Search CVE reports


Toggle filters

1 – 10 of 21 results


CVE-2022-45582

Low priority
Vulnerable

Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter.

1 affected packages

horizon

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
horizon Not affected Vulnerable Vulnerable Vulnerable Not affected
Show less packages

CVE-2022-1655

Low priority
Ignored

An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in...

1 affected packages

horizon

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
horizon Not affected Not affected Not affected Not affected
Show less packages

CVE-2020-29565

Medium priority
Fixed

An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply...

2 affected packages

horizon, openstack

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
horizon Fixed Fixed Fixed
openstack Not in release Not in release Not affected
Show less packages

CVE-2012-5474

Medium priority
Not affected

The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value.

1 affected packages

horizon

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
horizon
Show less packages

CVE-2017-7400

Negligible priority
Ignored

OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping.

1 affected packages

horizon

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
horizon Not affected
Show less packages

CVE-2016-4428

Medium priority

Some fixes available 1 of 4

Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a...

1 affected packages

horizon

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
horizon Not affected
Show less packages

CVE-2015-3219

Medium priority
Ignored

Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML...

1 affected packages

horizon

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
horizon
Show less packages

CVE-2015-3988

Medium priority
Ignored

Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance image, (2) Nova flavor or (3)...

1 affected packages

horizon

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
horizon
Show less packages

CVE-2015-0271

Medium priority
Not affected

The log-viewing function in the Red Hat redhat-access-plugin before 6.0.3 for OpenStack Dashboard (horizon) allows remote attackers to read arbitrary files via a crafted path.

1 affected packages

horizon

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
horizon
Show less packages

CVE-2014-8124

Medium priority
Fixed

OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service via a...

2 affected packages

horizon, python-django-openstack-auth

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
horizon
python-django-openstack-auth
Show less packages