CVE-2012-3540

Currently unrated

Key Information:

Vendor: Openstack
Status: Horizon
Vendor: CVE Published:; 5 September 2012

Summary

Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by mistake.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/78196

vdb-entryx_refsource_XF

https://bugs.launchpad.net/horizon/+bug/1039077

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2012/08/30/4

mailing-listx_refsource_MLIST

EPSS Score

1% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 5, 2012
Vulnerability Reserved
Jun 14, 2012