Comment 6 for bug 1940450

Did you check this tooltip.js file?

~/horizon-13.0.2/xstatic/pkg/bootstrap_scss/data/js/bootstrap/tooltip.js

This is the one that has been affected from this package: horizon_13.0.2-0ubuntu3~cloud0

I am currently attempting to upgrade to Bootstrap 3.4.1, this also pulls in the cve fix during the upgrade as well. I can't attach a photo, but you can do a comparison between focal and bionic and see the security patch is applied with Bootstrap 3.4.1(focal)