Bug 813391 - (CVE-2012-2094) CVE-2012-2094 python-django-horizon: XSS vulnerability in Horizon log viewer
CVE-2012-2094 python-django-horizon: XSS vulnerability in Horizon log viewer
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20120417,reported=2...
: Security
Depends On: 813453 856739
Blocks:
  Show dependency treegraph
 
Reported: 2012-04-17 12:04 EDT by Pádraig Brady
Modified: 2016-03-04 06:57 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-09-12 13:38:41 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
proposed fix (776 bytes, patch)
2012-04-17 12:04 EDT, Pádraig Brady
no flags Details | Diff

  None (edit)
Description Pádraig Brady 2012-04-17 12:04:08 EDT
Created attachment 578085 [details]
proposed fix

This is an advance warning of a vulnerability discovered in OpenStack,
to give you, as downstream stakeholders, a chance to coordinate the
release of fixes and reduce the vulnerability window. Please treat the
following information as confidential until the proposed public
disclosure date.

Title: XSS vulnerability in Horizon log viewer
Impact: High
Reporter: J. Daniel Schmidt <jdsn@suse.de>
Products: Horizon
Affects: All versions

Description:
J. Daniel Schmidt reported a vulnerability in Horizon. He noted that
the log viewer refreshing mechanism does not escape the data fetched
from guest consoles. This means that HTML with Javascript code gets
interpreted as such, resulting in the ability to inject code into a
dashboard session.

Proposed public disclosure date/time:
Tuesday, April 17th, 1500UTC
Please do not make the issue public (or release public patches) before
this coordinated embargo date.
Comment 2 Pádraig Brady 2012-04-17 18:22:08 EDT
Yes F17 only. This can now be made public
Comment 4 Kurt Seifried 2012-09-12 13:38:29 EDT
Also fixed in F17:
https://bugzilla.redhat.com/show_bug.cgi?id=813453

Note You need to log in before you can comment on or make changes to this bug.