[openstack-announce] [OSSA-2016-010] XSS in Horizon client side template (CVE-2016-4428)

Tristan Cacqueray tdecacqu at redhat.com
Fri Jun 17 14:23:22 UTC 2016


==================================================
OSSA-2016-010: XSS in Horizon client side template
==================================================

:Date: June 15, 2016
:CVE: CVE-2016-4428


Affects
~~~~~~~
- Horizon: <=8.0.1, >=9.0.0 <=9.0.1


Description
~~~~~~~~~~~
Beth Lancaster and Brandon Sawyers from Virginia Tech reported a
vulnerability in Horizon. By injecting Angularjs template in dashboard
forms, such as image's description, an authenticated user may trigger
a cross-site-scripting vulnerability when another user browses the
affected pages. It may result in potential assets theft like user
access credentials. All Horizon setups are affected.


Patches
~~~~~~~
- https://review.openstack.org/329997 (Liberty)
- https://review.openstack.org/329996 (Mitaka)
- https://review.openstack.org/329998 (Newton)


Credits
~~~~~~~
- Beth Lancaster from Virginia Tech (CVE-2016-4428)
- Brandon Sawyers from Virginia Tech (CVE-2016-4428)


References
~~~~~~~~~~
- https://bugs.launchpad.net/bugs/1567673
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4428

--
Tristan Cacqueray
OpenStack Vulnerability Management Team

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openstack.org/pipermail/openstack-announce/attachments/20160617/b417ca4f/attachment.pgp>


More information about the OpenStack-announce mailing list