CVE 2020-29565
An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provided malicious URL.
Related bugs and status
CVE-2020-29565 (Candidate) is related to these bugs:
Bug #1865026: [OSSA-2020-008] Open redirect in workflow forms (CVE-2020-29565)
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1865026 | [OSSA-2020-008] Open redirect in workflow forms (CVE-2020-29565) | OpenStack Dashboard (Horizon) | Undecided | Fix Released | ||
1865026 | [OSSA-2020-008] Open redirect in workflow forms (CVE-2020-29565) | OpenStack Security Advisory | Medium | Fix Released |
Bug #1902944: Cannot create a swift container, mandatory "Storage Policy" dropdown field is empty
Bug #1915787: [SRU] Train stable releases
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1915787 | [SRU] Train stable releases | Ubuntu Cloud Archive | Undecided | Invalid | ||
1915787 | [SRU] Train stable releases | Ubuntu Cloud Archive train | Undecided | Fix Released |
Bug #1923036: [SRU] Ussuri stable releases
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1923036 | [SRU] Ussuri stable releases | Ubuntu Cloud Archive | Undecided | Invalid | ||
1923036 | [SRU] Ussuri stable releases | Ubuntu Cloud Archive ussuri | Undecided | Fix Released | ||
1923036 | [SRU] Ussuri stable releases | cinder (Ubuntu) | Undecided | Invalid | ||
1923036 | [SRU] Ussuri stable releases | horizon (Ubuntu) | Undecided | Invalid | ||
1923036 | [SRU] Ussuri stable releases | neutron (Ubuntu) | Undecided | Invalid | ||
1923036 | [SRU] Ussuri stable releases | nova (Ubuntu) | Undecided | Invalid | ||
1923036 | [SRU] Ussuri stable releases | octavia (Ubuntu) | Undecided | Invalid | ||
1923036 | [SRU] Ussuri stable releases | cinder (Ubuntu Focal) | Undecided | Fix Released | ||
1923036 | [SRU] Ussuri stable releases | horizon (Ubuntu Focal) | Undecided | Fix Released | ||
1923036 | [SRU] Ussuri stable releases | neutron (Ubuntu Focal) | Undecided | Fix Released | ||
1923036 | [SRU] Ussuri stable releases | nova (Ubuntu Focal) | Undecided | Fix Released | ||
1923036 | [SRU] Ussuri stable releases | octavia (Ubuntu Focal) | Undecided | Fix Released |
See the
CVE page on Mitre.org
for more details.