OpenStack Security Advisory: 2014-027 CVE: CVE-2014-3594 Date: August 19, 2014 Title: Persistent XSS in Horizon Host Aggregates interface Reporters: Dennis Felsch and Mario Heiderich (Ruhr-University Bochum) Products: Horizon Versions: up to 2013.2.3, and 2014.1 versions up to 2014.1.2 Description: Dennis Felsch and Mario Heiderich from the Horst Görtz Institute for IT-Security, Ruhr-University Bochum reported a persistent XSS in Horizon. A malicious administrator may conduct a persistent XSS attack by registering a malicious host aggregate in Horizon Host Aggregate interface. Once executed in a legitimate context this attack may reveal another admin token, potentially resulting in a lateral privilege escalation. All Horizon setups are affected. Juno (development branch) fix: https://review.openstack.org/115310 Icehouse fix: https://review.openstack.org/115311 Havana fix: https://review.openstack.org/115313 Notes: This fix will be included in the Juno-3 development milestone and in future 2013.2.4 and 2014.1.3 releases. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3594 https://launchpad.net/bugs/1349491 -- Tristan Cacqueray OpenStack Vulnerability Management Team -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 474 bytes Desc: not available URL: <http://lists.openstack.org/pipermail/openstack-announce/attachments/20140819/06b76df6/attachment.pgp> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: <http://lists.openstack.org/pipermail/openstack-announce/attachments/20140819/06b76df6/attachment-0001.pgp>