
"dateUpdated": "2024-08-06T00:32:24.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-3542
Vulnerability from cvelistv5
Published
2012-09-05 23:00
Modified
2024-08-06 20:13
Severity ?
EPSS score ?
Summary
OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/50467 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/55326 | vdb-entry, x_refsource_BID | |
| https://lists.launchpad.net/openstack/msg16282.html | mailing-list, x_refsource_MLIST | |
| https://github.com/openstack/keystone/commit/c13d0ba606f7b2bdc609a7f388334e5efec3f3aa | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/08/30/6 | mailing-list, x_refsource_MLIST | |
| https://github.com/openstack/keystone/commit/5438d3b5a219d7c8fa67e66e538d325a61617155 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/50494 | third-party-advisory, x_refsource_SECUNIA | |
| https://bugs.launchpad.net/keystone/+bug/1040626 | x_refsource_CONFIRM | |
| http://www.ubuntu.com/usn/USN-1552-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:13:50.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "50467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50467"
},
{
"name": "55326",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55326"
},
{
"name": "[openstack] 20120830 [OSSA 2012-013] Keystone, Lack of authorization for adding users to tenants (CVE-2012-3542)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.launchpad.net/openstack/msg16282.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/keystone/commit/c13d0ba606f7b2bdc609a7f388334e5efec3f3aa"
},
{
"name": "[oss-security] 20120830 [OSSA 2012-013] Keystone, Lack of authorization for adding users to tenants (CVE-2012-3542)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/30/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/keystone/commit/5438d3b5a219d7c8fa67e66e538d325a61617155"
},
{
"name": "50494",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50494"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/keystone/+bug/1040626"
},
{
"name": "USN-1552-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1552-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user\u0027s default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-05T23:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "50467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50467"
},
{
"name": "55326",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55326"
},
{
"name": "[openstack] 20120830 [OSSA 2012-013] Keystone, Lack of authorization for adding users to tenants (CVE-2012-3542)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.launchpad.net/openstack/msg16282.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/keystone/commit/c13d0ba606f7b2bdc609a7f388334e5efec3f3aa"
},
{
"name": "[oss-security] 20120830 [OSSA 2012-013] Keystone, Lack of authorization for adding users to tenants (CVE-2012-3542)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/30/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/keystone/commit/5438d3b5a219d7c8fa67e66e538d325a61617155"
},
{
"name": "50494",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50494"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/keystone/+bug/1040626"
},
{
"name": "USN-1552-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1552-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3542",
"datePublished": "2012-09-05T23:00:00Z",
"dateReserved": "2012-06-14T00:00:00Z",
"dateUpdated": "2024-08-06T20:13:50.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0157
Vulnerability from cvelistv5
Published
2014-04-15 14:00
Modified
2024-08-06 09:05
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to inject arbitrary web script or HTML via the description field of a Heat template.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/66706 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2014/04/08/8 | mailing-list, x_refsource_MLIST | |
| https://launchpad.net/bugs/1289033 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:38.828Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "66706",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66706"
},
{
"name": "[oss-security] 20140408 [OSSA 2014-010] XSS in Horizon orchestration dashboard (CVE-2014-0157)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/04/08/8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/bugs/1289033"
},
{
"name": "openSUSE-SU-2015:0078",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to inject arbitrary web script or HTML via the description field of a Heat template."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-06-02T14:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "66706",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66706"
},
{
"name": "[oss-security] 20140408 [OSSA 2014-010] XSS in Horizon orchestration dashboard (CVE-2014-0157)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/04/08/8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/bugs/1289033"
},
{
"name": "openSUSE-SU-2015:0078",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0157",
"datePublished": "2014-04-15T14:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:38.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3594
Vulnerability from cvelistv5
Published
2014-08-22 14:00
Modified
2024-08-06 10:50
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via a new host aggregate name.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2014-1336.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/69291 | vdb-entry, x_refsource_BID | |
| https://review.openstack.org/#/c/115313/ | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2014-1335.html | vendor-advisory, x_refsource_REDHAT | |
| https://review.openstack.org/#/c/115311 | x_refsource_CONFIRM | |
| https://review.openstack.org/#/c/115310 | x_refsource_CONFIRM | |
| http://seclists.org/oss-sec/2014/q3/413 | mailing-list, x_refsource_MLIST | |
| https://bugs.launchpad.net/horizon/+bug/1349491 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html | vendor-advisory, x_refsource_SUSE | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95378 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:18.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2014:1336",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1336.html"
},
{
"name": "69291",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69291"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://review.openstack.org/#/c/115313/"
},
{
"name": "RHSA-2014:1335",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1335.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://review.openstack.org/#/c/115311"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://review.openstack.org/#/c/115310"
},
{
"name": "[oss-security] 20140819 [OSSA 2014-027] Persistent XSS in Horizon Host Aggregates interface (CVE-2014-3594)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/413"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1349491"
},
{
"name": "openSUSE-SU-2015:0078",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html"
},
{
"name": "openstack-horizon-cve20143594-xss(95378)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95378"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via a new host aggregate name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2014:1336",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1336.html"
},
{
"name": "69291",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69291"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://review.openstack.org/#/c/115313/"
},
{
"name": "RHSA-2014:1335",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1335.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://review.openstack.org/#/c/115311"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://review.openstack.org/#/c/115310"
},
{
"name": "[oss-security] 20140819 [OSSA 2014-027] Persistent XSS in Horizon Host Aggregates interface (CVE-2014-3594)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/413"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1349491"
},
{
"name": "openSUSE-SU-2015:0078",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html"
},
{
"name": "openstack-horizon-cve20143594-xss(95378)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95378"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3594",
"datePublished": "2014-08-22T14:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:50:18.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5476
Vulnerability from cvelistv5
Published
2019-12-30 19:02
Modified
2024-08-06 21:05
Severity ?
EPSS score ?
Summary
Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2012-5476 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5476 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/cve-2012-5476 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | openstack-dashboard | openstack-dashboard |
Version: RHOS Essex Preview (2012.2) |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-5476"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5476"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2012-5476"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openstack-dashboard",
"vendor": "openstack-dashboard",
"versions": [
{
"status": "affected",
"version": "RHOS Essex Preview (2012.2)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-30T19:02:14",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-5476"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5476"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2012-5476"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5476",
"datePublished": "2019-12-30T19:02:14",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-29565
Vulnerability from cvelistv5
Published
2020-12-04 07:06
Modified
2024-08-04 16:55
Severity ?
EPSS score ?
Summary
An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provided malicious URL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/horizon/+bug/1865026 | x_refsource_MISC | |
| https://review.opendev.org/c/openstack/horizon/+/758841/ | x_refsource_MISC | |
| https://review.opendev.org/c/openstack/horizon/+/758843/ | x_refsource_MISC | |
| https://security.openstack.org/ossa/OSSA-2020-008.html | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2020/12/08/2 | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2020/dsa-4820 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:55:10.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1865026"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.opendev.org/c/openstack/horizon/+/758841/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://review.opendev.org/c/openstack/horizon/+/758843/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.openstack.org/ossa/OSSA-2020-008.html"
},
{
"name": "[oss-security] 20201207 [OSSA-2020-008] horizon: Open redirect in workflow forms (CVE-2020-29565)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/08/2"
},
{
"name": "DSA-4820",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4820"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the \"next\" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provided malicious URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-28T16:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1865026"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.opendev.org/c/openstack/horizon/+/758841/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://review.opendev.org/c/openstack/horizon/+/758843/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.openstack.org/ossa/OSSA-2020-008.html"
},
{
"name": "[oss-security] 20201207 [OSSA-2020-008] horizon: Open redirect in workflow forms (CVE-2020-29565)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/12/08/2"
},
{
"name": "DSA-4820",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4820"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-29565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the \"next\" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provided malicious URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/horizon/+bug/1865026",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/horizon/+bug/1865026"
},
{
"name": "https://review.opendev.org/c/openstack/horizon/+/758841/",
"refsource": "MISC",
"url": "https://review.opendev.org/c/openstack/horizon/+/758841/"
},
{
"name": "https://review.opendev.org/c/openstack/horizon/+/758843/",
"refsource": "MISC",
"url": "https://review.opendev.org/c/openstack/horizon/+/758843/"
},
{
"name": "https://security.openstack.org/ossa/OSSA-2020-008.html",
"refsource": "CONFIRM",
"url": "https://security.openstack.org/ossa/OSSA-2020-008.html"
},
{
"name": "[oss-security] 20201207 [OSSA-2020-008] horizon: Open redirect in workflow forms (CVE-2020-29565)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/12/08/2"
},
{
"name": "DSA-4820",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4820"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-29565",
"datePublished": "2020-12-04T07:06:03",
"dateReserved": "2020-12-04T00:00:00",
"dateUpdated": "2024-08-04T16:55:10.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-8124
Vulnerability from cvelistv5
Published
2014-12-12 15:00
Modified
2024-08-06 13:10
Severity ?
EPSS score ?
Summary
OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service via a large number of requests to the login page.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/horizon/+bug/1394370 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/61186 | third-party-advisory, x_refsource_SECUNIA | |
| http://rhn.redhat.com/errata/RHSA-2015-0845.html | vendor-advisory, x_refsource_REDHAT | |
| http://lists.openstack.org/pipermail/openstack-announce/2014-December/000308.html | mailing-list, x_refsource_MLIST | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147520.html | vendor-advisory, x_refsource_FEDORA | |
| http://rhn.redhat.com/errata/RHSA-2015-0839.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:10:50.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1394370"
},
{
"name": "61186",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61186"
},
{
"name": "RHSA-2015:0845",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0845.html"
},
{
"name": "[openstack-announce] 20141209 [OSSA 2014-040] Horizon denial of service attack through login page (CVE-2014-8124)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.openstack.org/pipermail/openstack-announce/2014-December/000308.html"
},
{
"name": "FEDORA-2014-17177",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147520.html"
},
{
"name": "RHSA-2015:0839",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0839.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "openSUSE-SU-2015:0078",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service via a large number of requests to the login page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-24T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1394370"
},
{
"name": "61186",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61186"
},
{
"name": "RHSA-2015:0845",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0845.html"
},
{
"name": "[openstack-announce] 20141209 [OSSA 2014-040] Horizon denial of service attack through login page (CVE-2014-8124)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.openstack.org/pipermail/openstack-announce/2014-December/000308.html"
},
{
"name": "FEDORA-2014-17177",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147520.html"
},
{
"name": "RHSA-2015:0839",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0839.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "openSUSE-SU-2015:0078",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-8124",
"datePublished": "2014-12-12T15:00:00",
"dateReserved": "2014-10-10T00:00:00",
"dateUpdated": "2024-08-06T13:10:50.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-3988
Vulnerability from cvelistv5
Published
2015-05-19 18:00
Modified
2024-08-06 06:04
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance image, (2) Nova flavor or (3) Host Aggregate.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/05/12/9 | mailing-list, x_refsource_MLIST | |
| https://security.openstack.org/ossa/OSSA-2015-009.html | x_refsource_CONFIRM | |
| http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2015-1679.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.openwall.com/lists/oss-security/2015/05/14/14 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/74666 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:04:02.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20150512 CVE request for vulnerability in OpenStack Horizon",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/05/12/9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.openstack.org/ossa/OSSA-2015-009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "RHSA-2015:1679",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1679.html"
},
{
"name": "[oss-security] 20150512 CVE request for vulnerability in OpenStack Horizon",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/05/14/14"
},
{
"name": "74666",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74666"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance image, (2) Nova flavor or (3) Host Aggregate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-22T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20150512 CVE request for vulnerability in OpenStack Horizon",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/05/12/9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.openstack.org/ossa/OSSA-2015-009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "RHSA-2015:1679",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1679.html"
},
{
"name": "[oss-security] 20150512 CVE request for vulnerability in OpenStack Horizon",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/05/14/14"
},
{
"name": "74666",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74666"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance image, (2) Nova flavor or (3) Host Aggregate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150512 CVE request for vulnerability in OpenStack Horizon",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/05/12/9"
},
{
"name": "https://security.openstack.org/ossa/OSSA-2015-009.html",
"refsource": "CONFIRM",
"url": "https://security.openstack.org/ossa/OSSA-2015-009.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "RHSA-2015:1679",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1679.html"
},
{
"name": "[oss-security] 20150512 CVE request for vulnerability in OpenStack Horizon",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/05/14/14"
},
{
"name": "74666",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74666"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3988",
"datePublished": "2015-05-19T18:00:00",
"dateReserved": "2015-05-14T00:00:00",
"dateUpdated": "2024-08-06T06:04:02.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3474
Vulnerability from cvelistv5
Published
2014-10-31 15:00
Modified
2024-08-06 10:43
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to inject arbitrary web script or HTML via a network name.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2014/07/08/6 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/68460 | vdb-entry, x_refsource_BID | |
| https://review.openstack.org/#/c/105477 | x_refsource_CONFIRM | |
| https://bugs.launchpad.net/horizon/+bug/1322197 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:06.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140708 [OSSA 2014-023] Multiple XSS vulnerabilities in Horizon (CVE-2014-3473, CVE-2014-3474, and CVE-2014-3475)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/08/6"
},
{
"name": "68460",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68460"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://review.openstack.org/#/c/105477"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1322197"
},
{
"name": "openSUSE-SU-2015:0078",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to inject arbitrary web script or HTML via a network name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-16T17:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20140708 [OSSA 2014-023] Multiple XSS vulnerabilities in Horizon (CVE-2014-3473, CVE-2014-3474, and CVE-2014-3475)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/08/6"
},
{
"name": "68460",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68460"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://review.openstack.org/#/c/105477"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1322197"
},
{
"name": "openSUSE-SU-2015:0078",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3474",
"datePublished": "2014-10-31T15:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:43:06.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2144
Vulnerability from cvelistv5
Published
2012-06-05 22:00
Modified
2024-08-06 19:26
Severity ?
EPSS score ?
Summary
Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/49024 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2012/05/05/1 | mailing-list, x_refsource_MLIST | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/75423 | vdb-entry, x_refsource_XF | |
| http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081173.html | vendor-advisory, x_refsource_FEDORA | |
| https://bugs.launchpad.net/horizon/+bug/978896 | x_refsource_MISC | |
| http://ubuntu.com/usn/usn-1439-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://github.com/openstack/horizon/commit/041b1c44c7d6cf5429505067c32f8f35166a8bab | x_refsource_CONFIRM | |
| http://secunia.com/advisories/49071 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/53399 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/81741 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:08.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "49024",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49024"
},
{
"name": "[oss-security] 20120505 [OSSA 2012-006] Horizon session fixation and reuse",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/05/1"
},
{
"name": "openstack-dashboard-session-hijacking(75423)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75423"
},
{
"name": "FEDORA-2012-7369",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081173.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/horizon/+bug/978896"
},
{
"name": "USN-1439-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1439-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/horizon/commit/041b1c44c7d6cf5429505067c32f8f35166a8bab"
},
{
"name": "49071",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49071"
},
{
"name": "53399",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53399"
},
{
"name": "81741",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/81741"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "49024",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49024"
},
{
"name": "[oss-security] 20120505 [OSSA 2012-006] Horizon session fixation and reuse",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/05/1"
},
{
"name": "openstack-dashboard-session-hijacking(75423)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75423"
},
{
"name": "FEDORA-2012-7369",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081173.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/horizon/+bug/978896"
},
{
"name": "USN-1439-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1439-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/horizon/commit/041b1c44c7d6cf5429505067c32f8f35166a8bab"
},
{
"name": "49071",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49071"
},
{
"name": "53399",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53399"
},
{
"name": "81741",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/81741"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2144",
"datePublished": "2012-06-05T22:00:00",
"dateReserved": "2012-04-04T00:00:00",
"dateUpdated": "2024-08-06T19:26:08.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3475
Vulnerability from cvelistv5
Published
2014-10-31 15:00
Modified
2024-08-06 10:43
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-8578.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/68456 | vdb-entry, x_refsource_BID | |
| https://bugs.launchpad.net/horizon/+bug/1320235 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2014/07/08/6 | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:06.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "68456",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68456"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1320235"
},
{
"name": "[oss-security] 20140708 [OSSA 2014-023] Multiple XSS vulnerabilities in Horizon (CVE-2014-3473, CVE-2014-3474, and CVE-2014-3475)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/08/6"
},
{
"name": "openSUSE-SU-2015:0078",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-8578."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-16T17:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "68456",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68456"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/horizon/+bug/1320235"
},
{
"name": "[oss-security] 20140708 [OSSA 2014-023] Multiple XSS vulnerabilities in Horizon (CVE-2014-3473, CVE-2014-3474, and CVE-2014-3475)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/08/6"
},
{
"name": "openSUSE-SU-2015:0078",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3475",
"datePublished": "2014-10-31T15:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:43:06.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}