openstack team mailing list archive

Thread
Date

Re: [OSSA 2012-004] XSS vulnerability in Horizon log viewer

To: openstack@xxxxxxxxxxxxxxxxxxx
From: Russell Bryant <rbryant@xxxxxxxxxx>
Date: Tue, 17 Apr 2012 11:27:29 -0700
In-reply-to: <4F8D9199.9070802@redhat.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20120329 Thunderbird/11.0.1

On 04/17/2012 08:51 AM, Russell Bryant wrote:
> OpenStack Security Advisory: 2012-004
> CVE: 2012-2094
> Date: April 17, 2012
> Title: XSS vulnerability in Horizon log viewer
> Impact: High
> Reporter: Matthias Weckbecker <mweckbecker@xxxxxxx>
> Products: Horizon
> Affects: All versions

One clarification: this issue is *not* present in the stable/diablo
branch of Horizon.

> Description:
> Matthias Weckbecker reported a vulnerability in Horizon. He noted that
> the log viewer refreshing mechanism does not escape the data fetched
> from guest consoles. This means that HTML with Javascript code gets
> interpreted as such, resulting in the ability to inject code into a
> dashboard session.
> 
> Fixes:
>   Folsom: https://review.openstack.org/#/c/6618/
>   2012.1: https://review.openstack.org/#/c/6621/
> 
> References:
>   http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-2094
>   https://bugs.launchpad.net/horizon/+bug/977944
> 


-- 
Russell Bryant

References

[OSSA 2012-004] XSS vulnerability in Horizon log viewer
From: Russell Bryant, 2012-04-17