Adds OSSA-2017-003 (CVE-2017-7400)

Change-Id: Iead38e4f72cfe54102612a07a4001862cb5fd32c Closes-Bug: #1667086
2017-03-17 16:49:35 +00:00 · 2017-03-17 16:49:35 +00:00 · d9fb681d40
parent c54ed705df
commit d9fb681d40
1 changed files with 37 additions and 0 deletions
--- a/ossa/OSSA-2017-003.yaml
+++ b/ossa/OSSA-2017-003.yaml
@ -0,0 +1,37 @@
+date: 2017-04-04
+
+id: OSSA-2017-003
+
+title: XSS in Horizon federation mappings UI
+
+description: >
+   Eric Brown from VMware reported a vulnerability in Horizon. By creating a
+   malicious federation mapping, an adminstrator may conduct a persistent XSS
+   attack. All Horizon setups are affected.
+
+affected-products:
+  - product: horizon
+    version: ">=9.0.0 <=9.1.1, >=10.0.0 <=10.0.2, ==11.0.0"
+
+vulnerabilities:
+  - cve-id: CVE-2017-7400
+
+reporters:
+  - name: Eric Brown
+    affiliation: VMware
+    reported:
+      - CVE-2017-7400
+
+issues:
+  links:
+    - https://launchpad.net/bugs/1667086
+
+reviews:
+  pike:
+    - https://review.openstack.org/442277
+  ocata:
+    - https://review.openstack.org/442453
+  newton:
+    - https://review.openstack.org/442454
+  mitaka:
+    - https://review.openstack.org/442455