Date: Thu, 6 Apr 2017 01:50:17 +0000 From: Tristan Cacqueray <tdecacqu@...hat.com> To: oss-security@...ts.openwall.com Subject: [OSSA-2017-003] XSS in Horizon federation mappings UI (CVE-2017-7400) ==================================================== OSSA-2017-003: XSS in Horizon federation mappings UI ==================================================== :Date: April 04, 2017 :CVE: CVE-2017-7400 Affects ~~~~~~~ - Horizon: >=9.0.0 <=9.1.1, >=10.0.0 <=10.0.2, ==11.0.0 Description ~~~~~~~~~~~ Eric Brown from VMware reported a vulnerability in Horizon. By creating a malicious federation mapping, an adminstrator may conduct a persistent XSS attack. All Horizon setups are affected. Patches ~~~~~~~ - https://review.openstack.org/442455 (Mitaka) - https://review.openstack.org/442454 (Newton) - https://review.openstack.org/442453 (Ocata) - https://review.openstack.org/442277 (Pike) Credits ~~~~~~~ - Eric Brown from VMware (CVE-2017-7400) References ~~~~~~~~~~ - https://launchpad.net/bugs/1667086 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7400 -- Tristan Cacqueray OpenStack Vulnerability Management Team Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ