| 2021-08-18 15:55:23 |
Heather Lemon |
bug |
|
|
added bug |
| 2021-08-18 15:57:31 |
Heather Lemon |
bug task added |
|
ubuntu |
|
| 2021-08-18 15:57:43 |
Heather Lemon |
bug task deleted |
ubuntu |
|
|
| 2021-08-18 17:24:14 |
Jeremy Stanley |
description |
The data-template attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript.
github source: https://github.com/twbs/bootstrap/pull/28236
github upstream MR: https://github.com/twbs/bootstrap/pull/28236/commits/5efa9b531d25927b907e3fa24b818608bc38a2f0
ubuntu-cve https://ubuntu.com/security/CVE-2019-8331
openstack-dashboard,from xenial UCA, python-django-horizon version 13.0.2-0ubuntu3~cloud0
`pull-uca-source python-django-horizon 3:13.0.2-0ubuntu3~cloud0` |
This issue is being treated as a potential security risk under
embargo. Please do not make any public mention of embargoed
(private) security vulnerabilities before their coordinated
publication by the OpenStack Vulnerability Management Team in the
form of an official OpenStack Security Advisory. This includes
discussion of the bug or associated fixes in public forums such as
mailing lists, code review systems and bug trackers. Please also
avoid private disclosure to other individuals not already approved
for access to this information, and provide this same reminder to
those who are made aware of the issue prior to publication. All
discussion should remain confined to this private bug report, and
any proposed fixes should be added to the bug as attachments. This
embargo shall not extend past 2021-11-16 and will be made
public by or on that date even if no fix is identified.
The data-template attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript.
github source: https://github.com/twbs/bootstrap/pull/28236
github upstream MR: https://github.com/twbs/bootstrap/pull/28236/commits/5efa9b531d25927b907e3fa24b818608bc38a2f0
ubuntu-cve https://ubuntu.com/security/CVE-2019-8331
openstack-dashboard,from xenial UCA, python-django-horizon version 13.0.2-0ubuntu3~cloud0
`pull-uca-source python-django-horizon 3:13.0.2-0ubuntu3~cloud0` |
|
| 2021-08-18 17:24:34 |
Jeremy Stanley |
bug task added |
|
ossa |
|
| 2021-08-18 17:24:46 |
Jeremy Stanley |
ossa: status |
New |
Incomplete |
|
| 2021-08-18 17:25:06 |
Jeremy Stanley |
bug |
|
|
added subscriber Horizon Core security contacts |
| 2021-08-19 22:43:55 |
Heather Lemon |
bug |
|
|
added subscriber Dominique Poulain |
| 2021-08-24 12:05:02 |
Jeremy Stanley |
bug task added |
|
cloud-archive |
|
| 2021-08-24 12:05:20 |
Jeremy Stanley |
horizon: status |
New |
Invalid |
|
| 2021-08-24 12:05:25 |
Jeremy Stanley |
ossa: status |
Incomplete |
Invalid |
|
| 2021-08-24 12:05:40 |
Jeremy Stanley |
description |
This issue is being treated as a potential security risk under
embargo. Please do not make any public mention of embargoed
(private) security vulnerabilities before their coordinated
publication by the OpenStack Vulnerability Management Team in the
form of an official OpenStack Security Advisory. This includes
discussion of the bug or associated fixes in public forums such as
mailing lists, code review systems and bug trackers. Please also
avoid private disclosure to other individuals not already approved
for access to this information, and provide this same reminder to
those who are made aware of the issue prior to publication. All
discussion should remain confined to this private bug report, and
any proposed fixes should be added to the bug as attachments. This
embargo shall not extend past 2021-11-16 and will be made
public by or on that date even if no fix is identified.
The data-template attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript.
github source: https://github.com/twbs/bootstrap/pull/28236
github upstream MR: https://github.com/twbs/bootstrap/pull/28236/commits/5efa9b531d25927b907e3fa24b818608bc38a2f0
ubuntu-cve https://ubuntu.com/security/CVE-2019-8331
openstack-dashboard,from xenial UCA, python-django-horizon version 13.0.2-0ubuntu3~cloud0
`pull-uca-source python-django-horizon 3:13.0.2-0ubuntu3~cloud0` |
The data-template attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript.
github source: https://github.com/twbs/bootstrap/pull/28236
github upstream MR: https://github.com/twbs/bootstrap/pull/28236/commits/5efa9b531d25927b907e3fa24b818608bc38a2f0
ubuntu-cve https://ubuntu.com/security/CVE-2019-8331
openstack-dashboard,from xenial UCA, python-django-horizon version 13.0.2-0ubuntu3~cloud0
`pull-uca-source python-django-horizon 3:13.0.2-0ubuntu3~cloud0` |
|
| 2021-08-24 12:06:37 |
Jeremy Stanley |
cve linked |
|
2019-8331 |
|
| 2021-08-24 14:07:40 |
Heather Lemon |
bug |
|
|
added subscriber Chris MacNaughton |
| 2021-08-24 14:09:12 |
Heather Lemon |
bug |
|
|
added subscriber Dan Streetman |
| 2021-08-24 14:10:11 |
Heather Lemon |
removed subscriber Chris MacNaughton |
|
|
|
| 2021-08-24 14:55:47 |
Heather Lemon |
bug |
|
|
added subscriber Ubuntu Security Team |
| 2021-08-24 16:04:34 |
Heather Lemon |
tags |
|
security |
|
| 2021-08-24 16:04:44 |
Heather Lemon |
tags |
security |
security ubuntu-security |
|
| 2021-08-24 16:05:35 |
Heather Lemon |
information type |
Private Security |
Public Security |
|
| 2021-08-24 16:06:17 |
Heather Lemon |
information type |
Public Security |
Private Security |
|
| 2021-08-24 16:10:57 |
Heather Lemon |
removed subscriber Dominique Poulain |
|
|
|
| 2021-08-24 16:10:57 |
Heather Lemon |
removed subscriber Dan Streetman |
|
|
|
| 2021-08-24 16:10:57 |
Heather Lemon |
removed subscriber Ubuntu Security Team |
|
|
|
| 2021-08-24 17:05:14 |
Heather Lemon |
bug |
|
|
added subscriber Ante Karamatić |
| 2021-08-24 17:23:23 |
Heather Lemon |
bug |
|
|
added subscriber Seth Arnold |
| 2021-08-24 18:43:20 |
Heather Lemon |
bug |
|
|
added subscriber Dan Streetman |
| 2021-08-25 02:23:50 |
Seth Arnold |
bug task added |
|
python-xstatic-bootstrap-scss (Ubuntu) |
|
| 2021-08-25 02:24:05 |
Seth Arnold |
bug task added |
|
horizon (Ubuntu) |
|
| 2021-08-25 02:24:32 |
Seth Arnold |
information type |
Private Security |
Public Security |
|
| 2021-08-26 15:48:55 |
Heather Lemon |
tags |
security ubuntu-security |
horizon-core security ubuntu-security |
|
| 2021-09-01 15:13:07 |
Heather Lemon |
attachment added |
|
Screenshot from 2021-08-23 15-55-14.png https://bugs.launchpad.net/horizon/+bug/1940450/+attachment/5522304/+files/Screenshot%20from%202021-08-23%2015-55-14.png |
|
| 2021-09-01 17:55:18 |
Heather Lemon |
tags |
horizon-core security ubuntu-security |
cloud-archive horizon-core security ubuntu-security |
|
| 2021-09-10 17:39:48 |
Heather Lemon |
attachment added |
|
xsshorizon-2021-09-10_11.30.01 https://bugs.launchpad.net/horizon/+bug/1940450/+attachment/5524434/+files/xsshorizon-2021-09-10_11.30.01 |
|
| 2021-09-14 17:43:48 |
Steve Beattie |
bug |
|
|
added subscriber Steve Beattie |
| 2021-09-15 21:43:28 |
Dominique Poulain |
bug |
|
|
added subscriber Dominique Poulain |
| 2021-10-04 17:37:01 |
Heather Lemon |
python-xstatic-bootstrap-scss (Ubuntu): status |
New |
Won't Fix |
|
| 2022-06-14 19:06:04 |
Steve Beattie |
horizon (Ubuntu): status |
New |
Won't Fix |
|
