1116090 – (CVE-2014-3473, CVE-2014-3474, CVE-2014-3475, CVE-2014-8578) CVE-2014-3473 CVE-2014-3474 CVE-2014-3475 CVE-2014-8578 openstack-horizon: multiple XSS flaws

Bug 1116090 (CVE-2014-3473, CVE-2014-3474, CVE-2014-3475, CVE-2014-8578) - CVE-2014-3473 CVE-2014-3474 CVE-2014-3475 CVE-2014-8578 openstack-horizon: multiple XSS flaws

Summary: CVE-2014-3473 CVE-2014-3474 CVE-2014-3475 CVE-2014-8578 openstack-horizon: mu...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2014-3473, CVE-2014-3474, CVE-2014-3475, CVE-2014-8578
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1118141 1118142 1118143 1118144 1121851 1123206
Blocks:	1116095
TreeView+	depends on / blocked

Reported:	2014-07-03 17:37 UTC by Vincent Danen
Modified:	2021-08-18 09:45 UTC (History)
CC List:	18 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	A cross-site scripting (XSS) flaw was found in the way orchestration templates were handled. An owner of such a template could use this flaw to perform XSS attacks against other Horizon users. (CVE-2014-3473) It was found that network names were not sanitized. A malicious user could use this flaw to perform XSS attacks against other Horizon users by creating a network with a specially-crafted name. (CVE-2014-3474) It was found that some email addresses were not sanitized. An administrator could use this flaw to perform XSS attacks against other Horizon users by storing an email address that has a specially-crafted name. (CVE-2014-3475)
Clone Of:
Environment:
Last Closed:	2014-09-15 06:33:39 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2014:0939	0	normal	SHIPPED_LIVE	Moderate: python-django-horizon security, bug fix, and enhancement update	2014-07-24 21:21:49 UTC
Red Hat Product Errata	RHSA-2014:1188	0	normal	SHIPPED_LIVE	Moderate: python-django-horizon security update	2014-09-15 09:52:09 UTC

Description Vincent Danen 2014-07-03 17:37:39 UTC

Multiple XSS vulnerabilities were reported in OpenStack Horizon:

Jason Hullinger from Hewlett Packard, Craig Lorentzen from Cisco and Michael Xin from Rackspace reported 3 cross-site scripting (XSS) vulnerabilities in Horizon. A malicious Orchestration template owner or catalog may conduct an XSS attack once a corrupted template is used in the Orchestration/Stack section of Horizon (CVE-2014-3473). A malicious Horizon user may store an XSS attack by creating a network with a corrupted name (CVE-2014-3474). A malicious Horizon administrator may store an XSS attack by creating a user with a corrupted email address (CVE-2014-3475). Once executed in a legitimate context these attacks may result in potential asset stealing (horizon user/admin access credentials, VMs/Network configuration/management, tenants' confidential information, etc.). All Horizon setups are affected.

Comment 1 Vincent Danen 2014-07-03 18:25:43 UTC

This affects all versions up to and including 2014.1.1 and 2013.2.3.

Comment 3 Garth Mollett 2014-07-10 04:20:33 UTC

Created python-django-horizon tracking bugs for this issue:

Affects: fedora-all [bug 1118141]
Affects: epel-6 [bug 1118142]

Comment 5 errata-xmlrpc 2014-07-24 17:23:19 UTC

This issue has been addressed in following products:

  OpenStack 5 for RHEL 7

Via RHSA-2014:0939 https://rhn.redhat.com/errata/RHSA-2014-0939.html

Comment 7 Martin Prpič 2014-07-28 11:05:23 UTC

IssueDescription CVE-2014-3473:

A cross-site scripting (XSS) flaw was found in the way orchestration templates were handled. An owner of such a template could use this flaw to perform XSS attacks against other Horizon users.

IssueDescription CVE-2014-3474:

It was found that network names were not sanitized. A malicious user could use this flaw to perform XSS attacks against other Horizon users by creating a network with a specially-crafted name.

IssueDescription CVE-2014-3475:

It was found that some email addresses were not sanitized. An administrator could use this flaw to perform XSS attacks against other Horizon users by storing an email address that has a specially-crafted name.

Comment 8 errata-xmlrpc 2014-09-15 05:52:32 UTC

This issue has been addressed in the following products:

  OpenStack 4 for RHEL 6

Via RHSA-2014:1188 https://rhn.redhat.com/errata/RHSA-2014-1188.html

Note You need to log in before you can comment on or make changes to this bug.