Thomas Biege from SUSE reported a vulnerability in the OpenStack Dashboard (Horizon). Under certain specific circumstances, it was possible to reuse session cookies from another user, possibly allowing access to unauthorized information and capabilities.
Created python-django-horizon tracking bugs for this issue
Affects: fedora-17 [bug 818680]
Affects: epel-6 [bug 818681]
This has been fixed in python-django-horizon-2012.1-4.el6 (EPEL6) and python-django-horizon-2012.1-3.fc17 (Fedora 17).