4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
48.8%
OpenStack Dashboard (horizon) provides administrators and users with a
graphical interface to access, provision, and automate cloud-based
resources.
A cross-site scripting (XSS) flaw was found in the way orchestration
templates were handled. An owner of such a template could use this flaw to
perform XSS attacks against other Horizon users. (CVE-2014-3473)
It was found that network names were not sanitized. A malicious user could
use this flaw to perform XSS attacks against other Horizon users by
creating a network with a specially crafted name. (CVE-2014-3474)
It was found that certain email addresses were not sanitized. An
administrator could use this flaw to perform XSS attacks against other
Horizon users by storing an email address that has a specially crafted
name. (CVE-2014-3475)
A persistent cross-site scripting (XSS) flaw was found in the horizon host
aggregate interface. A user with sufficient privileges to add a host
aggregate could potentially use this flaw to capture the credentials of
another user. (CVE-2014-3594)
Red Hat would like to thank the OpenStack project for reporting these
issues. Upstream acknowledges Jason Hullinger from Hewlett Packard as the
original reporter of CVE-2014-3473, Craig Lorentzen from Cisco as the
original reporter of CVE-2014-3474, Michael Xin from Rackspace as the
original reporter of CVE-2014-3475, and Dennis Felsch and Mario Heiderich
from the Horst GΓΆrtz Institute for IT-Security, Ruhr-University Bochum as
the original reporter of CVE-2014-3594.
All python-django-horizon users are advised to upgrade to these updated
packages, which correct these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | src | python-django-horizon | <Β 2013.2.3-3.el6ost | python-django-horizon-2013.2.3-3.el6ost.src.rpm |
RedHat | 6 | noarch | python-django-horizon-doc | <Β 2013.2.3-3.el6ost | python-django-horizon-doc-2013.2.3-3.el6ost.noarch.rpm |
RedHat | 6 | noarch | python-django-horizon | <Β 2013.2.3-3.el6ost | python-django-horizon-2013.2.3-3.el6ost.noarch.rpm |
RedHat | 6 | noarch | openstack-dashboard | <Β 2013.2.3-3.el6ost | openstack-dashboard-2013.2.3-3.el6ost.noarch.rpm |
RedHat | 6 | noarch | openstack-dashboard-theme | <Β 2013.2.3-3.el6ost | openstack-dashboard-theme-2013.2.3-3.el6ost.noarch.rpm |