OpenStack Horizon vulnerability

2014-05-0600:00:00

ubuntu.com

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

59.7%

JSON

Releases

Ubuntu 13.10

Packages

horizon - Web interface for OpenStack cloud infrastructure

Details

Cristian Fiorentino discovered that OpenStack Horizon did not properly
perform input sanitization for Heat templates. If a user were tricked into
using a specially crafted Heat template, an attacker could conduct
cross-site scripting attacks. With cross-site scripting vulnerabilities, if
a user were tricked into viewing server output during a crafted server
request, a remote attacker could exploit this to modify the contents, or
steal confidential data, within the same domain.

OSVersionArchitecturePackageVersionFilename
Ubuntu13.10noarchopenstack-dashboard< 1:2013.2.3-0ubuntu1.1UNKNOWN
Ubuntu13.10noarchopenstack-dashboard-ubuntu-theme< 1:2013.2.3-0ubuntu1.1UNKNOWN
Ubuntu13.10noarchpython-django-horizon< 1:2013.2.3-0ubuntu1.1UNKNOWN
Ubuntu13.10noarchpython-django-openstack< 1:2013.2.3-0ubuntu1.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	13.10	noarch	openstack-dashboard	< 1:2013.2.3-0ubuntu1.1	UNKNOWN
Ubuntu	13.10	noarch	openstack-dashboard-ubuntu-theme	< 1:2013.2.3-0ubuntu1.1	UNKNOWN
Ubuntu	13.10	noarch	python-django-horizon	< 1:2013.2.3-0ubuntu1.1	UNKNOWN
Ubuntu	13.10	noarch	python-django-openstack	< 1:2013.2.3-0ubuntu1.1	UNKNOWN