Comment 21 for bug 1289033
Revision history for this message
| Tristan Cacqueray (tristan-cacqueray) wrote Re: XSS in Horizon-Orchestration (CVE-2014-0157) | #21 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
There are some typo in the impact desc draft, Intel wasn't mentioned on the reporter line, and 2013.2 is also vulnerable, affected versions line is also updated:
Here is impact description #3:
Title: XSS in Horizon orchestration dashboard
Reporter: Cristian Fiorentino (Intel)
Products: Horizon
Versions: 2013.2 version up to 2013.2.3
Description:
Cristian Fiorentino from Intel reported a vulnerability in Horizon
Orchestration dashboard. By tricking a Horizon user into using a
malicious template in the Orchestration/Stack section of Horizon, a
remote attacker may trigger a cross-site-
result in potential assets theft (Horizon user/admin access credentials,
tenants confidential information, etc.). Only setups exposing the
orchestration dashboard in Horizon are affected.