Open Redirect Vulnerability in Horizon Web Dashboard by OpenStack
CVE-2022-45582

6.1MEDIUM

Key Information:

Vendor: Openstack
Status: Horizon
Vendor: CVE Published:; 22 August 2023

Summary

The Horizon Web Dashboard versions 19.4.0 to 20.1.4 have a vulnerability that allows for Open Redirect attacks through manipulation of the success_url parameter. This could lead to unauthorized redirection of users to untrusted domains, potentially compromising sensitive user data. Mitigation involves updating to the latest version to ensure users are protected from this security flaw.

References

https://bugs.launchpad.net/horizon/+bug/1982676

https://github.com/openstack/horizon/blob/master/horizon/...

https://lists.debian.org/debian-lts-announce/2023/11/msg0...

mailing-list

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 22, 2023
Vulnerability Reserved
Nov 21, 2022