[PKG-Openstack-devel] Bug#859559: horizon: CVE-2017-7400: XSS in federation mappings UI
Salvatore Bonaccorso
carnil at debian.org
Tue Apr 4 19:45:18 UTC 2017
Source: horizon
Version: 3:10.0.0-1
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://bugs.launchpad.net/horizon/+bug/1667086
Hi,
the following vulnerability was published for horizon.
CVE-2017-7400[0]:
| OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0
| allows remote authenticated administrators to conduct XSS attacks via a
| crafted federation mapping.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-7400
[1] https://bugs.launchpad.net/horizon/+bug/1667086
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Openstack-devel
mailing list