659913dd22
This data has been collected from every advisory issued by the OpenStack VMT to date. The CVSSv2 information and impacts have been mined from Red Hat's CVE database. The severity and importance of these issues may differ from these ratings.
41 lines
1.2 KiB
JSON
41 lines
1.2 KiB
JSON
{
|
|
"advisory": {
|
|
"date": "2012-04-17",
|
|
"description": "Matthias Weckbecker reported a vulnerability in Horizon. He noted that the log viewer refreshing mechanism does not escape the data fetched from guest consoles. This means that HTML with Javascript code gets interpreted as such, resulting in the ability to inject code into a dashboard session. ",
|
|
"id": "2012-004",
|
|
"title": "XSS vulnerability in Horizon log viewer",
|
|
"url": "https://lists.launchpad.net/openstack/msg10211.html"
|
|
},
|
|
"affects": [
|
|
{
|
|
"product": "horizon",
|
|
"version": "TODO"
|
|
}
|
|
],
|
|
"bugs": [
|
|
"977944"
|
|
],
|
|
"notes": "",
|
|
"reporters": [
|
|
{
|
|
"company": "UNKNOWN",
|
|
"name": "Matthias Weckbecker"
|
|
}
|
|
],
|
|
"reviews": [
|
|
"6618",
|
|
"6621"
|
|
],
|
|
"schema_version": 1,
|
|
"vulnerabilities": [
|
|
{
|
|
"cve": "CVE-2012-2094",
|
|
"cvss": {
|
|
"base_score": "2.9",
|
|
"scoring_vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"
|
|
},
|
|
"cwe": "TODO",
|
|
"impact": "low"
|
|
}
|
|
]
|
|
} |