(RHSA-2014:1335) Moderate: python-django-horizon security and bug fix update
2014-09-30T04:00:00
ID RHSA-2014:1335 Type redhat Reporter RedHat Modified 2018-03-19T16:26:42
Description
OpenStack Dashboard (horizon) provides administrators and users a graphical
interface to access, provision and automate cloud-based resources.
The dashboard allows cloud administrators to get an overall view of the
size and state of the cloud and it provides end-users a self-service portal
to provision their own resources within the limits set by administrators.
A persistent cross-site scripting (XSS) flaw was found in the horizon host
aggregate interface. A user with sufficient privileges to add a host
aggregate could potentially use this flaw to capture the credentials of
another user. (CVE-2014-3594)
Red Hat would like to thank the OpenStack project for reporting this issue.
Upstream acknowledges Dennis Felsch and Mario Heiderich from the Horst
Görtz Institute for IT-Security, Ruhr-University Bochum as the original
reporters.
This update also fixes the following bugs:
Prior to this update, the "Create an Image" page rendering was blocked
during a file upload. This could cause the browser to disconnect after a
certain period of time, especially when uploading large files. With this
update, the upload is handled in a separate thread, and large image uploads
started via the web dashboard are less likely to time out and fail.
(BZ#1089672)
Creating a user using keystoneclient could fail because keystoneclient
attempted to create a role for the new user when setting up the user.
When a role already existed, this operation failed and a new user was not
created. This update fixes this bug, and user creation works as expected.
(BZ#1094494)
All python-django-horizon users are advised to upgrade to these updated
packages, which correct these issues.
{"id": "RHSA-2014:1335", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2014:1335) Moderate: python-django-horizon security and bug fix update", "description": "OpenStack Dashboard (horizon) provides administrators and users a graphical\ninterface to access, provision and automate cloud-based resources.\nThe dashboard allows cloud administrators to get an overall view of the\nsize and state of the cloud and it provides end-users a self-service portal\nto provision their own resources within the limits set by administrators.\n\nA persistent cross-site scripting (XSS) flaw was found in the horizon host\naggregate interface. A user with sufficient privileges to add a host\naggregate could potentially use this flaw to capture the credentials of\nanother user. (CVE-2014-3594)\n\nRed Hat would like to thank the OpenStack project for reporting this issue.\nUpstream acknowledges Dennis Felsch and Mario Heiderich from the Horst\nG\u00f6rtz Institute for IT-Security, Ruhr-University Bochum as the original\nreporters.\n\nThis update also fixes the following bugs:\n\n* Prior to this update, the \"Create an Image\" page rendering was blocked\nduring a file upload. This could cause the browser to disconnect after a\ncertain period of time, especially when uploading large files. With this\nupdate, the upload is handled in a separate thread, and large image uploads\nstarted via the web dashboard are less likely to time out and fail.\n(BZ#1089672)\n\n* Creating a user using keystoneclient could fail because keystoneclient\nattempted to create a role for the new user when setting up the user.\nWhen a role already existed, this operation failed and a new user was not\ncreated. This update fixes this bug, and user creation works as expected.\n(BZ#1094494)\n\nAll python-django-horizon users are advised to upgrade to these updated\npackages, which correct these issues.\n", "published": "2014-09-30T04:00:00", "modified": "2018-03-19T16:26:42", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "href": "https://access.redhat.com/errata/RHSA-2014:1335", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2014-3594"], "lastseen": "2019-08-13T18:45:44", "viewCount": 20, "enchantments": {"score": {"value": 5.6, "vector": "NONE", "modified": "2019-08-13T18:45:44", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-3594"]}, {"type": "nessus", "idList": ["UBUNTU_USN-2323-1.NASL", "SOLARIS11_HORIZON_20140915.NASL", "OPENSUSE-2015-39.NASL"]}, {"type": "redhat", "idList": ["RHSA-2014:1336", "RHSA-2014:1188"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13927", "SECURITYVULNS:DOC:31014"]}, {"type": "ubuntu", "idList": ["USN-2323-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310841943"]}], "modified": "2019-08-13T18:45:44", "rev": 2}, "vulnersScore": 5.6}, "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "python-django-horizon", "packageVersion": "2014.1.2-2.el7ost", "packageFilename": "python-django-horizon-2014.1.2-2.el7ost.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "python-django-horizon-doc", "packageVersion": "2014.1.2-2.el7ost", "packageFilename": "python-django-horizon-doc-2014.1.2-2.el7ost.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "openstack-dashboard-theme", "packageVersion": "2014.1.2-2.el7ost", "packageFilename": "openstack-dashboard-theme-2014.1.2-2.el7ost.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "openstack-dashboard", "packageVersion": "2014.1.2-2.el7ost", "packageFilename": "openstack-dashboard-2014.1.2-2.el7ost.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "python-django-horizon", "packageVersion": "2014.1.2-2.el7ost", "packageFilename": "python-django-horizon-2014.1.2-2.el7ost.src.rpm", "operator": "lt"}]}
{"cve": [{"lastseen": "2020-12-09T19:58:24", "description": "Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via a new host aggregate name.", "edition": 5, "cvss3": {}, "published": "2014-08-22T14:55:00", "title": "CVE-2014-3594", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3594"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/a:openstack:horizon:2014.1.1", "cpe:/a:openstack:horizon:2013.1", "cpe:/a:openstack:horizon:2014.1", "cpe:/o:opensuse:opensuse:13.1", "cpe:/a:openstack:horizon:2013.2.3", "cpe:/a:openstack:horizon:juno-2", "cpe:/a:openstack:horizon:2013.2.2", "cpe:/a:openstack:horizon:2013.2.1", "cpe:/a:openstack:horizon:juno-1", "cpe:/a:openstack:horizon:2013.2"], "id": "CVE-2014-3594", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3594", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:openstack:horizon:2013.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:openstack:horizon:2013.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:openstack:horizon:juno-1:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:a:openstack:horizon:2014.1:*:*:*:*:*:*:*", "cpe:2.3:a:openstack:horizon:2013.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:openstack:horizon:2014.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:openstack:horizon:2013.1:*:*:*:*:*:*:*", "cpe:2.3:a:openstack:horizon:juno-2:*:*:*:*:*:*:*", "cpe:2.3:a:openstack:horizon:2013.2:*:*:*:*:*:*:*"]}], "redhat": [{"lastseen": "2019-08-13T18:45:26", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3594"], "description": "OpenStack Dashboard (horizon) provides administrators and users a graphical\ninterface to access, provision and automate cloud-based resources.\nThe dashboard allows cloud administrators to get an overall view of the\nsize and state of the cloud and it provides end-users a self-service portal\nto provision their own resources within the limits set by administrators.\n\nA persistent cross-site scripting (XSS) flaw was found in the horizon host\naggregate interface. A user with sufficient privileges to add a host\naggregate could potentially use this flaw to capture the credentials of\nanother user. (CVE-2014-3594)\n\nRed Hat would like to thank the OpenStack project for reporting this issue.\nUpstream acknowledges Dennis Felsch and Mario Heiderich from the Horst\nG\u00f6rtz Institute for IT-Security, Ruhr-University Bochum as the original\nreporters.\n\nThis update also fixes the following bugs:\n\n* Prior to this update, the \"Create an Image\" page rendering was blocked\nduring a file upload. This could cause the browser to disconnect after a\ncertain period of time, especially when uploading large files. With this\nupdate, the upload is handled in a separate thread, and large image uploads\nstarted via the web dashboard are less likely to time out and fail.\n(BZ#1089672)\n\n* Creating a user using keystoneclient could fail because keystoneclient\nattempted to create a role for the new user when setting up the user.\nWhen a role already existed, this operation failed and a new user was not\ncreated. This update fixes this bug, and user creation works as expected.\n(BZ#1094494)\n\nAll python-django-horizon users are advised to upgrade to these updated\npackages, which correct these issues.\n", "modified": "2018-06-07T02:47:54", "published": "2014-09-30T04:00:00", "id": "RHSA-2014:1336", "href": "https://access.redhat.com/errata/RHSA-2014:1336", "type": "redhat", "title": "(RHSA-2014:1336) Moderate: python-django-horizon security and bug fix update", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2019-08-13T18:46:03", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3473", "CVE-2014-3474", "CVE-2014-3475", "CVE-2014-3594"], "description": "OpenStack Dashboard (horizon) provides administrators and users with a\ngraphical interface to access, provision, and automate cloud-based\nresources.\n\nA cross-site scripting (XSS) flaw was found in the way orchestration\ntemplates were handled. An owner of such a template could use this flaw to\nperform XSS attacks against other Horizon users. (CVE-2014-3473)\n\nIt was found that network names were not sanitized. A malicious user could\nuse this flaw to perform XSS attacks against other Horizon users by\ncreating a network with a specially crafted name. (CVE-2014-3474)\n\nIt was found that certain email addresses were not sanitized. An\nadministrator could use this flaw to perform XSS attacks against other\nHorizon users by storing an email address that has a specially crafted\nname. (CVE-2014-3475)\n\nA persistent cross-site scripting (XSS) flaw was found in the horizon host\naggregate interface. A user with sufficient privileges to add a host\naggregate could potentially use this flaw to capture the credentials of\nanother user. (CVE-2014-3594)\n\nRed Hat would like to thank the OpenStack project for reporting these\nissues. Upstream acknowledges Jason Hullinger from Hewlett Packard as the\noriginal reporter of CVE-2014-3473, Craig Lorentzen from Cisco as the\noriginal reporter of CVE-2014-3474, Michael Xin from Rackspace as the\noriginal reporter of CVE-2014-3475, and Dennis Felsch and Mario Heiderich\nfrom the Horst G\u00f6rtz Institute for IT-Security, Ruhr-University Bochum as\nthe original reporter of CVE-2014-3594.\n\nAll python-django-horizon users are advised to upgrade to these updated\npackages, which correct these issues.\n", "modified": "2018-06-07T02:47:46", "published": "2014-09-15T04:00:00", "id": "RHSA-2014:1188", "href": "https://access.redhat.com/errata/RHSA-2014:1188", "type": "redhat", "title": "(RHSA-2014:1188) Moderate: python-django-horizon security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2021-01-17T14:00:59", "description": "The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - Cross-site scripting (XSS) vulnerability in the Host\n Aggregates interface in OpenStack Dashboard (Horizon)\n before 2013.2.4, 2014.1 before 2014.1.2, and Juno before\n Juno-3 allows remote administrators to inject arbitrary\n web script or HTML via a new host aggregate name.\n (CVE-2014-3594)", "edition": 24, "published": "2015-01-19T00:00:00", "title": "Oracle Solaris Third-Party Patch Update : horizon (cve_2014_3594_cross_site)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3594"], "modified": "2015-01-19T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:horizon", "cpe:/o:oracle:solaris:11.2"], "id": "SOLARIS11_HORIZON_20140915.NASL", "href": "https://www.tenable.com/plugins/nessus/80638", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80638);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-3594\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : horizon (cve_2014_3594_cross_site)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - Cross-site scripting (XSS) vulnerability in the Host\n Aggregates interface in OpenStack Dashboard (Horizon)\n before 2013.2.4, 2014.1 before 2014.1.2, and Juno before\n Juno-3 allows remote administrators to inject arbitrary\n web script or HTML via a new host aggregate name.\n (CVE-2014-3594)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blogs.oracle.com/sunsecurity/cve-2014-3594-cross-site-scripting-xss-vulnerability-vulnerability-in-openstack-horizon\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.2.2.5.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:horizon\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^horizon$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"horizon\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.2.2.0.5.0\", sru:\"SRU 11.2.2.5.0\") > 0) flag++;\n\nif (flag)\n{\n set_kb_item(name:'www/0/XSS', value:TRUE);\n error_extra = 'Affected package : horizon\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_note(port:0, extra:error_extra);\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"horizon\");\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2021-01-20T15:27:42", "description": "Jason Hullinger discovered that OpenStack Horizon did not properly\nperform input sanitization on Heat templates. If a user were tricked\ninto using a specially crafted Heat template, an attacker could\nconduct cross-site scripting attacks. With cross-site scripting\nvulnerabilities, if a user were tricked into viewing server output\nduring a crafted server request, a remote attacker could exploit this\nto modify the contents, or steal confidential data, within the same\ndomain. (CVE-2014-3473)\n\nCraig Lorentzen discovered that OpenStack Horizon did not properly\nperform input sanitization when creating networks. If a user were\ntricked into launching an image using the crafted network name, an\nattacker could conduct cross-site scripting attacks. (CVE-2014-3474)\n\nMichael Xin discovered that OpenStack Horizon did not properly perform\ninput sanitization when adding users. If an admin user were tricked\ninto viewing the users page containing a crafted email address, an\nattacker could conduct cross-site scripting attacks. (CVE-2014-3475)\n\nDennis Felsch and Mario Heiderich discovered that OpenStack Horizon\ndid not properly perform input sanitization when creating host\naggregates. If an admin user were tricked into viewing the Host\nAggregates page containing a crafted availability zone name, an\nattacker could conduct cross-site scripting attacks. (CVE-2014-3594).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 21, "published": "2014-08-22T00:00:00", "title": "Ubuntu 14.04 LTS : horizon vulnerabilities (USN-2323-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3473", "CVE-2014-3475", "CVE-2014-3594", "CVE-2014-3474"], "modified": "2014-08-22T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:openstack-dashboard", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2323-1.NASL", "href": "https://www.tenable.com/plugins/nessus/77323", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2323-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77323);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-3473\", \"CVE-2014-3474\", \"CVE-2014-3475\", \"CVE-2014-3594\");\n script_xref(name:\"USN\", value:\"2323-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : horizon vulnerabilities (USN-2323-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jason Hullinger discovered that OpenStack Horizon did not properly\nperform input sanitization on Heat templates. If a user were tricked\ninto using a specially crafted Heat template, an attacker could\nconduct cross-site scripting attacks. With cross-site scripting\nvulnerabilities, if a user were tricked into viewing server output\nduring a crafted server request, a remote attacker could exploit this\nto modify the contents, or steal confidential data, within the same\ndomain. (CVE-2014-3473)\n\nCraig Lorentzen discovered that OpenStack Horizon did not properly\nperform input sanitization when creating networks. If a user were\ntricked into launching an image using the crafted network name, an\nattacker could conduct cross-site scripting attacks. (CVE-2014-3474)\n\nMichael Xin discovered that OpenStack Horizon did not properly perform\ninput sanitization when adding users. If an admin user were tricked\ninto viewing the users page containing a crafted email address, an\nattacker could conduct cross-site scripting attacks. (CVE-2014-3475)\n\nDennis Felsch and Mario Heiderich discovered that OpenStack Horizon\ndid not properly perform input sanitization when creating host\naggregates. If an admin user were tricked into viewing the Host\nAggregates page containing a crafted availability zone name, an\nattacker could conduct cross-site scripting attacks. (CVE-2014-3594).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2323-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openstack-dashboard package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openstack-dashboard\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"openstack-dashboard\", pkgver:\"1:2014.1.2-0ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openstack-dashboard\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-20T12:28:34", "description": "OpenStack Dashboard was updated to fix bugs and security issues.\n\nFull changes :\n\n - Update to version horizon-2013.2.5.dev2.g9ee7273 :\n\n - fix Horizon login page DOS attack (bnc#908199,\n CVE-2014-8124)\n\n - update version to 2013.2.5\n\n - Updated from global requirements\n\n - Pin docutils to 0.9.1\n\n - Set python hash seed to 0 in tox.ini\n\n - Check host is not none in each availability zone\n\n - Fix XSS issue with the unordered_list filter\n (bnc#891815, CVE-2014-3594)\n\n + 0001-Use-default_project_id-for-v3-users.patch\n (manually)\n\n - Replace UserManager with None in tests\n\n - Update test-requirements to fix sphinx build_doc\n\n - Fix multiple Cross-Site Scripting (XSS) vulnerabilities\n (bnc#885588, CVE-2014-3473, CVE-2014-3474,\n CVE-2014-3475)\n\n - Fix issues with importing the Login form\n\n Bug 869696 - Admin password injection on Horizon\n Dashboard is broken.\n\n - Update to version horizon-2013.2.4.dev8.g07c097f :\n\n - Bug fix on neutron's API to return the correct target ID\n\n - Fix display of images in Rebuild Instance\n\n - Get instance networking information from Neutron\n\n - Bump stable/havana next version to 2013.2.4\n\n - Do not release FIP on disassociate action\n\n - Introduces escaping in Horizon/Orchestration 2013.2.3\n (bnc#871855, CVE-2014-0157)\n\n - Update to version horizon-2013.2.3.dev8.g3d04c3c :\n\n - Reduce number of novaclient calls\n\n - Don't copy the flavorid when updating flavors\n\n - Allow snapshots of paused and suspended instances\n\n - Fixing tests to work with keystoneclient 0.6.0\n\n - Bump stable/havana next version to 2013.2.3\n\n + Use upstream URL as source (enables verification)\n\n + Import translations for Havana 2013.2.2 udpate\n\n - Update to version 2013.2.2.dev29.g96bd650 :\n\n + Update Transifex resource name for havana\n\n + Fix inappropriate logouts on load-balanced Horizon\n\n - Update to version 2013.2.2.dev25.g6508afd :\n\n + disable volume creation, when cinder is disabled\n\n + Bad workflow-steps check: has_required_fields\n\n + Specify tenant_id when retrieving LBaaS/VPNaaS resource\n\n - Update to version 2013.2.2.dev19.g7a8eadc :\n\n + Give HealthMonitor a proper display name\n\n - Update to version 2013.2.2.dev17.gaa55b24 :\n\n + Common keystone version fallback\n\n - Move settings.py (default settings) to branding-upstream\n subpackage: a branding package might want to change some\n default settings.\n\n - add 0001-Common-keystone-version-fallback.patch,\n 0001-Use-default_project_id-for-v3-users.patch\n\n - Update to version 2013.2.2.dev15.g2b6dfa7 :\n\n + fix help text in 'Create An image' window\n\n + Change how scrollShift is calculated\n\n + unify keypair name handling\n\n - Add\n 0001-Give-no-background-color-to-the-pie-charts.patch:\n do not give a background color to pie charts.\n\n - Update to version 2013.2.2.dev9.gc6d38a1 :\n\n + Wrong marker sent to keystone\n\n - Update to version 2013.2.2.dev7.g2e11482 :\n\n + Adding management_url to test mock client\n\n - add\n 0001-Bad-workflow-steps-check-has_required_fields.patch \n\n - Make python-horizon require the 2013.2 version of\n python-horizon-branding (and not the 2013.2.xyz\n version). This makes it easier to create non-upstream\n branding; we already do this for the other branding\n subpackage.\n\n - Update to version 2013.2.2.dev6.g2c1f1f3 :\n\n + Add check for BlockDeviceMappingV2 nova extension\n\n + Gracefully handle Users with no email attribute\n\n + Import install_venv from oslo\n\n + Bump stable/havana next version to 2013.2.2\n\n - Update to version 2013.2.1.dev41.g9668e80 :\n\n + Updated from global requirements\n\n - put everything under /srv/www/openstack-dashboard \n\n - Update to version 2013.2.1.dev40.g852e5c8 :\n\n + Import translations for Havana 2013.2.1 udpate\n\n + Deleting statistics tables from resource usage page\n\n + Allow 'Working' in spinner to be translatable\n\n + lbaas/horizon - adds tcp protocol choice when create lb\n\n + Fix a bug some optional field in LBaaS are mandatory\n\n + Fix bug so that escaped html is not shown in volume\n detach dialog\n\n + Role name should not be translated in Domain Groups\n dialog\n\n + Fix incomplete translation of 'Update members' widget\n\n + Fix translatable string for 'Injected File Path Bytes'\n\n + Add extra extension file to makemessage command line\n\n + Add contextual markers to BatchAction messages\n\n + Logging user out after self password change\n\n + Add logging configuration for iso8601 module\n\n + Ensure all compute meters are listed in dropdown\n\n + Fix bug by escaping strings from Nova before displaying\n them (bnc#852175, CVE-2013-6858)\n\n - add/use generic openstack-branding provides \n\n - Update to version 2013.2.1.dev9.g842ba5f :\n\n + Fix default port of MS SQL in security group template\n\n + Provide missing hover hints for instance:<type> meters\n\n + translate text: 'subnet'/'subnet details'\n\n + Change 'Tenant' to 'Project'\n\n + Avoid discarding precision of metering data\n\n - Use Django's signed_cookies session backend like\n upstream and drop the usage of cache_db\n\n - No need to set SECRET_KEY anymore, upstream learned it\n too\n\npython-django_openstack_auth was updated to 1.1.3 :\n\n - Various i18n fixes\n\n - Revoke tokens when logging out or changing the tenant\n\n - Run tests locally, therefore merge test package back\n into main\n\n - Properly build HTML documentation and install it\n\n - Add pt_BR locale\n\n - Updated (build) requirements\n\n - Add django_openstack_auth-hacking-requires.patch:\n hacking dep is nonsense\n\n - include tests runner \n\n - add -test subpackage", "edition": 19, "published": "2015-01-20T00:00:00", "title": "openSUSE Security Update : openstack-dashboard (openSUSE-SU-2015:0078-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3473", "CVE-2014-3475", "CVE-2014-0157", "CVE-2014-8124", "CVE-2014-3594", "CVE-2013-6858", "CVE-2014-3474"], "modified": "2015-01-20T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:openstack-dashboard", "p-cpe:/a:novell:opensuse:openstack-dashboard-test", "p-cpe:/a:novell:opensuse:openstack-dashboard-branding-upstream", "p-cpe:/a:novell:opensuse:python-horizon", "cpe:/o:novell:opensuse:13.1", "p-cpe:/a:novell:opensuse:python-django_openstack_auth", "p-cpe:/a:novell:opensuse:python-horizon-branding-upstream"], "id": "OPENSUSE-2015-39.NASL", "href": "https://www.tenable.com/plugins/nessus/80842", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-39.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80842);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-6858\", \"CVE-2014-0157\", \"CVE-2014-3473\", \"CVE-2014-3474\", \"CVE-2014-3475\", \"CVE-2014-3594\", \"CVE-2014-8124\");\n\n script_name(english:\"openSUSE Security Update : openstack-dashboard (openSUSE-SU-2015:0078-1)\");\n script_summary(english:\"Check for the openSUSE-2015-39 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenStack Dashboard was updated to fix bugs and security issues.\n\nFull changes :\n\n - Update to version horizon-2013.2.5.dev2.g9ee7273 :\n\n - fix Horizon login page DOS attack (bnc#908199,\n CVE-2014-8124)\n\n - update version to 2013.2.5\n\n - Updated from global requirements\n\n - Pin docutils to 0.9.1\n\n - Set python hash seed to 0 in tox.ini\n\n - Check host is not none in each availability zone\n\n - Fix XSS issue with the unordered_list filter\n (bnc#891815, CVE-2014-3594)\n\n + 0001-Use-default_project_id-for-v3-users.patch\n (manually)\n\n - Replace UserManager with None in tests\n\n - Update test-requirements to fix sphinx build_doc\n\n - Fix multiple Cross-Site Scripting (XSS) vulnerabilities\n (bnc#885588, CVE-2014-3473, CVE-2014-3474,\n CVE-2014-3475)\n\n - Fix issues with importing the Login form\n\n Bug 869696 - Admin password injection on Horizon\n Dashboard is broken.\n\n - Update to version horizon-2013.2.4.dev8.g07c097f :\n\n - Bug fix on neutron's API to return the correct target ID\n\n - Fix display of images in Rebuild Instance\n\n - Get instance networking information from Neutron\n\n - Bump stable/havana next version to 2013.2.4\n\n - Do not release FIP on disassociate action\n\n - Introduces escaping in Horizon/Orchestration 2013.2.3\n (bnc#871855, CVE-2014-0157)\n\n - Update to version horizon-2013.2.3.dev8.g3d04c3c :\n\n - Reduce number of novaclient calls\n\n - Don't copy the flavorid when updating flavors\n\n - Allow snapshots of paused and suspended instances\n\n - Fixing tests to work with keystoneclient 0.6.0\n\n - Bump stable/havana next version to 2013.2.3\n\n + Use upstream URL as source (enables verification)\n\n + Import translations for Havana 2013.2.2 udpate\n\n - Update to version 2013.2.2.dev29.g96bd650 :\n\n + Update Transifex resource name for havana\n\n + Fix inappropriate logouts on load-balanced Horizon\n\n - Update to version 2013.2.2.dev25.g6508afd :\n\n + disable volume creation, when cinder is disabled\n\n + Bad workflow-steps check: has_required_fields\n\n + Specify tenant_id when retrieving LBaaS/VPNaaS resource\n\n - Update to version 2013.2.2.dev19.g7a8eadc :\n\n + Give HealthMonitor a proper display name\n\n - Update to version 2013.2.2.dev17.gaa55b24 :\n\n + Common keystone version fallback\n\n - Move settings.py (default settings) to branding-upstream\n subpackage: a branding package might want to change some\n default settings.\n\n - add 0001-Common-keystone-version-fallback.patch,\n 0001-Use-default_project_id-for-v3-users.patch\n\n - Update to version 2013.2.2.dev15.g2b6dfa7 :\n\n + fix help text in 'Create An image' window\n\n + Change how scrollShift is calculated\n\n + unify keypair name handling\n\n - Add\n 0001-Give-no-background-color-to-the-pie-charts.patch:\n do not give a background color to pie charts.\n\n - Update to version 2013.2.2.dev9.gc6d38a1 :\n\n + Wrong marker sent to keystone\n\n - Update to version 2013.2.2.dev7.g2e11482 :\n\n + Adding management_url to test mock client\n\n - add\n 0001-Bad-workflow-steps-check-has_required_fields.patch \n\n - Make python-horizon require the 2013.2 version of\n python-horizon-branding (and not the 2013.2.xyz\n version). This makes it easier to create non-upstream\n branding; we already do this for the other branding\n subpackage.\n\n - Update to version 2013.2.2.dev6.g2c1f1f3 :\n\n + Add check for BlockDeviceMappingV2 nova extension\n\n + Gracefully handle Users with no email attribute\n\n + Import install_venv from oslo\n\n + Bump stable/havana next version to 2013.2.2\n\n - Update to version 2013.2.1.dev41.g9668e80 :\n\n + Updated from global requirements\n\n - put everything under /srv/www/openstack-dashboard \n\n - Update to version 2013.2.1.dev40.g852e5c8 :\n\n + Import translations for Havana 2013.2.1 udpate\n\n + Deleting statistics tables from resource usage page\n\n + Allow 'Working' in spinner to be translatable\n\n + lbaas/horizon - adds tcp protocol choice when create lb\n\n + Fix a bug some optional field in LBaaS are mandatory\n\n + Fix bug so that escaped html is not shown in volume\n detach dialog\n\n + Role name should not be translated in Domain Groups\n dialog\n\n + Fix incomplete translation of 'Update members' widget\n\n + Fix translatable string for 'Injected File Path Bytes'\n\n + Add extra extension file to makemessage command line\n\n + Add contextual markers to BatchAction messages\n\n + Logging user out after self password change\n\n + Add logging configuration for iso8601 module\n\n + Ensure all compute meters are listed in dropdown\n\n + Fix bug by escaping strings from Nova before displaying\n them (bnc#852175, CVE-2013-6858)\n\n - add/use generic openstack-branding provides \n\n - Update to version 2013.2.1.dev9.g842ba5f :\n\n + Fix default port of MS SQL in security group template\n\n + Provide missing hover hints for instance:<type> meters\n\n + translate text: 'subnet'/'subnet details'\n\n + Change 'Tenant' to 'Project'\n\n + Avoid discarding precision of metering data\n\n - Use Django's signed_cookies session backend like\n upstream and drop the usage of cache_db\n\n - No need to set SECRET_KEY anymore, upstream learned it\n too\n\npython-django_openstack_auth was updated to 1.1.3 :\n\n - Various i18n fixes\n\n - Revoke tokens when logging out or changing the tenant\n\n - Run tests locally, therefore merge test package back\n into main\n\n - Properly build HTML documentation and install it\n\n - Add pt_BR locale\n\n - Updated (build) requirements\n\n - Add django_openstack_auth-hacking-requires.patch:\n hacking dep is nonsense\n\n - include tests runner \n\n - add -test subpackage\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=852175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=869696\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=871855\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=885588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=891815\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=908199\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openstack-dashboard packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openstack-dashboard\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openstack-dashboard-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openstack-dashboard-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-django_openstack_auth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-horizon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-horizon-branding-upstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openstack-dashboard-2013.2.5.dev2.g9ee7273-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openstack-dashboard-branding-upstream-2013.2.5.dev2.g9ee7273-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openstack-dashboard-test-2013.2.5.dev2.g9ee7273-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-django_openstack_auth-1.1.3-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-horizon-2013.2.5.dev2.g9ee7273-4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-horizon-branding-upstream-2013.2.5.dev2.g9ee7273-4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openstack-dashboard / openstack-dashboard-branding-upstream / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:53", "bulletinFamily": "software", "cvelist": ["CVE-2014-3473", "CVE-2014-3475", "CVE-2014-3594", "CVE-2014-3474"], "description": "\r\n\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2323-1\r\nAugust 21, 2014\r\n\r\nhorizon vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 14.04 LTS\r\n\r\nSummary:\r\n\r\nSeveral security issues were fixed in OpenStack Horizon.\r\n\r\nSoftware Description:\r\n- horizon: Web interface for OpenStack cloud infrastructure\r\n\r\nDetails:\r\n\r\nJason Hullinger discovered that OpenStack Horizon did not properly perform\r\ninput sanitization on Heat templates. If a user were tricked into using a\r\nspecially crafted Heat template, an attacker could conduct cross-site\r\nscripting attacks. With cross-site scripting vulnerabilities, if a user\r\nwere tricked into viewing server output during a crafted server request, a\r\nremote attacker could exploit this to modify the contents, or steal\r\nconfidential data, within the same domain. (CVE-2014-3473)\r\n\r\nCraig Lorentzen discovered that OpenStack Horizon did not properly perform\r\ninput sanitization when creating networks. If a user were tricked into\r\nlaunching an image using the crafted network name, an attacker could\r\nconduct cross-site scripting attacks. (CVE-2014-3474)\r\n\r\nMichael Xin discovered that OpenStack Horizon did not properly perform\r\ninput sanitization when adding users. If an admin user were tricked into\r\nviewing the users page containing a crafted email address, an attacker\r\ncould conduct cross-site scripting attacks. (CVE-2014-3475)\r\n\r\nDennis Felsch and Mario Heiderich discovered that OpenStack Horizon did not\r\nproperly perform input sanitization when creating host aggregates. If an\r\nadmin user were tricked into viewing the Host Aggregates page containing a\r\ncrafted availability zone name, an attacker could conduct cross-site\r\nscripting attacks. (CVE-2014-3594)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 14.04 LTS:\r\n openstack-dashboard 1:2014.1.2-0ubuntu1.1\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2323-1\r\n CVE-2014-3473, CVE-2014-3474, CVE-2014-3475, CVE-2014-3594\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/horizon/1:2014.1.2-0ubuntu1.1\r\n\r\n\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "modified": "2014-08-24T00:00:00", "published": "2014-08-24T00:00:00", "id": "SECURITYVULNS:DOC:31014", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31014", "title": "[USN-2323-1] OpenStack Horizon vulnerabilities", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:56", "bulletinFamily": "software", "cvelist": ["CVE-2014-3473", "CVE-2014-3475", "CVE-2014-3476", "CVE-2014-3555", "CVE-2014-4615", "CVE-2014-3517", "CVE-2013-6433", "CVE-2014-3497", "CVE-2014-3594", "CVE-2014-5356", "CVE-2014-3474", "CVE-2014-0187"], "description": "Ceilometer information leakage, Neutron information leakage and DoS, Glance DoS, Horizon crossite scripting, Keystone restrictions bypass and privilege escalation, Nova timing attacks.", "edition": 1, "modified": "2014-08-24T00:00:00", "published": "2014-08-24T00:00:00", "id": "SECURITYVULNS:VULN:13927", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13927", "title": "OpenStack multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2019-05-29T18:37:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-3473", "CVE-2014-3475", "CVE-2014-3594", "CVE-2014-3474"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2014-08-22T00:00:00", "id": "OPENVAS:1361412562310841943", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841943", "type": "openvas", "title": "Ubuntu Update for horizon USN-2323-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2323_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for horizon USN-2323-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841943\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-22 05:57:29 +0200 (Fri, 22 Aug 2014)\");\n script_cve_id(\"CVE-2014-3473\", \"CVE-2014-3474\", \"CVE-2014-3475\", \"CVE-2014-3594\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Ubuntu Update for horizon USN-2323-1\");\n\n script_tag(name:\"affected\", value:\"horizon on Ubuntu 14.04 LTS\");\n script_tag(name:\"insight\", value:\"Jason Hullinger discovered that OpenStack Horizon did not\nproperly perform input sanitization on Heat templates. If a user were tricked\ninto using a specially crafted Heat template, an attacker could conduct\ncross-site scripting attacks. With cross-site scripting vulnerabilities, if a\nuser were tricked into viewing server output during a crafted server request, a\nremote attacker could exploit this to modify the contents, or steal\nconfidential data, within the same domain. (CVE-2014-3473)\n\nCraig Lorentzen discovered that OpenStack Horizon did not properly perform\ninput sanitization when creating networks. If a user were tricked into\nlaunching an image using the crafted network name, an attacker could\nconduct cross-site scripting attacks. (CVE-2014-3474)\n\nMichael Xin discovered that OpenStack Horizon did not properly perform\ninput sanitization when adding users. If an admin user were tricked into\nviewing the users page containing a crafted email address, an attacker\ncould conduct cross-site scripting attacks. (CVE-2014-3475)\n\nDennis Felsch and Mario Heiderich discovered that OpenStack Horizon did not\nproperly perform input sanitization when creating host aggregates. If an\nadmin user were tricked into viewing the Host Aggregates page containing a\ncrafted availability zone name, an attacker could conduct cross-site\nscripting attacks. (CVE-2014-3594)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2323-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2323-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'horizon'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"openstack-dashboard\", ver:\"1:2014.1.2-0ubuntu1.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "ubuntu": [{"lastseen": "2020-07-02T11:38:30", "bulletinFamily": "unix", "cvelist": ["CVE-2014-3473", "CVE-2014-3475", "CVE-2014-3594", "CVE-2014-3474"], "description": "Jason Hullinger discovered that OpenStack Horizon did not properly perform \ninput sanitization on Heat templates. If a user were tricked into using a \nspecially crafted Heat template, an attacker could conduct cross-site \nscripting attacks. With cross-site scripting vulnerabilities, if a user \nwere tricked into viewing server output during a crafted server request, a \nremote attacker could exploit this to modify the contents, or steal \nconfidential data, within the same domain. (CVE-2014-3473)\n\nCraig Lorentzen discovered that OpenStack Horizon did not properly perform \ninput sanitization when creating networks. If a user were tricked into \nlaunching an image using the crafted network name, an attacker could \nconduct cross-site scripting attacks. (CVE-2014-3474)\n\nMichael Xin discovered that OpenStack Horizon did not properly perform \ninput sanitization when adding users. If an admin user were tricked into \nviewing the users page containing a crafted email address, an attacker \ncould conduct cross-site scripting attacks. (CVE-2014-3475)\n\nDennis Felsch and Mario Heiderich discovered that OpenStack Horizon did not \nproperly perform input sanitization when creating host aggregates. If an \nadmin user were tricked into viewing the Host Aggregates page containing a \ncrafted availability zone name, an attacker could conduct cross-site \nscripting attacks. (CVE-2014-3594)", "edition": 5, "modified": "2014-08-21T00:00:00", "published": "2014-08-21T00:00:00", "id": "USN-2323-1", "href": "https://ubuntu.com/security/notices/USN-2323-1", "title": "OpenStack Horizon vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}
