Date: Mon, 25 May 2015 09:48:55 -0700 From: Tristan Cacqueray <tristan.cacqueray@...vance.com> To: oss-security@...ts.openwall.com Subject: [OSSA 2015-009] Persistent XSS in Horizon metadata dashboard (CVE-2015-3988) =========================================================== OSSA-2015-009: Persistent XSS in Horizon metadata dashboard =========================================================== :Date: May 25, 2015 :CVE: CVE-2015-3988 Affects ~~~~~~~ - Horizon: 2014.2 versions through 2014.2.3 and version 2015.1.0 Description ~~~~~~~~~~~ Sunil Yadav from IBM Security Services reported a persistent XSS in Horizon. An authenticated user may conduct a persistent XSS attack by setting a malicious metadata to a Glance image, a Nova flavor or a Host Aggregate and tricking an administrator to load the update metadata page. Once executed in a legitimate context this attack may result in a privilege escalation. All Horizon setups are affected. Patches ~~~~~~~ - https://review.openstack.org/183659 (Juno) - https://review.openstack.org/183656 (Kilo) - https://review.openstack.org/179429 (Liberty) Credits ~~~~~~~ - Sunil Yadav from IBM (CVE-2015-3988) References ~~~~~~~~~~ - https://launchpad.net/bugs/1449260 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3988 Notes ~~~~~ - This fix will be included in future 2014.2.4 (juno) and 2015.1.1 (kilo) releases. -- Tristan Cacqueray OpenStack Vulnerability Management Team Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ