OSSA-2016-010: XSS in Horizon client side template¶

Date:: June 15, 2016
CVE:: CVE-2016-4428

Affects¶

Horizon: <=8.0.1, >=9.0.0 <=9.0.1

Description¶

Beth Lancaster and Brandon Sawyers from Virginia Tech reported a vulnerability in Horizon. By injecting Angularjs template in dashboard forms, such as image’s description, an authenticated user may trigger a cross-site-scripting vulnerability when another user browses the affected pages. It may result in potential assets theft like user access credentials. All Horizon setups are affected.

Patches¶

https://review.openstack.org/329997 (Liberty)
https://review.openstack.org/329996 (Mitaka)
https://review.openstack.org/329998 (Newton)

Credits¶

Beth Lancaster from Virginia Tech (CVE-2016-4428)
Brandon Sawyers from Virginia Tech (CVE-2016-4428)

References¶

https://bugs.launchpad.net/bugs/1567673
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4428

OSSA-2016-010: XSS in Horizon client side template