Lucene search

K
ubuntuUbuntuUSN-3447-1
HistoryOct 11, 2017 - 12:00 a.m.

OpenStack Horizon vulnerability

2017-10-1100:00:00
ubuntu.com
33

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

41.7%

Releases

  • Ubuntu 14.04 ESM

Packages

  • horizon - Web interface for OpenStack cloud infrastructure

Details

Beth Lancaster and Brandon Sawyers discovered that OpenStack Horizon was
incorrect protected against cross-site scripting (XSS) attacks. A remote
authenticated user could use this issue to inject web script or HTML in
a dashboard form.

OSVersionArchitecturePackageVersionFilename
Ubuntu14.04noarchopenstack-dashboard< 1:2014.1.5-0ubuntu2.1UNKNOWN
Ubuntu14.04noarchopenstack-dashboard-ubuntu-theme< 1:2014.1.5-0ubuntu2.1UNKNOWN
Ubuntu14.04noarchpython-django-horizon< 1:2014.1.5-0ubuntu2.1UNKNOWN
Ubuntu14.04noarchpython-django-openstack< 1:2014.1.5-0ubuntu2.1UNKNOWN

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

41.7%