Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 08 Jul 2014 12:11:10 -0400
From: Tristan Cacqueray <tristan.cacqueray@...vance.com>
To: oss-security@...ts.openwall.com
Subject: [OSSA 2014-023] Multiple XSS vulnerabilities in Horizon (CVE-2014-3473,
 CVE-2014-3474, and CVE-2014-3475)

OpenStack Security Advisory: 2014-023
CVE: CVE-2014-3473, CVE-2014-3474, and CVE-2014-3475
Date: July 08, 2014
Title: Multiple XSS vulnerabilities in Horizon
Reporter: Jason Hullinger (HP)    - CVE-2014-3473
          Craig Lorentzen (Cisco) - CVE-2014-3474
          Michael Xin (Rackspace) - CVE-2014-3475
Products: Horizon
Versions: up to 2013.2.3, and 2014.1 versions up to 2014.1.1

Description:
Jason Hullinger from Hewlett Packard, Craig Lorentzen from Cisco and
Michael Xin from Rackspace reported 3 cross-site scripting (XSS)
vulnerabilities in Horizon. A malicious Orchestration template owner or
catalog may conduct an XSS attack once a corrupted template is used in
the Orchestration/Stack section of Horizon. A malicious Horizon user may
store an XSS attack by creating a network with a corrupted name. A
malicious Horizon administrator may store an XSS attack by creating a
user with a corrupted email address. Once executed in a legitimate
context these attacks may result in potential asset stealing (horizon
user/admin access credentials, VMs/Network configuration/management,
tenants' confidential information, etc.). All Horizon setups are affected.

Juno (development branch) fix:
https://review.openstack.org/105476

Icehouse fix:
https://review.openstack.org/105477

Havana fix:
https://review.openstack.org/105478

Notes:
This fix will be included in the Juno-2 development milestone and in
future 2013.2.4 and 2014.1.2 releases.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3475
https://launchpad.net/bugs/1308727
https://launchpad.net/bugs/1320235
https://launchpad.net/bugs/1322197

--
Tristan Cacqueray
OpenStack Vulnerability Management Team




[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ