Openstack

Horizon

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2022-45582

  • EPSS 0.29%
  • Veröffentlicht 22.08.2023 19:16:30
  • Zuletzt bearbeitet 21.11.2024 07:29:27

Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter.

6.1

CVE-2020-29565

Exploit
  • EPSS 0.71%
  • Veröffentlicht 04.12.2020 08:15:11
  • Zuletzt bearbeitet 21.11.2024 05:24:12

An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon tha...

5.5

CVE-2012-5476

  • EPSS 0.15%
  • Veröffentlicht 30.12.2019 20:15:11
  • Zuletzt bearbeitet 21.11.2024 01:44:43

Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value.

5.5

CVE-2012-5474

Exploit
  • EPSS 0.07%
  • Veröffentlicht 30.12.2019 20:15:11
  • Zuletzt bearbeitet 21.11.2024 01:44:43

The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value.

4.8

CVE-2017-7400

  • EPSS 0.22%
  • Veröffentlicht 03.04.2017 14:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping.

5.4

CVE-2016-4428

  • EPSS 0.57%
  • Veröffentlicht 12.07.2016 19:59:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.

4.3

CVE-2015-3219

Exploit
  • EPSS 0.41%
  • Veröffentlicht 20.08.2015 20:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parame...

3.5

CVE-2015-3988

  • EPSS 0.41%
  • Veröffentlicht 19.05.2015 18:59:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance image, (2) Nova flavor or (3) Host Aggregate.

5

CVE-2014-8124

  • EPSS 0.78%
  • Veröffentlicht 12.12.2014 15:59:09
  • Zuletzt bearbeitet 12.04.2025 10:46:40

OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service via a large number of requests...

3.5

CVE-2014-3475

  • EPSS 0.36%
  • Veröffentlicht 31.10.2014 15:55:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user...