[OSSA-2016-010] Possible client side template injection in horizon (CVE-2016-4428)
Bug #1567673 reported by
Brandon Sawyers
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Dashboard (Horizon) |
Fix Released
|
Critical
|
Tristan Cacqueray | ||
OpenStack Security Advisory |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
I'm working through my groups process to deploy a new web app so that we can provide openstack in our production environment. Part of that process is having an authenticated security scan done by Acunetix.
I've attached a screenshot of the report for the alert received during the scan.
Unfortunately I'm not a dev, so I'm not sure if this is a false alarm or not.
Quick research found the following link which talks about the issue in general: http://
Any input would be greatly appreciated.
Thanks!
Brandon
CVE References
Changed in horizon: | |
status: | New → Confirmed |
summary: |
- Possible client side template injection in horizon + Possible client side template injection in horizon (CVE-2016-4428) |
Changed in ossa: | |
status: | Triaged → In Progress |
Changed in ossa: | |
status: | In Progress → Fix Committed |
information type: | Private Security → Public |
summary: |
- Possible client side template injection in horizon (CVE-2016-4428) + [OSSA-2016-010] Possible client side template injection in horizon + (CVE-2016-4428) |
description: | updated |
Changed in ossa: | |
status: | Fix Committed → Fix Released |
Changed in horizon: | |
milestone: | none → newton-2 |
importance: | Undecided → Critical |
To post a comment you must log in.
Since this report concerns a possible security risk, an incomplete security advisory task has been added while the core security reviewers for the affected project or projects confirm the bug and discuss the scope of any vulnerability along with potential solutions.