StarlingX

[Debian] High CVE: CVE-2022-45582 horizon: Open Redirect vulnerability

Bug #2038880 reported by Yue Tao
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
High
Zhixiong Chi

Bug Description

CVE-2022-45582: https://nvd.nist.gov/vuln/detail/CVE-2022-45582

Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter.

Base Score: High

Reference:

horizon_3:18.6.2-5+deb11u2

CVE References

Zhixiong Chi (zhixiongchi)
Changed in starlingx:
assignee: nobody → Zhixiong Chi (zhixiongchi)
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to upstream (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/upstream/+/899131

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to upstream (master)

Reviewed: https://review.opendev.org/c/starlingx/upstream/+/899131
Committed: https://opendev.org/starlingx/upstream/commit/9924af318efe6ee83f2ffd33ce6d33fb1154ed06
Submitter: "Zuul (22348)"
Branch: master

commit 9924af318efe6ee83f2ffd33ce6d33fb1154ed06
Author: Zhixiong Chi <email address hidden>
Date: Mon Oct 23 00:34:38 2023 -0700

    python-horizon: Upgrade to 18.6.2-5+deb11u2

    Upgrade python-horizon to 18.6.2-5+deb11u2 to fix the CVE issue:
    CVE-2022-45582

    Refer to:
    https://nvd.nist.gov/vuln/detail/CVE-2022-45582

    TestPlan:
    PASS: downloader;build-pkgs -c;build-image
    PASS: boot
    PASS: Sanity test on AIO-SX node

    Closes-bug: 2038880

    Change-Id: I7ce385cde29ade8681ec6449d0f3379057edaac0
    Signed-off-by: Zhixiong Chi <email address hidden>

Changed in starlingx:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.