[Openstack] [OSSA 2014-023] Multiple XSS vulnerabilities in Horizon (CVE-2014-3473, CVE-2014-3474, and CVE-2014-3475)

Tristan Cacqueray tristan.cacqueray at enovance.com
Tue Jul 8 16:11:02 UTC 2014


OpenStack Security Advisory: 2014-023
CVE: CVE-2014-3473, CVE-2014-3474, and CVE-2014-3475
Date: July 08, 2014
Title: Multiple XSS vulnerabilities in Horizon
Reporter: Jason Hullinger (HP)    - CVE-2014-3473
          Craig Lorentzen (Cisco) - CVE-2014-3474
          Michael Xin (Rackspace) - CVE-2014-3475
Products: Horizon
Versions: up to 2013.2.3, and 2014.1 versions up to 2014.1.1

Description:
Jason Hullinger from Hewlett Packard, Craig Lorentzen from Cisco and
Michael Xin from Rackspace reported 3 cross-site scripting (XSS)
vulnerabilities in Horizon. A malicious Orchestration template owner or
catalog may conduct an XSS attack once a corrupted template is used in
the Orchestration/Stack section of Horizon. A malicious Horizon user may
store an XSS attack by creating a network with a corrupted name. A
malicious Horizon administrator may store an XSS attack by creating a
user with a corrupted email address. Once executed in a legitimate
context these attacks may result in potential asset stealing (horizon
user/admin access credentials, VMs/Network configuration/management,
tenants' confidential information, etc.). All Horizon setups are affected.

Juno (development branch) fix:
https://review.openstack.org/105476

Icehouse fix:
https://review.openstack.org/105477

Havana fix:
https://review.openstack.org/105478

Notes:
This fix will be included in the Juno-2 development milestone and in
future 2013.2.4 and 2014.1.2 releases.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3474
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3475
https://launchpad.net/bugs/1308727
https://launchpad.net/bugs/1320235
https://launchpad.net/bugs/1322197

--
Tristan Cacqueray
OpenStack Vulnerability Management Team



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 538 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140708/cebd63d4/attachment.sig>


More information about the Openstack mailing list