[OSSA-2017-003] XSS in federation mappings UI (CVE-2017-7400)
Bug #1680741 reported by
Adam Heczko
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mirantis OpenStack |
Confirmed
|
High
|
MOS Horizon | ||
8.0.x |
Invalid
|
High
|
MOS Maintenance | ||
9.x |
Invalid
|
High
|
MOS Maintenance |
Bug Description
Detailed bug description:
Eric Brown from VMware reported a vulnerability in Horizon. By creating a malicious federation mapping, an adminstrator may conduct a persistent XSS attack. All Horizon setups are affected.
LP reference:
https:/
Fix for pike:
https:/
Fix for ocata:
https:/
Fix for newton:
https:/
Fix for mitaka:
https:/
Changed in mos: | |
assignee: | nobody → MOS Horizon (mos-horizon) |
status: | New → Confirmed |
To post a comment you must log in.
For MOS 9 patch placed here -- https:/ /review. fuel-infra. org/gitweb? p=openstack/ horizon. git;a=commit; h=ce80bb6fec3cb 0262728e7ae8b9d 695cf832e5bf
For MOS 10 patch on on review -- https:/ /review. fuel-infra. org/#/c/ 32924/