oss-sec mailing list archives
[OSSA-2017-003] XSS in Horizon federation mappings UI (CVE-2017-7400)
From: Tristan Cacqueray <tdecacqu () redhat com>
Date: Thu, 6 Apr 2017 01:50:17 +0000
==================================================== OSSA-2017-003: XSS in Horizon federation mappings UI ==================================================== :Date: April 04, 2017 :CVE: CVE-2017-7400 Affects ~~~~~~~ - Horizon: >=9.0.0 <=9.1.1, >=10.0.0 <=10.0.2, ==11.0.0 Description ~~~~~~~~~~~ Eric Brown from VMware reported a vulnerability in Horizon. By creating a malicious federation mapping, an adminstrator may conduct a persistent XSS attack. All Horizon setups are affected. Patches ~~~~~~~ - https://review.openstack.org/442455 (Mitaka) - https://review.openstack.org/442454 (Newton) - https://review.openstack.org/442453 (Ocata) - https://review.openstack.org/442277 (Pike) Credits ~~~~~~~ - Eric Brown from VMware (CVE-2017-7400) References ~~~~~~~~~~ - https://launchpad.net/bugs/1667086 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7400 -- Tristan Cacqueray OpenStack Vulnerability Management Team
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- [OSSA-2017-003] XSS in Horizon federation mappings UI (CVE-2017-7400) Tristan Cacqueray (Apr 05)