I am a little concerned about the patch that was just merged. It makes it possible to exploit Keystone through a broken dashboard. For example, if the dashboard allowed redirects to other sites (unvalidated redirects) then we would be vulnerable. I don't know that Horizon (or any other dashboard) has this issue currently, but this makes my Spidey senses tingle.
I am a little concerned about the patch that was just merged. It makes it possible to exploit Keystone through a broken dashboard. For example, if the dashboard allowed redirects to other sites (unvalidated redirects) then we would be vulnerable. I don't know that Horizon (or any other dashboard) has this issue currently, but this makes my Spidey senses tingle.