5.3
CVE-2026-43002
- EPSS 0.37%
- Veröffentlicht 05.05.2026 17:17:04
- Zuletzt bearbeitet 07.05.2026 15:53:49
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerOpenStack
≫
Produkt
Horizon
Default Statusunaffected
Version
25.6.0
Version <
25.7.3
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.37% | 0.281 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cve@mitre.org | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
CWE-696 Incorrect Behavior Order
The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways that may produce resultant weaknesses.
https://bugs.launchpad.net/horizon/+bug/2150331
https://www.openwall.com/lists/oss-security/2026/05/05/7
https://security.openstack.org/ossa/OSSA-2026-009.html