[openstack-announce] [OSSA 2014-027] Persistent XSS in Horizon Host Aggregates interface (CVE-2014-3594)

Tristan Cacqueray tristan.cacqueray at enovance.com
Tue Aug 19 20:17:54 UTC 2014


OpenStack Security Advisory: 2014-027
CVE: CVE-2014-3594
Date: August 19, 2014
Title: Persistent XSS in Horizon Host Aggregates interface
Reporters: Dennis Felsch and Mario Heiderich (Ruhr-University Bochum)
Products: Horizon
Versions: up to 2013.2.3, and 2014.1 versions up to 2014.1.2

Description:
Dennis Felsch and Mario Heiderich from the Horst Görtz Institute for
IT-Security, Ruhr-University Bochum reported a persistent XSS in
Horizon. A malicious administrator may conduct a persistent XSS attack
by registering a malicious host aggregate in Horizon Host Aggregate
interface. Once executed in a legitimate context this attack may reveal
another admin token, potentially resulting in a lateral privilege
escalation. All Horizon setups are affected.

Juno (development branch) fix:
https://review.openstack.org/115310

Icehouse fix:
https://review.openstack.org/115311

Havana fix:
https://review.openstack.org/115313

Notes:
This fix will be included in the Juno-3 development milestone and in
future 2013.2.4 and 2014.1.3 releases.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3594
https://launchpad.net/bugs/1349491

-- 
Tristan Cacqueray
OpenStack Vulnerability Management Team


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 474 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-announce/attachments/20140819/06b76df6/attachment.pgp>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openstack.org/pipermail/openstack-announce/attachments/20140819/06b76df6/attachment-0001.pgp>


More information about the OpenStack-announce mailing list