Red Hat Bugzilla – Bug 817104
CVE-2012-2144 python-django-horizon: Horizon session fixation and reuse
Last modified: 2016-03-04 07:31:54 EST
Thomas Biege from SUSE reported a vulnerability in the OpenStack Dashboard (Horizon). Under certain specific circumstances, it was possible to reuse session cookies from another user, possibly allowing access to unauthorized information and capabilities.
Created python-django-horizon tracking bugs for this issue
Affects: fedora-17 [bug 818680]
Affects: epel-6 [bug 818681]
This has been fixed in python-django-horizon-2012.1-4.el6 (EPEL6) and python-django-horizon-2012.1-3.fc17 (Fedora 17).