OpenStack OpenStack Dashboard (Horizon) 2012.1

CPE Details

OpenStack OpenStack Dashboard (Horizon) 2012.1
openstack
horizon
2012.1
2012-06-06
12h36 +00:00
2012-06-15
14h26 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:openstack:horizon:2012.1:*:*:*:*:*:*:*

Informations

Vendor

openstack

Product

horizon

Version

2012.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2012-5474 2019-12-30 18h36 +00:00 The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value.
5.5
Medium
CVE-2014-8578 2014-10-31 15h00 +00:00 Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-3475.
3.5
CVE-2012-3540 2012-09-05 21h00 +00:00 Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by mistake.
5.8
CVE-2012-2094 2012-06-05 20h00 +00:00 Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console.
4.3
CVE-2012-2144 2012-06-05 20h00 +00:00 Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie.
6.8
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.