Moderate: Red Hat Security Advisory: python-django security update

An update for python-django is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 Kilo for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

Moderate: Red Hat Security Advisory: python-django security update

An update for python-django is now available for Red Hat OpenStack Platform 9.0 Mitaka. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

python-django: Open redirect and possible XSS attack via user-supplied numeric redirect URLs

A redirect flaw, where the issafeurl function did not correctly sanitize numeric-URL user input, was found in python-django. A remote attacker could exploit this flaw to perform XSS attacks against the OpenStack dashboard...

CVE-2016-4428

Cross-site scripting XSS vulnerability in OpenStack Dashboard Horizon 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form...

Important: Red Hat Security Advisory: python-django-horizon security update

An update for python-django-horizon is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Important: Red Hat Security Advisory: python-django-horizon security, bug fix, and enhancement update

An update for python-django-horizon is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 Kilo for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Important: Red Hat Security Advisory: python-django-horizon security update

An update for python-django-horizon is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

CVE-2016-4428

A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form for example, using an image's description, triggering...

SUSE-SU-2015:2064-1 Security update for openstack-dashboard

This update provides fixes and enhancements for openstack-dashboard, crowbar-barclamp-novadashboard and python-djangoopenstackauth. openstack-dashboard: - Reset flavors for other than 'Boot from Image' source type. bsc945515 - Add deactivated status for glance image. - Fix TemplateSyntaxError at...

Moderate: Red Hat Security Advisory: python-django-horizon security and bug fix update

Updated python-django-horizon packages that fix multiple security issues are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

PYSEC-2015-40

Cross-site scripting XSS vulnerability in the Orchestration/Stack section in OpenStack Dashboard Horizon 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handl...

CVE-2015-3219

Cross-site scripting XSS vulnerability in the Orchestration/Stack section in OpenStack Dashboard Horizon 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handl...

CVE-2015-3988

Multiple cross-site scripting XSS vulnerabilities in OpenStack Dashboard Horizon 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a 1 Glance image, 2 Nova flavor or 3 Host Aggregate...

CVE-2015-3988

Multiple cross-site scripting XSS vulnerabilities in OpenStack Dashboard Horizon 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a 1 Glance image, 2 Nova flavor or 3 Host Aggregate...

CVE-2015-3988

OpenStack Horizon vulnerability CVE-2015-3988 involves multiple XSS flaws in the Horizon dashboard (OpenStack Dashboard), exploitable when metadata is supplied to Glance images, Nova flavors, or Host Aggregates. Affected software is OpenStack Horizon (version 2015.1.0) with remote authentication ...

Moderate: Red Hat Security Advisory: python-django-horizon and python-django-openstack-auth update

Updated python-django-horizon and python-django-openstack-auth packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security...

Important: Red Hat Security Advisory: redhat-access-plugin security update

An updated redhat-access-plugin-openstack package that fixes one security issue is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring...

Red Hat redhat-access-plugin for OpenStack Dashboard Arbitrary File Read Vulnerability

Red Hat redhat-access-plugin for OpenStack Dashboard horizon is a technology preview plugin from Red Hat, Inc. that provides seamless, integrated access to Red Hat's subscription services from the Red Hat OpenStack Management Portal. A security vulnerability exists in the 'log-viewing' function i...

CVE-2015-0271

The log-viewing function in the Red Hat redhat-access-plugin before 6.0.3 for OpenStack Dashboard horizon allows remote attackers to read arbitrary files via a crafted path...

Path traversal

The log-viewing function in the Red Hat redhat-access-plugin before 6.0.3 for OpenStack Dashboard horizon allows remote attackers to read arbitrary files via a crafted path...