OSSA-2012-006: Horizon session fixation and reuse

OSSA-2012-006: Horizon session fixation and reuse¶

Date:: May 04, 2012
CVE:: CVE-2012-2144

Affects¶

Horizon: All versions

Description¶

Thomas Biege from SUSE reported a vulnerability in OpenStack Dashboard (Horizon). Under specific circumstances it is possible to reuse session cookies from another user, potentially allowing access to unauthorized information and capabilities.

Patches¶

https://review.openstack.org/#/c/7145 (Essex)
https://review.openstack.org/#/c/7144 (Folsom)

Credits¶

Thomas Biege from SUSE (CVE-2012-2144)

References¶

this page last updated: 2024-10-03 16:29:15

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.