5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.008 Low
EPSS
Percentile
79.4%
Horizon is the OpenStack Dashboard (http://www.openstack.org), a web
interface for managing OpenStack services.
An open redirect flaw was found in the way Horizon handled authentication.
A remote attacker able to trick a victim into opening the Horizon login
page using a specially-crafted link could redirect the victim to an
arbitrary web page, and conduct phishing attacks, after the victim
successfully logs in. (CVE-2012-3540)
Red Hat would like to thank Thomas Biege of SUSE for reporting this issue.
All users of Horizon are advised to upgrade to these updated packages,
which correct this issue. After installing the updated packages, the httpd
daemon must be restarted (“service httpd restart”) for the update to take
effect.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | noarch | openstack-dashboard | < 2012.1.1-3.el6 | openstack-dashboard-2012.1.1-3.el6.noarch.rpm |
RedHat | 6 | noarch | python-django-horizon-doc | < 2012.1.1-3.el6 | python-django-horizon-doc-2012.1.1-3.el6.noarch.rpm |
RedHat | 6 | noarch | python-django-horizon | < 2012.1.1-3.el6 | python-django-horizon-2012.1.1-3.el6.noarch.rpm |