4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
58.7%
OpenStack Dashboard (horizon) provides administrators and users a graphical
interface to access, provision and automate cloud-based resources.
The dashboard allows cloud administrators to get an overall view of the
size and state of the cloud and it provides end-users a self-service portal
to provision their own resources within the limits set by administrators.
A flaw was discovered in OpenStack Dashboard that could allow a remote
attacker to conduct cross-site scripting (XSS) attacks if they were able to
trick a horizon user into using a malicious heat template. Note that only
setups exposing the orchestration dashboard in OpenStack Dashboard were
affected. (CVE-2014-0157)
Red Hat would like to thank the OpenStack project for reporting this issue.
Upstream acknowledges Cristian Fiorentino from Intel as the original
reporter.
All python-django-horizon users are advised to upgrade to these updated
packages, which correct this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | noarch | openstack-dashboard-theme | <ย 2013.2.3-1.el6ost | openstack-dashboard-theme-2013.2.3-1.el6ost.noarch.rpm |
RedHat | 6 | noarch | python-django-horizon-doc | <ย 2013.2.3-1.el6ost | python-django-horizon-doc-2013.2.3-1.el6ost.noarch.rpm |
RedHat | 6 | noarch | python-django-horizon | <ย 2013.2.3-1.el6ost | python-django-horizon-2013.2.3-1.el6ost.noarch.rpm |
RedHat | 6 | src | python-django-horizon | <ย 2013.2.3-1.el6ost | python-django-horizon-2013.2.3-1.el6ost.src.rpm |
RedHat | 6 | noarch | openstack-dashboard | <ย 2013.2.3-1.el6ost | openstack-dashboard-2013.2.3-1.el6ost.noarch.rpm |