3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
47.2%
OpenStack Dashboard (horizon) provides administrators and users a graphical
interface to access, provision and automate cloud-based resources.
The dashboard allows cloud administrators to get an overall view of the
size and state of the cloud and it provides end-users a self-service portal
to provision their own resources within the limits set by administrators.
A persistent cross-site scripting (XSS) flaw was found in the horizon host
aggregate interface. A user with sufficient privileges to add a host
aggregate could potentially use this flaw to capture the credentials of
another user. (CVE-2014-3594)
Red Hat would like to thank the OpenStack project for reporting this issue.
Upstream acknowledges Dennis Felsch and Mario Heiderich from the Horst
GΓΆrtz Institute for IT-Security, Ruhr-University Bochum as the original
reporters.
This update also fixes the following bugs:
Prior to this update, the βCreate an Imageβ page rendering was blocked
during a file upload. This could cause the browser to disconnect after a
certain period of time, especially when uploading large files. With this
update, the upload is handled in a separate thread, and large image uploads
started via the web dashboard are less likely to time out and fail.
(BZ#1089672)
Creating a user using keystoneclient could fail because keystoneclient
attempted to create a role for the new user when setting up the user.
When a role already existed, this operation failed and a new user was not
created. This update fixes this bug, and user creation works as expected.
(BZ#1094494)
All python-django-horizon users are advised to upgrade to these updated
packages, which correct these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | noarch | openstack-dashboard | <Β 2014.1.2-2.el7ost | openstack-dashboard-2014.1.2-2.el7ost.noarch.rpm |
RedHat | 7 | noarch | python-django-horizon-doc | <Β 2014.1.2-2.el7ost | python-django-horizon-doc-2014.1.2-2.el7ost.noarch.rpm |
RedHat | 7 | noarch | openstack-dashboard-theme | <Β 2014.1.2-2.el7ost | openstack-dashboard-theme-2014.1.2-2.el7ost.noarch.rpm |
RedHat | 7 | noarch | python-django-horizon | <Β 2014.1.2-2.el7ost | python-django-horizon-2014.1.2-2.el7ost.noarch.rpm |
RedHat | 7 | src | python-django-horizon | <Β 2014.1.2-2.el7ost | python-django-horizon-2014.1.2-2.el7ost.src.rpm |