[PKG-Openstack-devel] BSA needed for #786741 - horizon: CVE-2015-3988: Persistent XSS in Horizon metadata dashboard
Martin Zobel-Helas
zobel at debian.org
Mon May 25 10:26:17 UTC 2015
Hi,
a BSA number is needed for an upload of a security fix in horizon, the
web frontend of openstack.
Description
~~~~~~~~~~~
Sunil Yadav from IBM Security Services reported a persistent XSS in
Horizon. An authenticated user may conduct a persistent XSS attack by
setting a malicious metadata to a Glance image, a Nova flavor or a
Host Aggregate and tricking an administrator to load the update
metadata page. Once executed in a legitimate context this attack may
result in a privilege escalation. All Horizon setups are affected.
Cheers,
Martin
--
Martin Zobel-Helas <zobel at debian.org> Debian System Administrator
Debian & GNU/Linux Developer Debian Listmaster
http://about.me/zobel Debian Webmaster
GPG Fingerprint: 6B18 5642 8E41 EC89 3D5D BDBB 53B1 AC6D B11B 627B
More information about the Openstack-devel
mailing list