Your submission was sent successfully! Close

USN-3447-1: OpenStack Horizon vulnerability

11 October 2017

OpenStack Horizon could be made to expose sensitive information over the network.



  • horizon - Web interface for OpenStack cloud infrastructure


Beth Lancaster and Brandon Sawyers discovered that OpenStack Horizon was
incorrect protected against cross-site scripting (XSS) attacks. A remote
authenticated user could use this issue to inject web script or HTML in
a dashboard form.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04

In general, a standard system update will make all the necessary changes.