Openstack

Horizon

23 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2026-43002

  • EPSS 0.07%
  • Veröffentlicht 05.05.2026 17:17:04
  • Zuletzt bearbeitet 07.05.2026 15:53:49

An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2...

6.1

CVE-2022-45582

  • EPSS 0.29%
  • Veröffentlicht 22.08.2023 19:16:30
  • Zuletzt bearbeitet 21.11.2024 07:29:27

Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter.

6.1

CVE-2020-29565

Exploit
  • EPSS 0.71%
  • Veröffentlicht 04.12.2020 08:15:11
  • Zuletzt bearbeitet 21.11.2024 05:24:12

An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon tha...

5.5

CVE-2012-5476

  • EPSS 0.15%
  • Veröffentlicht 30.12.2019 20:15:11
  • Zuletzt bearbeitet 21.11.2024 01:44:43

Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value.

5.5

CVE-2012-5474

Exploit
  • EPSS 0.07%
  • Veröffentlicht 30.12.2019 20:15:11
  • Zuletzt bearbeitet 21.11.2024 01:44:43

The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value.

4.8

CVE-2017-7400

  • EPSS 0.22%
  • Veröffentlicht 03.04.2017 14:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping.

5.4

CVE-2016-4428

  • EPSS 0.57%
  • Veröffentlicht 12.07.2016 19:59:03
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.

4.3

CVE-2015-3219

Exploit
  • EPSS 0.41%
  • Veröffentlicht 20.08.2015 20:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parame...

3.5

CVE-2015-3988

  • EPSS 0.35%
  • Veröffentlicht 19.05.2015 18:59:08
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance image, (2) Nova flavor or (3) Host Aggregate.

5

CVE-2014-8124

  • EPSS 0.86%
  • Veröffentlicht 12.12.2014 15:59:09
  • Zuletzt bearbeitet 06.05.2026 22:30:45

OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service via a large number of requests...