Bug 1116090 (CVE-2014-3474, CVE-2014-3475, CVE-2014-8578) - CVE-2014-3473 CVE-2014-3474 CVE-2014-3475 CVE-2014-8578 openstack-horizon: multiple XSS flaws
Summary: CVE-2014-3473 CVE-2014-3474 CVE-2014-3475 CVE-2014-8578 openstack-horizon: mu...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2014-3474, CVE-2014-3475, CVE-2014-8578
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1118141 1118142 1118143 1118144 1121851 1123206
Blocks: 1116095
TreeView+ depends on / blocked
 
Reported: 2014-07-03 17:37 UTC by Vincent Danen
Modified: 2024-08-27 08:37 UTC (History)
27 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
A cross-site scripting (XSS) flaw was found in the way orchestration templates were handled. An owner of such a template could use this flaw to perform XSS attacks against other Horizon users. (CVE-2014-3473) It was found that network names were not sanitized. A malicious user could use this flaw to perform XSS attacks against other Horizon users by creating a network with a specially-crafted name. (CVE-2014-3474) It was found that some email addresses were not sanitized. An administrator could use this flaw to perform XSS attacks against other Horizon users by storing an email address that has a specially-crafted name. (CVE-2014-3475)
Clone Of:
Environment:
Last Closed: 2014-09-15 06:33:39 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2014:0939 0 normal SHIPPED_LIVE Moderate: python-django-horizon security, bug fix, and enhancement update 2014-07-24 21:21:49 UTC
Red Hat Product Errata RHSA-2014:1188 0 normal SHIPPED_LIVE Moderate: python-django-horizon security update 2014-09-15 09:52:09 UTC

Description Vincent Danen 2014-07-03 17:37:39 UTC
Multiple XSS vulnerabilities were reported in OpenStack Horizon:

Jason Hullinger from Hewlett Packard, Craig Lorentzen from Cisco and Michael Xin from Rackspace reported 3 cross-site scripting (XSS) vulnerabilities in Horizon. A malicious Orchestration template owner or catalog may conduct an XSS attack once a corrupted template is used in the Orchestration/Stack section of Horizon (CVE-2014-3473). A malicious Horizon user may store an XSS attack by creating a network with a corrupted name (CVE-2014-3474). A malicious Horizon administrator may store an XSS attack by creating a user with a corrupted email address (CVE-2014-3475). Once executed in a legitimate context these attacks may result in potential asset stealing (horizon user/admin access credentials, VMs/Network configuration/management, tenants' confidential information, etc.). All Horizon setups are affected.

Comment 1 Vincent Danen 2014-07-03 18:25:43 UTC
This affects all versions up to and including 2014.1.1 and 2013.2.3.

Comment 3 Garth Mollett 2014-07-10 04:20:33 UTC
Created python-django-horizon tracking bugs for this issue:

Affects: fedora-all [bug 1118141]
Affects: epel-6 [bug 1118142]

Comment 5 errata-xmlrpc 2014-07-24 17:23:19 UTC
This issue has been addressed in following products:

  OpenStack 5 for RHEL 7

Via RHSA-2014:0939 https://rhn.redhat.com/errata/RHSA-2014-0939.html

Comment 7 Martin Prpič 2014-07-28 11:05:23 UTC
IssueDescription CVE-2014-3473:

A cross-site scripting (XSS) flaw was found in the way orchestration templates were handled. An owner of such a template could use this flaw to perform XSS attacks against other Horizon users.

IssueDescription CVE-2014-3474:

It was found that network names were not sanitized. A malicious user could use this flaw to perform XSS attacks against other Horizon users by creating a network with a specially-crafted name.

IssueDescription CVE-2014-3475:

It was found that some email addresses were not sanitized. An administrator could use this flaw to perform XSS attacks against other Horizon users by storing an email address that has a specially-crafted name.

Comment 8 errata-xmlrpc 2014-09-15 05:52:32 UTC
This issue has been addressed in the following products:

  OpenStack 4 for RHEL 6

Via RHSA-2014:1188 https://rhn.redhat.com/errata/RHSA-2014-1188.html


Note You need to log in before you can comment on or make changes to this bug.