CVEs related to bugs in OpenStack Dashboard (Horizon)

Open bugs

There are no CVEs related to bugs open in OpenStack Dashboard (Horizon).

Resolved bugs

Bug CVE(s)
Bug #977944: refreshing in log viewer interprets html and javascript CVE-2012-2094
OpenStack Dashboard (Horizon) Fix released (unassigned)
Bug #978896: session fixation vulnerability CVE-2012-2144
OpenStack Dashboard (Horizon) Fix released, assigned to Paul McMillan
Bug #997669: When adding ICMP rule, the type/code is being validated as from/to ports CVE-2012-2094
CVE-2012-2144
OpenStack Dashboard (Horizon) Fix released, assigned to Tihomir Trifonov
Bug #1020555: Wrong 'Download CSV Summary' link CVE-2012-3540
OpenStack Dashboard (Horizon) Fix released, assigned to Gabriel Hurley
Bug #1031291: TypeError when trying to delete an unnamed volume via dashboard CVE-2012-3540
OpenStack Dashboard (Horizon) Fix released, assigned to Gabriel Hurley
Bug #1039077: [OSSA 2012-012] open redirect / phishing attack via "next" parameter CVE-2012-3540
OpenStack Dashboard (Horizon) Invalid (unassigned)
Bug #1057125: stable/essex horizon installs unusable version of glance CVE-2012-3540
OpenStack Dashboard (Horizon) Invalid by Brian Waldon
Bug #1177924: Use testr instead of nose as the unittest runner. CVE-2016-0738
OpenStack Dashboard (Horizon) Won't fix (unassigned)
Bug #1237989: user can update his password without knowing the old password CVE-2013-4471
OpenStack Dashboard (Horizon) Fix released, assigned to Matthias Runge
Bug #1247675: [OSSA 2013-036] Insufficient sanitization of Instance Name in Horizon (CVE-2013-6858) CVE-2013-6406
CVE-2013-6858
OpenStack Dashboard (Horizon) Fix released, assigned to Rob Raymond
Bug #1289033: [OSSA-2014-010] XSS in Horizon-Orchestration (CVE-2014-0157) CVE-2014-0157
OpenStack Dashboard (Horizon) Fix released, assigned to Cristian Fiorentino
Bug #1308727: [OSSA 2014-023] XSS in Horizon Heat template - resource name (CVE-2014-3473) CVE-2014-3473
OpenStack Dashboard (Horizon) Fix released, assigned to Julie Pichon
Bug #1320235: [OSSA 2014-023] Stored XSS for /admin/users/ (CVE-2014-3475) CVE-2014-3475
CVE-2014-8578
OpenStack Dashboard (Horizon) Fix released, assigned to Julie Pichon
Bug #1322197: [OSSA 2014-023] Persistent XSS in OpenStack Havana UI for Network Name (CVE-2014-3474) CVE-2014-3474
OpenStack Dashboard (Horizon) Fix released, assigned to Julie Pichon
Bug #1349491: [OSSA 2014-027] Persistent XSS in the Host Aggregates interface (CVE-2014-3594) CVE-2014-3594
OpenStack Dashboard (Horizon) Fix released, assigned to Julie Pichon
Bug #1394370: [OSSA 2014-040] horizon login page is vulnerable to DOS attack (CVE-2014-8124) CVE-2014-8124
OpenStack Dashboard (Horizon) Fix released, assigned to Eric Peterson
Bug #1453074: [OSSA 2015-010] help_text parameter of fields is vulnerable to arbitrary html injection (CVE-2015-3219) CVE-2015-3219
OpenStack Dashboard (Horizon) Fix released, assigned to Lin Hua Cheng
Bug #1529836: Fix deprecated library function (os.popen()). CVE-2016-0738
OpenStack Dashboard (Horizon) Fix released, assigned to Harshada Mangesh Kakad
Bug #1567673: [OSSA-2016-010] Possible client side template injection in horizon (CVE-2016-4428) CVE-2016-4428
OpenStack Dashboard (Horizon) Fix released, assigned to Tristan Cacqueray
Bug #1606500: [OSSA 2016-013] Heat: template source URL allows network port scan (CVE-2016-9185) CVE-2016-9185
OpenStack Dashboard (Horizon) Invalid (unassigned)
Bug #1667086: [OSSA-2017-003] XSS in federation mappings UI (CVE-2017-7400) CVE-2017-7400
OpenStack Dashboard (Horizon) Fix released, assigned to Richard Jones
Bug #1865026: [OSSA-2020-008] Open redirect in workflow forms (CVE-2020-29565) CVE-2020-29565
OpenStack Dashboard (Horizon) Fix released, assigned to Radomir Dopieralski