Date: Tue, 08 Jul 2014 12:11:10 -0400 From: Tristan Cacqueray <tristan.cacqueray@...vance.com> To: oss-security@...ts.openwall.com Subject: [OSSA 2014-023] Multiple XSS vulnerabilities in Horizon (CVE-2014-3473, CVE-2014-3474, and CVE-2014-3475) OpenStack Security Advisory: 2014-023 CVE: CVE-2014-3473, CVE-2014-3474, and CVE-2014-3475 Date: July 08, 2014 Title: Multiple XSS vulnerabilities in Horizon Reporter: Jason Hullinger (HP) - CVE-2014-3473 Craig Lorentzen (Cisco) - CVE-2014-3474 Michael Xin (Rackspace) - CVE-2014-3475 Products: Horizon Versions: up to 2013.2.3, and 2014.1 versions up to 2014.1.1 Description: Jason Hullinger from Hewlett Packard, Craig Lorentzen from Cisco and Michael Xin from Rackspace reported 3 cross-site scripting (XSS) vulnerabilities in Horizon. A malicious Orchestration template owner or catalog may conduct an XSS attack once a corrupted template is used in the Orchestration/Stack section of Horizon. A malicious Horizon user may store an XSS attack by creating a network with a corrupted name. A malicious Horizon administrator may store an XSS attack by creating a user with a corrupted email address. Once executed in a legitimate context these attacks may result in potential asset stealing (horizon user/admin access credentials, VMs/Network configuration/management, tenants' confidential information, etc.). All Horizon setups are affected. Juno (development branch) fix: https://review.openstack.org/105476 Icehouse fix: https://review.openstack.org/105477 Havana fix: https://review.openstack.org/105478 Notes: This fix will be included in the Juno-2 development milestone and in future 2013.2.4 and 2014.1.2 releases. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3473 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3474 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3475 https://launchpad.net/bugs/1308727 https://launchpad.net/bugs/1320235 https://launchpad.net/bugs/1322197 -- Tristan Cacqueray OpenStack Vulnerability Management Team Download attachment "signature.asc" of type "application/pgp-signature" (539 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.