Lucene search
RedHatRHSA-2017:1598HistoryJun 28, 2017 - 2:25 p.m.
(RHSA-2017:1598) Low: python-django-horizon security, bug fix, and enhancement update
2017-06-2814:25:34
access.redhat.com
15
0.001 Low
EPSS
Percentile
44.3%
OpenStack Dashboard (horizon) provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources.
The following packages have been upgraded to a later upstream version: python-django-horizon (10.0.3). (BZ#1432289, BZ#1454330)
Security Fix(es):
- A cross-site scripting flaw was discovered in the OpenStack dashboard (horizon) which allowed remote authenticated administrators to conduct XSS attacks using a crafted federation mapping rule. For this flaw to be exploited, federation mapping must be enabled in the dashboard. (CVE-2017-7400)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 7 | noarch | python-django-horizon | < 10.0.3-6.el7ost | python-django-horizon-10.0.3-6.el7ost.noarch.rpm |
| RedHat | 7 | noarch | openstack-dashboard-theme | < 10.0.3-6.el7ost | openstack-dashboard-theme-10.0.3-6.el7ost.noarch.rpm |
| RedHat | 7 | noarch | openstack-dashboard | < 10.0.3-6.el7ost | openstack-dashboard-10.0.3-6.el7ost.noarch.rpm |
Related
cve
cve
CVE-2017-7400
2017-04-03 14:59:00
veracode
veracode
Cross-site Scripting (XSS)
2019-01-15 09:17:57
github
github
OpenStack Horizon Cross-site Scripting (XSS)
2022-05-14 03:53:47
nvd
nvd
CVE-2017-7400
2017-04-03 14:59:00
redhat
redhat
(RHSA-2017:1739) Low: python-django-horizon security and bug fix update
2017-07-12 12:55:37
osv
osv
CVE-2017-7400
2017-04-03 14:59:00
cvelist
cvelist
CVE-2017-7400
2017-04-03 14:00:00
ubuntucve
ubuntucve
CVE-2017-7400
2017-04-03 00:00:00
prion
prion
Design/Logic Flaw
2017-04-03 14:59:00
debiancve
debiancve
CVE-2017-7400
2017-04-03 14:59:00
suse
suse
Security update for several openstack-components (important)
2017-05-30 18:14:20