OSSA-2020-008: Open redirect in workflow forms

Date:

December 03, 2020

CVE:

CVE-2020-29565

Affects

• Horizon: <15.3.2, >=16.0.0 <16.2.1, >=17.0.0 <18.3.3, >=18.4.0 <18.6.0

Description

Pritam Singh (Red Hat) reported a vulnerability in Horizon’s workflow forms. Previously there was a lack of validation on the “next” parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provided malicious URL.

Patches

• https://review.opendev.org/765951 (Pike)

• https://review.opendev.org/765950 (Queens)

• https://review.opendev.org/765945 (Rocky)

• https://review.opendev.org/758843 (Stein)

• https://review.opendev.org/758841 (Train)

• https://review.opendev.org/752703 (Ussuri)

• https://review.opendev.org/750207 (Victoria)

Credits

• Pritam Singh from Red Hat (CVE-2020-29565)

References

• https://launchpad.net/bugs/1865026

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29565

Notes

• The stable/rocky, stable/queens, and stable/pike branches are under extended maintenance and will receive no new point releases, but patches for them are provided as a courtesy.