GoogleOSV:GHSA-5PV6-RPRW-82WVHorizon Web Dashboard Open Redirect vulnerability
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
25.9%
Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter.
References
bugs.launchpad.net/horizon/+bug/1982676
github.com/openstack/horizon
github.com/openstack/horizon/blob/master/horizon/workflows/views.py#L96-L102
github.com/pypa/advisory-database/tree/main/vulns/horizon/PYSEC-2023-153.yaml
lists.debian.org/debian-lts-announce/2023/11/msg00033.html
lists.debian.org/debian-lts-announce/2023/12/msg00000.html
nvd.nist.gov/vuln/detail/CVE-2022-45582
opendev.org/openstack/horizon/commit/79d139594290779b2f74ca894332aa7f2f7e4735
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
25.9%