Red Hat Security Advisory 2012-1380-01 - Horizon is the OpenStack Dashboard, a web interface for managing OpenStack services. An open redirect flaw was found in the way Horizon handled authentication. A remote attacker able to trick a victim into opening the Horizon login page using a specially-crafted link could redirect the victim to an arbitrary web page, and conduct phishing attacks, after the victim successfully logs in.
9ca85e08e473f375076cfdac8bb52edb8ec155cd47b21559556e1bb95eeeda6c
Ubuntu Security Notice 1565-1 - Thomas Biege discovered that the Horizon authentication mechanism did not validate the next parameter. An attacker could use this to construct a link to legitimate OpenStack web dashboard that redirected the user to a malicious website after authentication.
812f48cccf540f40acdfa9f208f5a9fc6997a10f42d0192b5df2b1fe2ec4f1e2