RHEL 7 : python-django-horizon (RHSA-2015:1679)

2024-04-2700:00:00

www.tenable.com

red hat

security updates

python-django-horizon

cve-2015-3219

cve-2015-3988

xss

rhsa-2015:1679

moderate

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.6%

JSON

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1679 advisory.

OpenStack Dashboard (Horizon) provides administrators and users with a     graphical interface to access, provision, and automate cloud-based     resources.

Two security issues were discovered in the Horizon dashboard and are     addressed in this update:

* A cross-site scripting (XSS) flaw was found in the Horizon Orchestration     dashboard. An attacker able to trick a Horizon user into using a malicious     template during the stack creation could use this flaw to perform an XSS     attack on that user. (CVE-2015-3219)

Red Hat would like to thank the OpenStack Project for reporting the     CVE-2015-3219 issue. Upstream acknowledges Nikita Konovalov from Mirantis     as the original reporter of CVE-2015-3219.

* A flaw was discovered in the Horizon metadata dashboard whereby     potentially untrusted data was displayed from Glance images, Nova flavors,     or host aggregates without correct clean up. An attacker could use this     flaw to conduct an XSS attack.(CVE-2015-3988)

Additionally, the following non-security issues are addressed:

* It was impossible to associate a floating IP address to a port for an     instance. This occurred if the gateway router was not in the same tenant as     the instance but was attached to a network shared across tenants because     only ports within the tenant were used to find reachable gateway routers.
(BZ#1187992)

* If two or more regions were configured in Horizon, then the User, Help,     and Current Project links would no longer work and the region selector     was in the wrong location in the UI. (BZ#1189887)

* A load balancer monitor was erroneously displayed as associated with     every tenant in every pool. The load balancer monitor was not actually     associated with any tenants, but the improper display prevented users     from using the Horizon dashboard to create a tenant association.
(BZ#1196249)

* When logging into the Horizon dashboard, Horizon sends a query to Nova to     update usage statistics. One of the calls would erroneously query deleted     virtual machines; if there were thousands of deleted virtual machines, the     CPU usage for Nova would spike and the Nova process could crash.
(BZ#1243301)

* The network profile was not supported by Cisco N1KV ML2 drivers. This     profile has been removed to maintain Horizon compatibility with the Cisco     driver. (BZ#1246690)

* A neutron attribute extension was renamed from profile_id to profile for     networks and ports. This caused create operations for networks and ports to     fail from the dashboard since the dashboard was still using the attribute     name n1kv:profile_id rather than n1kv:profile.(BZ#1248367)

* If a virtual machine instance failed to launch, then the stale port     assignments were left in the configuration rather than being cleaned up.
(BZ#1249228)

All python-django-horizon users are advised to upgrade to these updated     packages, which correct these issues.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2015:1679. The text
# itself is copyright (C) Red Hat, Inc.
##

include('compat.inc');

if (description)
{
  script_id(194004);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/03");

  script_cve_id("CVE-2015-3219", "CVE-2015-3988");
  script_xref(name:"RHSA", value:"2015:1679");

  script_name(english:"RHEL 7 : python-django-horizon (RHSA-2015:1679)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates for python-django-horizon.");
  script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2015:1679 advisory.

    OpenStack Dashboard (Horizon) provides administrators and users with a
    graphical interface to access, provision, and automate cloud-based
    resources.

    Two security issues were discovered in the Horizon dashboard and are
    addressed in this update:

    * A cross-site scripting (XSS) flaw was found in the Horizon Orchestration
    dashboard. An attacker able to trick a Horizon user into using a malicious
    template during the stack creation could use this flaw to perform an XSS
    attack on that user. (CVE-2015-3219)

    Red Hat would like to thank the OpenStack Project for reporting the
    CVE-2015-3219 issue. Upstream acknowledges Nikita Konovalov from Mirantis
    as the original reporter of CVE-2015-3219.

    * A flaw was discovered in the Horizon metadata dashboard whereby
    potentially untrusted data was displayed from Glance images, Nova flavors,
    or host aggregates without correct clean up. An attacker could use this
    flaw to conduct an XSS attack.(CVE-2015-3988)

    Additionally, the following non-security issues are addressed:

    * It was impossible to associate a floating IP address to a port for an
    instance. This occurred if the gateway router was not in the same tenant as
    the instance but was attached to a network shared across tenants because
    only ports within the tenant were used to find reachable gateway routers.
    (BZ#1187992)

    * If two or more regions were configured in Horizon, then the User, Help,
    and Current Project links would no longer work and the region selector
    was in the wrong location in the UI. (BZ#1189887)

    * A load balancer monitor was erroneously displayed as associated with
    every tenant in every pool. The load balancer monitor was not actually
    associated with any tenants, but the improper display prevented users
    from using the Horizon dashboard to create a tenant association.
    (BZ#1196249)

    * When logging into the Horizon dashboard, Horizon sends a query to Nova to
    update usage statistics. One of the calls would erroneously query deleted
    virtual machines; if there were thousands of deleted virtual machines, the
    CPU usage for Nova would spike and the Nova process could crash.
    (BZ#1243301)

    * The network profile was not supported by Cisco N1KV ML2 drivers. This
    profile has been removed to maintain Horizon compatibility with the Cisco
    driver. (BZ#1246690)

    * A neutron attribute extension was renamed from profile_id to profile for
    networks and ports. This caused create operations for networks and ports to
    fail from the dashboard since the dashboard was still using the attribute
    name n1kv:profile_id rather than n1kv:profile.(BZ#1248367)

    * If a virtual machine instance failed to launch, then the stale port
    assignments were left in the configuration rather than being cleaned up.
    (BZ#1249228)

    All python-django-horizon users are advised to upgrade to these updated
    packages, which correct these issues.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#moderate");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1187992");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1196249");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1222871");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1228534");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1243301");
  # https://access.redhat.com/security/data/csaf/v2/advisories/2015/rhsa-2015_1679.json
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d0578eaa");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2015:1679");
  script_set_attribute(attribute:"solution", value:
"Update the RHEL python-django-horizon package based on the guidance in RHSA-2015:1679.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-3219");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(79);
  script_set_attribute(attribute:"vendor_severity", value:"Moderate");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/05/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/08/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openstack-dashboard");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openstack-dashboard-theme");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-django-horizon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-django-horizon-doc");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');
include('rhel.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);

var constraints = [
  {
    'repo_relative_urls': [
      'content/dist/rhel/server/7/7Server/x86_64/openstack/6.0/debug',
      'content/dist/rhel/server/7/7Server/x86_64/openstack/6.0/os',
      'content/dist/rhel/server/7/7Server/x86_64/openstack/6.0/source/SRPMS'
    ],
    'pkgs': [
      {'reference':'openstack-dashboard-2014.2.3-7.el7ost', 'release':'7', 'el_string':'el7ost', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openstack-'},
      {'reference':'openstack-dashboard-theme-2014.2.3-7.el7ost', 'release':'7', 'el_string':'el7ost', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openstack-'},
      {'reference':'python-django-horizon-2014.2.3-7.el7ost', 'release':'7', 'el_string':'el7ost', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openstack-'},
      {'reference':'python-django-horizon-doc-2014.2.3-7.el7ost', 'release':'7', 'el_string':'el7ost', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openstack-'}
    ]
  }
];

var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);

var flag = 0;
foreach var constraint_array ( constraints ) {
  var repo_relative_urls = NULL;
  if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
  foreach var pkg ( constraint_array['pkgs'] ) {
    var reference = NULL;
    var _release = NULL;
    var sp = NULL;
    var _cpu = NULL;
    var el_string = NULL;
    var rpm_spec_vers_cmp = NULL;
    var epoch = NULL;
    var allowmaj = NULL;
    var exists_check = NULL;
    var cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        _release &&
        rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
        (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
        rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  var extra = NULL;
  if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
  else extra = rpm_report_get();
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : extra
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openstack-dashboard / openstack-dashboard-theme / etc');
}

VendorProductVersionCPE
redhatenterprise_linux7cpe:/o:redhat:enterprise_linux:7
redhatenterprise_linuxopenstack-dashboard-themep-cpe:/a:redhat:enterprise_linux:openstack-dashboard-theme
redhatenterprise_linuxpython-django-horizon-docp-cpe:/a:redhat:enterprise_linux:python-django-horizon-doc
redhatenterprise_linuxopenstack-dashboardp-cpe:/a:redhat:enterprise_linux:openstack-dashboard
redhatenterprise_linuxpython-django-horizonp-cpe:/a:redhat:enterprise_linux:python-django-horizon

Vendor	Product	Version	CPE
redhat	enterprise_linux	7	cpe:/o:redhat:enterprise_linux:7
redhat	enterprise_linux	openstack-dashboard-theme	p-cpe:/a:redhat:enterprise_linux:openstack-dashboard-theme
redhat	enterprise_linux	python-django-horizon-doc	p-cpe:/a:redhat:enterprise_linux:python-django-horizon-doc
redhat	enterprise_linux	openstack-dashboard	p-cpe:/a:redhat:enterprise_linux:openstack-dashboard
redhat	enterprise_linux	python-django-horizon	p-cpe:/a:redhat:enterprise_linux:python-django-horizon