[PKG-Openstack-devel] Bug#744019: CVE-2014-0157: XSS in Horizon orchestration dashboard
Thomas Goirand
zigo at debian.org
Wed Apr 9 09:16:49 UTC 2014
Source: horizon
Version: 2013.2.2-2
Severity: important
Reporter: Cristian Fiorentino (Intel)
Products: Horizon
Versions: 2013.2 version up to 2013.2.3
Description:
Cristian Fiorentino from Intel reported a vulnerability in Horizon
Orchestration dashboard. By tricking a Horizon user into using a
malicious template in the Orchestration/Stack section of Horizon, a
remote attacker may trigger a cross-site-scripting vulnerability. It may
result in potential assets theft (Horizon user/admin access credentials,
tenants confidential information, etc.). Only setups exposing the
orchestration dashboard in Horizon are affected.
Note from maintainer:
Patched version is already on its way.
More information about the Openstack-devel
mailing list