PYSEC-2020-45

An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provid...

CVE-2020-29565

An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provid...

UBUNTU-CVE-2020-29565

An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provid...

CVE-2020-29565

An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provid...

CVE-2020-29565

An OpenStack Horizon vulnerability (CVE-2020-29565) arises from insufficient validation of the next URL parameter, allowing an attacker to trigger an automatic redirect to a malicious URL. Affected Horizon branches include pre-15.3.2, 16.x pre-16.2.1, 17.x and 18.x pre-18.3.3, as well as 18.4.x a...

CVE-2020-29565

An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provid...

OpenStack Horizon Input Validation Error Vulnerability

OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration NASA in collaboration with Rackspace in the United States. A security vulnerability exists in OpenStack Horizon versions 15.3.2,16 before, which stems from a lack of validation of the...

Lxml Cross-Site Scripting Vulnerability

Lxml is a software from the individual developer of Lxml that interacts with Python to locate elements in Html. Lxml suffers from a cross-site scripting vulnerability that arises from javascript escaping via a combination of noscript and style. The following products and versions are affected:...

Selected Red Hat Products Security Vulnerabilities

Red Hat Ceph Storage is a scalable, open software-defined storage platform. Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform. Container Platform is an application platform that enables organizations to develop, deploy and manage existing container-based applications acro...

PT-2020-6428 · Openstack +3 · Openstack Neutron +3

Name of the Vulnerable Software and Affected Versions: openstack-neutron versions prior to 15.3.3 openstack-neutron versions prior to 16.3.1 openstack-neutron versions prior to 17.1.1 Description: A flaw was found in openstack-neutron's default Open vSwitch firewall rules, related to insufficient...

Improper Use Of Flawed Policy

openstack-selinux is using flawed policy. policy flaw allows dbus messaging...

RHEL 7 : openstack-cinder (RHSA-2020:4391)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4391 advisory. OpenStack Block Storage cinder manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical...

RHEL 8 : openstack-cinder (RHSA-2020:4283)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4283 advisory. OpenStack Block Storage cinder manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical...

openstack-cinder: Improper handling of ScaleIO backend credentials

An insecure-credentials flaw was found in openstack-cinder. When using openstack-cinder with the Dell EMC ScaleIO or VxFlex OS backend storage driver, credentials for the entire backend are exposed in the connectioninfo element in all Block Storage v3 Attachments API calls containing that element...

Moderate: Red Hat Security Advisory: openstack-cinder security update

An update for OpenStack Block Storage cinder is now available for Red Hat OpenStack Platform 13 Queens. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

Moderate: Red Hat Security Advisory: openstack-selinux security update

An update for openstack-selinux is now available for Red Hat OpenStack Platform 16.1 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

openstack-selinux: policy flaw allows dbus messaging

An improper authorization flaw was discovered in openstack-selinux's applied policy where it does not prevent a non-root user in a container from privilege escalation. A non-root attacker in one or more Red Hat OpenStack RHOSP containers could send messages to the dbus. With access to the dbus, t...

openstack-cinder: Improper handling of ScaleIO backend credentials

An insecure-credentials flaw was found in openstack-cinder. When using openstack-cinder with the Dell EMC ScaleIO or VxFlex OS backend storage driver, credentials for the entire backend are exposed in the connectioninfo element in all Block Storage v3 Attachments API calls containing that element...

Moderate: Red Hat Security Advisory: openstack-cinder security update

An update for openstack-cinder is now available for Red Hat OpenStack Platform 16.1 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Arbitrary Code Execution in blazar-dashboard

An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under because the Python eval function is used. This may result in...