Open Redirect Vulnerability in OpenStack Dashboard by Canonical
CVE-2012-3540

Currently unrated

Key Information:

Vendor: Openstack
Status: Horizon
Vendor: CVE Published:; 5 September 2012

Summary

An open redirect vulnerability exists in the OpenStack Dashboard (Horizon) Essex (2012.1). This flaw allows remote attackers to manipulate the 'next' parameter in the auth/login section, redirecting users to unauthorized external web sites. This creates significant risk for attempts at phishing, as attackers can exploit this vulnerability to deceive users, leading them to malicious sites that may compromise their sensitive information.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/78196

vdb-entryx_refsource_XF

https://bugs.launchpad.net/horizon/+bug/1039077

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2012/08/30/4

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Sep 5, 2012
Vulnerability Reserved
Jun 14, 2012