Bug 813391 (CVE-2012-2094)

Summary: CVE-2012-2094 python-django-horizon: XSS vulnerability in Horizon log viewer
Product: [Other] Security Response Reporter: Pádraig Brady <pbrady>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: gmollett, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-09-12 17:38:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 813453, 856739    
Bug Blocks:    
Attachments:
Description Flags
proposed fix none

Description Pádraig Brady 2012-04-17 16:04:08 UTC
Created attachment 578085 [details]
proposed fix

This is an advance warning of a vulnerability discovered in OpenStack,
to give you, as downstream stakeholders, a chance to coordinate the
release of fixes and reduce the vulnerability window. Please treat the
following information as confidential until the proposed public
disclosure date.

Title: XSS vulnerability in Horizon log viewer
Impact: High
Reporter: J. Daniel Schmidt <jdsn>
Products: Horizon
Affects: All versions

Description:
J. Daniel Schmidt reported a vulnerability in Horizon. He noted that
the log viewer refreshing mechanism does not escape the data fetched
from guest consoles. This means that HTML with Javascript code gets
interpreted as such, resulting in the ability to inject code into a
dashboard session.

Proposed public disclosure date/time:
Tuesday, April 17th, 1500UTC
Please do not make the issue public (or release public patches) before
this coordinated embargo date.

Comment 2 Pádraig Brady 2012-04-17 22:22:08 UTC
Yes F17 only. This can now be made public

Comment 4 Kurt Seifried 2012-09-12 17:38:29 UTC
Also fixed in F17:
https://bugzilla.redhat.com/show_bug.cgi?id=813453