CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
61.6%
An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under (because the Python eval function is used). This may result in Horizon host unauthorized access and further compromise of the Horizon service. All setups using the Horizon dashboard with the blazar-dashboard plugin are affected.
Vendor | Product | Version | CPE |
---|---|---|---|
openstack | blazar-dashboard | 3.0.0 | cpe:2.3:a:openstack:blazar-dashboard:3.0.0:*:*:*:*:*:*:* |
openstack | blazar-dashboard | 2.0.0 | cpe:2.3:a:openstack:blazar-dashboard:2.0.0:*:*:*:*:*:*:* |
openstack | blazar-dashboard | * | cpe:2.3:a:openstack:blazar-dashboard:*:*:*:*:*:*:*:* |
www.openwall.com/lists/oss-security/2020/10/16/5
github.com/advisories/GHSA-939m-4xpw-v34v
github.com/pypa/advisory-database/tree/main/vulns/blazar-dashboard/PYSEC-2020-225.yaml
launchpad.net/bugs/1895688
nvd.nist.gov/vuln/detail/CVE-2020-26943
review.opendev.org/755810
review.opendev.org/755812
review.opendev.org/755813
review.opendev.org/755814
review.opendev.org/756064
security.openstack.org/ossa/OSSA-2020-007.html
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
61.6%