104 lines
2.6 KiB
YAML
104 lines
2.6 KiB
YAML
date: 2014-07-08
|
|
|
|
id: OSSA-2014-023
|
|
|
|
title: 'Multiple XSS vulnerabilities in Horizon'
|
|
|
|
description: 'Jason Hullinger from Hewlett Packard, Craig Lorentzen from Cisco and
|
|
Michael Xin from Rackspace reported 3 cross-site scripting (XSS) vulnerabilities
|
|
in Horizon. A malicious Orchestration template owner or catalog may conduct an XSS
|
|
attack once a corrupted template is used in the Orchestration/Stack section of Horizon.
|
|
A malicious Horizon user may store an XSS attack by creating a network with a corrupted
|
|
name. A malicious Horizon administrator may store an XSS attack by creating a user
|
|
with a corrupted email address. Once executed in a legitimate context these attacks
|
|
may result in potential asset stealing (horizon user/admin access credentials, VMs/Network
|
|
configuration/management, tenants'' confidential information, etc.). All Horizon
|
|
setups are affected.'
|
|
|
|
reference: http://lists.openstack.org/pipermail/openstack-announce/2014-July/000251.html
|
|
|
|
affected-products:
|
|
|
|
- product: horizon
|
|
version: up to 2013.2.3, and 2014.1 versions up to 2014.1.1
|
|
|
|
vulnerabilities:
|
|
|
|
- cve-id: CVE-2014-3473
|
|
impact-assessment:
|
|
source: 'Red Hat Product Security'
|
|
rating: moderate
|
|
assessment:
|
|
type: CVSS2
|
|
score: 4.3
|
|
detail: AV:N/AC:M/Au:N/C:N/I:P/A:N
|
|
classification:
|
|
source: 'Red Hat Product Security'
|
|
type: CWE
|
|
detail: TODO
|
|
|
|
- cve-id: CVE-2014-3474
|
|
impact-assessment:
|
|
source: 'Red Hat Product Security'
|
|
rating: moderate
|
|
assessment:
|
|
type: CVSS2
|
|
score: 4.3
|
|
detail: AV:N/AC:M/Au:N/C:N/I:P/A:N
|
|
classification:
|
|
source: 'Red Hat Product Security'
|
|
type: CWE
|
|
detail: TODO
|
|
|
|
- cve-id: CVE-2014-3475
|
|
impact-assessment:
|
|
source: 'Red Hat Product Security'
|
|
rating: moderate
|
|
assessment:
|
|
type: CVSS2
|
|
score: 4.3
|
|
detail: AV:N/AC:M/Au:N/C:N/I:P/A:N
|
|
classification:
|
|
source: 'Red Hat Product Security'
|
|
type: CWE
|
|
detail: TODO
|
|
|
|
reporters:
|
|
|
|
- name: 'Jason Hullinger'
|
|
affiliation: HP
|
|
reported:
|
|
- CVE-2014-3473
|
|
|
|
- name: 'Craig Lorentzen'
|
|
affiliation: Cisco
|
|
reported:
|
|
- CVE-2014-3474
|
|
|
|
- name: 'Michael Xin'
|
|
affiliation: Rackspace
|
|
reported:
|
|
- CVE-2014-3475
|
|
|
|
issues:
|
|
|
|
links:
|
|
- https://launchpad.net/bugs/1308727
|
|
- https://launchpad.net/bugs/1320235
|
|
- https://launchpad.net/bugs/1322197
|
|
|
|
type: launchpad
|
|
|
|
reviews:
|
|
|
|
juno:
|
|
- https://review.openstack.org/#/c/105476
|
|
|
|
icehouse:
|
|
- https://review.openstack.org/#/c/105477
|
|
|
|
havana:
|
|
- https://review.openstack.org/#/c/105478
|
|
|
|
type: gerrit
|