CVE-2022-45582
Published: 22 August 2023
Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter.
Notes
Author | Note |
---|---|
Priority reason: Per upstream bug, this is a minor issue |
|
mdeslaur | only affects 12.0.0 and later CVE description is very wrong, versions listed are the fixed versions, not the vulnerable ones. fixed version 22.1.1 is in jammy-updates, but not in jammy-securty yet |
Priority
Status
Package | Release | Status |
---|---|---|
horizon Launchpad, Ubuntu, Debian |
bionic |
Needed
|
focal |
Needed
|
|
jammy |
Needed
|
|
lunar |
Not vulnerable
(4:23.1.0-0ubuntu1)
|
|
mantic |
Not vulnerable
(4:23.3.0-0ubuntu1)
|
|
noble |
Not vulnerable
(4:23.3.0-0ubuntu2)
|
|
trusty |
Ignored
(end of standard support)
|
|
upstream |
Released
(19.4.0,20.1.4,22.1.1,23.1.0)
|
|
xenial |
Not vulnerable
(code not present)
|
|
Patches: upstream: https://review.opendev.org/c/openstack/horizon/+/862902 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.1 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Changed |
Confidentiality | Low |
Integrity impact | Low |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |