Browse Source

Adds OSSA-2017-003 (CVE-2017-7400)

Change-Id: Iead38e4f72cfe54102612a07a4001862cb5fd32c
Closes-Bug: #1667086
Tristan Cacqueray 2 years ago
parent
commit
d9fb681d40
1 changed files with 37 additions and 0 deletions
  1. 37
    0
      ossa/OSSA-2017-003.yaml

+ 37
- 0
ossa/OSSA-2017-003.yaml View File

@@ -0,0 +1,37 @@
1
+date: 2017-04-04
2
+
3
+id: OSSA-2017-003
4
+
5
+title: XSS in Horizon federation mappings UI
6
+
7
+description: >
8
+   Eric Brown from VMware reported a vulnerability in Horizon. By creating a
9
+   malicious federation mapping, an adminstrator may conduct a persistent XSS
10
+   attack. All Horizon setups are affected.
11
+
12
+affected-products:
13
+  - product: horizon
14
+    version: ">=9.0.0 <=9.1.1, >=10.0.0 <=10.0.2, ==11.0.0"
15
+
16
+vulnerabilities:
17
+  - cve-id: CVE-2017-7400
18
+
19
+reporters:
20
+  - name: Eric Brown
21
+    affiliation: VMware
22
+    reported:
23
+      - CVE-2017-7400
24
+
25
+issues:
26
+  links:
27
+    - https://launchpad.net/bugs/1667086
28
+
29
+reviews:
30
+  pike:
31
+    - https://review.openstack.org/442277
32
+  ocata:
33
+    - https://review.openstack.org/442453
34
+  newton:
35
+    - https://review.openstack.org/442454
36
+  mitaka:
37
+    - https://review.openstack.org/442455

Loading…
Cancel
Save