OSSA-2014-027: Persistent XSS in Horizon Host Aggregates interface

Date:

August 19, 2014

CVE:

CVE-2014-3594

Affects

• Horizon: up to 2013.2.3, and 2014.1 versions up to 2014.1.2

Description

Dennis Felsch and Mario Heiderich from the Horst Görtz Institute for IT-Security, Ruhr-University Bochum reported a persistent XSS in Horizon. A malicious administrator may conduct a persistent XSS attack by registering a malicious host aggregate in Horizon Host Aggregate interface. Once executed in a legitimate context this attack may reveal another admin token, potentially resulting in a lateral privilege escalation. All Horizon setups are affected.

Patches

• https://review.openstack.org/#/c/115313 (Havana)

• https://review.openstack.org/#/c/115311 (Icehouse)

• https://review.openstack.org/#/c/115310 (Juno)

Credits

• Dennis Felsch from Ruhr-University Bochum (CVE-2014-3594)

• Mario Heiderich from Ruhr-University Bochum (CVE-2014-3594)

References

• https://launchpad.net/bugs/1349491

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3594