OpenStack OpenStack Dashboard (Horizon) folsom-1

CPE Details

OpenStack OpenStack Dashboard (Horizon) folsom-1
openstack
horizon
folsom-1
2012-06-06
12h36 +00:00
2012-06-15
14h26 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:openstack:horizon:folsom-1:*:*:*:*:*:*:*

Informations

Vendor

openstack

Product

horizon

Version

folsom-1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2014-8578 2014-10-31 15h00 +00:00 Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-3475.
3.5
CVE-2012-3426 2012-07-31 08h00 +00:00 OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.
4.9
CVE-2012-2094 2012-06-05 20h00 +00:00 Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console.
4.3
CVE-2012-2144 2012-06-05 20h00 +00:00 Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie.
6.8