OSSA-2012-006: Horizon session fixation and reuse

OSSA-2012-006: Horizon session fixation and reuse

Date:May 04, 2012
CVE:CVE-2012-2144

Affects

  • Horizon: All versions

Description

Thomas Biege from SUSE reported a vulnerability in OpenStack Dashboard (Horizon). Under specific circumstances it is possible to reuse session cookies from another user, potentially allowing access to unauthorized information and capabilities.

Credits

  • Thomas Biege from SUSE (CVE-2012-2144)
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.