OpenStack OpenStack Dashboard (Horizon) 2012.1

CPE Details

OpenStack OpenStack Dashboard (Horizon) 2012.1
openstack
horizon
2012.1
2012-06-06
12h36 +00:00
2012-06-15
14h26 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:openstack:horizon:2012.1:*:*:*:*:*:*:*

Informations

Vendor

openstack

Product

horizon

Version

2012.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2012-5474 2019-12-30 18h36 +00:00 The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value.
5.5
Medium
CVE-2014-8578 2014-10-31 15h00 +00:00 Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-3475.
3.5
CVE-2012-3540 2012-09-05 21h00 +00:00 Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by mistake.
5.8
CVE-2012-2094 2012-06-05 20h00 +00:00 Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console.
4.3
CVE-2012-2144 2012-06-05 20h00 +00:00 Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie.
6.8