Bug 1811510 (CVE-2020-29565)

Summary: CVE-2020-29565 python-django-horizon: dashboard allows open redirect
Product: [Other] Security Response Reporter: Summer Long <slong>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: athomas, dbecker, jjoyce, jrist, jschluet, jstangle, lhh, lpeer, mburns, mrunge, rdopiera, rhos-maint, sclewis, slinaber, srevivo
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: horizon 15.3.2, horizon 16.2.1, horizon 18.3.3, horizon 18.6.0 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in python-django-horizon. The "next" parameter is not correctly validated allowing a remote attacker to supply a malicious URL in the dashboard that could cause an automatic redirect to the provided malicious site. The highest threat from this vulnerability is to data confidentiality and integrity.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2020-12-15 22:18:22 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1807688, 1812759, 1812760, 1904883    
Bug Blocks: 1808438    

Description Summer Long 2020-03-09 05:13:13 UTC 
Red hat has found an open redirection vulnerability in horizon which could lead to a phishing attack, tricking users to visit malicious websites.
Comment 2 Summer Long 2020-03-09 05:21:14 UTC 
Upstream: https://bugs.launchpad.net/bugs/1865026
Comment 4 Dhananjay Arunesh 2020-03-26 07:52:41 UTC 
Acknowledgments:

Name: Pritam Singh (Red Hat)
Comment 6 Summer Long 2020-09-21 03:07:25 UTC 
Upstream patch: https://git.openstack.org/cgit/openstack/horizon/commit/?id=252467100f75587e18df9c43ed5802ee8f0017fa
Comment 9 Summer Long 2020-12-07 00:23:54 UTC 
Created python-django-horizon tracking bugs for this issue:

Affects: openstack-rdo [bug 1904883]
Comment 11 Summer Long 2020-12-09 23:44:37 UTC 
External References:

https://www.openwall.com/lists/oss-security/2020/12/08/2
Comment 12 Summer Long 2020-12-09 23:44:40 UTC 
Mitigation:

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Comment 13 errata-xmlrpc 2020-12-15 18:42:14 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 16.1

Via RHSA-2020:5411 https://access.redhat.com/errata/RHSA-2020:5411
Comment 14 Product Security DevOps Team 2020-12-15 22:18:22 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-29565
Comment 15 errata-xmlrpc 2020-12-16 13:53:17 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 13.0 (Queens)
  Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS

Via RHSA-2020:5572 https://access.redhat.com/errata/RHSA-2020:5572