7 matches found
Debian DSA-4820-1 : horizon - security update
Pritam Singh discovered an open redirect in the workflow forms of OpenStack Horizon. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4820. The text itself is copyright C Software in the Public Interest, Inc...
[SECURITY] [DSA 4820-1] horizon security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4820-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 27, 2020 https://www.debian.org/security/faq -...
RHEL 7 : python-django-horizon (RHSA-2020:5572)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:5572 advisory. OpenStack Dashboard horizon provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources...
Moderate: Red Hat Security Advisory: python-django-horizon security update
An update for python-django-horizon is now available for Red Hat OpenStack Platform 13 Queens. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...
CVE-2020-29565
An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provid...
blazar-dashboard (=1.2.0), freezer-web-ui (=7.0.0.0b1) +3 more potentially affected by CVE-2020-29565 via horizon (=17.1.0)
horizon PYPI version =17.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on horizon and may be impacted: - blazar-dashboard =1.2.0 - freezer-web-ui =7.0.0.0b1 - monasca-ui =1.13.0 - sahara-dashboard =9.0.0.0b3, =2.4.0, =3.0.1 Source cves: CVE-2020-295...
CVE-2020-29565
An OpenStack Horizon vulnerability (CVE-2020-29565) arises from insufficient validation of the next URL parameter, allowing an attacker to trigger an automatic redirect to a malicious URL. Affected Horizon branches include pre-15.3.2, 16.x pre-16.2.1, 17.x and 18.x pre-18.3.3, as well as 18.4.x a...