MEDIUM 4.8

GHSA-47vp-44v9-rhgq

OpenStack Horizon Cross-site Scripting (XSS)

Details

OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / horizon

Introduced in: 9.0 Fixed in: 9.1.2

Fix pip install --upgrade 'horizon>=9.1.2'

PyPI / horizon

Introduced in: 10.0 Fixed in: 10.0.3

Fix pip install --upgrade 'horizon>=10.0.3'

PyPI / horizon

Introduced in: 11.0.0 Fixed in: 11.0.1

Fix pip install --upgrade 'horizon>=11.0.1'

References

https://nvd.nist.gov/vuln/detail/CVE-2017-7400 [ADVISORY]
https://access.redhat.com/errata/RHSA-2017:1598 [WEB]
https://access.redhat.com/errata/RHSA-2017:1739 [WEB]
https://launchpad.net/bugs/1667086 [WEB]
https://opendev.org/openstack/horizon/commit/1407cfe53144146b29679de21f28c952282043ae [WEB]
https://opendev.org/openstack/horizon/commit/511b325b45b6bd7a88bb6df1a4639b80d0121277 [WEB]
https://opendev.org/openstack/horizon/commit/a835dbfbaa2c70329c08d4b8429d49315dc6d651 [WEB]
https://opendev.org/openstack/horizon/commit/ce80bb6fec3cb0262728e7ae8b9d695cf832e5bf [WEB]
http://www.securityfocus.com/bid/97324 [WEB]