(RHSA-2022:8856) Low: Red Hat OpenStack Platform 16.2.4 (python-django-horizon) security update

2022-12-0719:00:51

access.redhat.com

low severity

red hat openstack platform

python-django-horizon

security update

horizon

django application

openstack ui

site administrator

end user

cve-2022-1655

cvss score

references section

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

31.3%

JSON

Horizon is a Django application for providing Openstack UI components. It
allows performing site administrator (viewing account resource usage,
configuring users, accounts, quotas, flavors, etc.) and end user operations
(start/stop/delete instances, create/restore snapshots, view instance VNC
console, etc.)

Security Fix(es):

Horizon session cookies are not flagged HttpOnly (CVE-2022-1655)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8noarchopenstack-dashboard< 16.2.3-2.20220926144724.d3d3d18.el8ostopenstack-dashboard-16.2.3-2.20220926144724.d3d3d18.el8ost.noarch.rpm
RedHat8noarchpython3-django-horizon< 16.2.3-2.20220926144724.d3d3d18.el8ostpython3-django-horizon-16.2.3-2.20220926144724.d3d3d18.el8ost.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	noarch	openstack-dashboard	< 16.2.3-2.20220926144724.d3d3d18.el8ost	openstack-dashboard-16.2.3-2.20220926144724.d3d3d18.el8ost.noarch.rpm
RedHat	8	noarch	python3-django-horizon	< 16.2.3-2.20220926144724.d3d3d18.el8ost	python3-django-horizon-16.2.3-2.20220926144724.d3d3d18.el8ost.noarch.rpm