openstack team mailing list archive

Thread
Date

Re: [OSSA 2012-012] Horizon, Open redirect through 'next' parameter (CVE-2012-3540)

To: Russell Bryant <rbryant@xxxxxxxxxx>
From: andi abes <andi.abes@xxxxxxxxx>
Date: Thu, 13 Sep 2012 11:17:06 -0400
Cc: oss-security@xxxxxxxxxxxxxxxxxx, openstack-announce@xxxxxxxxxxxxxxxxxxx, "openstack@xxxxxxxxxxxxxxxxxxx" <openstack@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <503F8831.1040807@redhat.com>

Has a fix for this been  backported to essex/stable branch?

On Thu, Aug 30, 2012 at 11:35 AM, Russell Bryant <rbryant@xxxxxxxxxx> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> This advisory included the wrong CVE.  It was CVE-2012-3540.  Sorry
> about that.
>
> On 08/30/2012 11:10 AM, Russell Bryant wrote:
>> OpenStack Security Advisory: 2012-012 CVE: CVE-2012-3542
>
> This should have been CVE-2012-3540
>
>> Date: August 30, 2012 Title: Open redirect through 'next'
>> parameter Impact: Medium Reporter: Thomas Biege (SUSE) Products:
>> Horizon Affects: Essex (2012.1)
>>
>> Description: Thomas Biege from SUSE reported a vulnerability in
>> Horizon authentication mechanism. By adding a malicious 'next'
>> parameter to a Horizon authentication URL and enticing an
>> unsuspecting user to follow it, the victim might get redirected
>> after authentication to a malicious site where useful information
>> could be extracted. Only setups running Essex are affected.
>>
>> Fixes: 2012.1:
>> https://github.com/openstack/horizon/commit/35eada8a27323c0f83c400177797927aba6bc99b
>>
>>  References:
>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-3542
>
> This should have been:
>
>     http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-3540
>
>> https://bugs.launchpad.net/horizon/+bug/1039077
>>
>> Notes: This fix will be included in a future Essex (2012.1)
>> release.
>
> - --
> Russell Bryant
> OpenStack Vulnerability Management Team
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
>
> iEYEARECAAYFAlA/iDEACgkQFg9ft4s9SAbPBQCgndIk58K5ZF71PCxmWfDjV9MO
> 4yoAoJDGBeqC4TbJnyo+AsEeQYeTQEe6
> =zO6p
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp

Follow ups

Re: [OSSA 2012-012] Horizon, Open redirect through 'next' parameter (CVE-2012-3540)
From: Kiall Mac Innes, 2012-09-13

References

[OSSA 2012-012] Horizon, Open redirect through 'next' parameter (CVE-2012-3542)
From: Russell Bryant, 2012-08-30
Re: [OSSA 2012-012] Horizon, Open redirect through 'next' parameter (CVE-2012-3540)
From: Russell Bryant, 2012-08-30