Описание
OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping.
A cross-site scripting flaw was discovered in the OpenStack dashboard (horizon) which allowed remote authenticated administrators to conduct XSS attacks using a crafted federation mapping rule. For this flaw to be exploited, federation mapping must be enabled in the dashboard.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse) | python-django-horizon | Not affected | ||
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) | python-django-horizon | Not affected | ||
| Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) | python-django-horizon | Not affected | ||
| Red Hat OpenStack Platform 11 (Ocata) | python-django-horizon | Not affected | ||
| Red Hat OpenStack Platform 8 (Liberty) | python-django-horizon | Not affected | ||
| Red Hat OpenStack Platform 10.0 (Newton) | python-django-horizon | Fixed | RHSA-2017:1598 | 28.06.2017 |
| Red Hat OpenStack Platform 9.0 (Mitaka) | python-django-horizon | Fixed | RHSA-2017:1739 | 12.07.2017 |
Показывать по
Дополнительная информация
Статус:
3.5 Low
CVSS3
Связанные уязвимости
OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping.
OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping.
OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 a ...
3.5 Low
CVSS3