OSSA-2015-009: Persistent XSS in Horizon metadata dashboard¶

Date:: May 25, 2015
CVE:: CVE-2015-3988

Affects¶

Horizon: 2014.2 versions through 2014.2.3 and version 2015.1.0

Description¶

Sunil Yadav from IBM Security Services reported a persistent XSS in Horizon. An authenticated user may conduct a persistent XSS attack by setting a malicious metadata to a Glance image, a Nova flavor or a Host Aggregate and tricking an administrator to load the update metadata page. Once executed in a legitimate context this attack may result in a privilege escalation. All Horizon setups are affected.

Patches¶

https://review.openstack.org/183659 (Juno)
https://review.openstack.org/183656 (Kilo)
https://review.openstack.org/179429 (Liberty)

Credits¶

Sunil Yadav from IBM (CVE-2015-3988)

References¶

https://launchpad.net/bugs/1449260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3988

Notes¶

This fix will be included in future 2014.2.4 (juno) and 2015.1.1 (kilo) releases.

OSSA-2015-009: Persistent XSS in Horizon metadata dashboard