Title: Persistent XSS in Horizon Host Aggregates interface Reporters: Dennis Felsch and Mario Heiderich (Ruhr-University Bochum) Products: Horizon Versions: up to 2013.2.3, and 2014.1 versions up to 2014.1.2 Description: Dennis Felsch and Mario Heiderich from the Horst Görtz Institute for IT-Security, Ruhr-University Bochum reported a persistent XSS in Horizon. A malicious administrator may conduct a persistent XSS attack by registering a malicious host aggregate in Horizon Host Aggregate interface. Once executed in a legitimate context this attack may reveal another admin token, potentially resulting in a lateral privilege escalation. All Horizon setups are affected. Acknowledgements: Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Dennis Felsch and Mario Heiderich from the Horst Görtz Institute for IT-Security, Ruhr-University Bochum as the original reporters.
Created attachment 926551 [details] CVE-2014-3594 patch for stable/havana
Created attachment 926552 [details] CVE-2014-3594 patch for stable/icehouse
Created attachment 926553 [details] CVE-2014-3594 patch for master/juno
This issue is public now: http://seclists.org/oss-sec/2014/q3/413
Created python-django-horizon tracking bugs for this issue: Affects: fedora-all [bug 1131805] Affects: epel-6 [bug 1131806]
IssueDescription: A persistent cross-site scripting (XSS) flaw was found in the horizon host aggregate interface. A user with sufficient privileges to add a host aggregate could potentially use this flaw to capture the credentials of another user.
This issue has been addressed in the following products: OpenStack 4 for RHEL 6 Via RHSA-2014:1188 https://rhn.redhat.com/errata/RHSA-2014-1188.html
This issue has been addressed in the following products: OpenStack 5 for RHEL 7 Via RHSA-2014:1335 https://rhn.redhat.com/errata/RHSA-2014-1335.html
This issue has been addressed in the following products: OpenStack 5 for RHEL 6 Via RHSA-2014:1336 https://rhn.redhat.com/errata/RHSA-2014-1336.html