Date: Fri, 17 Jun 2016 14:23:34 +0000 From: Tristan Cacqueray <tdecacqu@...hat.com> To: oss-security@...ts.openwall.com Subject: [OSSA-2016-010] XSS in Horizon client side template (CVE-2016-4428) ================================================== OSSA-2016-010: XSS in Horizon client side template ================================================== :Date: June 15, 2016 :CVE: CVE-2016-4428 Affects ~~~~~~~ - Horizon: <=8.0.1, >=9.0.0 <=9.0.1 Description ~~~~~~~~~~~ Beth Lancaster and Brandon Sawyers from Virginia Tech reported a vulnerability in Horizon. By injecting Angularjs template in dashboard forms, such as image's description, an authenticated user may trigger a cross-site-scripting vulnerability when another user browses the affected pages. It may result in potential assets theft like user access credentials. All Horizon setups are affected. Patches ~~~~~~~ - https://review.openstack.org/329997 (Liberty) - https://review.openstack.org/329996 (Mitaka) - https://review.openstack.org/329998 (Newton) Credits ~~~~~~~ - Beth Lancaster from Virginia Tech (CVE-2016-4428) - Brandon Sawyers from Virginia Tech (CVE-2016-4428) References ~~~~~~~~~~ - https://bugs.launchpad.net/bugs/1567673 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4428 -- Tristan Cacqueray OpenStack Vulnerability Management Team Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ