Lucene search

K
redhatRedHatRHSA-2016:1270
HistoryJun 21, 2016 - 10:19 p.m.

(RHSA-2016:1270) Important: python-django-horizon security update

2016-06-2122:19:30
access.redhat.com
7

0.001 Low

EPSS

Percentile

41.7%

OpenStack Dashboard (Horizon) provides administrators and users with a
graphical interface to access, provision, and automate cloud-based
resources.

Security Fix(es):

  • A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form (for example, using an image’s description), triggering the vulnerability when another user browsed the affected page. As a result, this flaw could result in user accounts being compromised (for example, user-access credentials being stolen). (CVE-2016-4428)

Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Beth Lancaster (Virginia Tech) and Brandon Sawyers (Virginia Tech) as the original reporters.