CVE-2014-3475

Related Files

Red Hat Security Advisory 2014-1188-01

Posted Sep 15, 2014

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1188-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. A cross-site scripting flaw was found in the way orchestration templates were handled. An owner of such a template could use this flaw to perform XSS attacks against other Horizon users. It was found that network names were not sanitized. A malicious user could use this flaw to perform XSS attacks against other Horizon users by creating a network with a specially crafted name.

tags | advisory, xss

systems | linux, redhat

advisories | CVE-2014-3473, CVE-2014-3474, CVE-2014-3475, CVE-2014-3594

SHA-256 | 06a9c4363ca80ae7ee73bcafdc3503c6698bbfff7d64fb4ec71efe94fc24c35d

Download | Favorite | View

Ubuntu Security Notice USN-2323-1

Posted Aug 21, 2014

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2323-1 - Jason Hullinger discovered that OpenStack Horizon did not properly perform input sanitization on Heat templates. If a user were tricked into using a specially crafted Heat template, an attacker could conduct cross-site scripting attacks. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. Craig Lorentzen discovered that OpenStack Horizon did not properly perform input sanitization when creating networks. If a user were tricked into launching an image using the crafted network name, an attacker could conduct cross-site scripting attacks. Various other issues were also addressed.

tags | advisory, remote, vulnerability, xss

systems | linux, ubuntu

advisories | CVE-2014-3473, CVE-2014-3474, CVE-2014-3475, CVE-2014-3594

SHA-256 | af5d9eaa139a9915db9bda1859494977f366c015c3d6601bc6ac733e84f186a0

Download | Favorite | View

Red Hat Security Advisory 2014-0939-01

Posted Jul 24, 2014

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0939-01 - OpenStack Dashboard provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. A cross-site scripting flaw was found in the way orchestration templates were handled. An owner of such a template could use this flaw to perform XSS attacks against other Horizon users. It was found that network names were not sanitized. A malicious user could use this flaw to perform XSS attacks against other Horizon users by creating a network with a specially crafted name.

tags | advisory, xss

systems | linux, redhat

advisories | CVE-2014-3473, CVE-2014-3474, CVE-2014-3475

SHA-256 | 13312916ca2068b863e545e519d448ced8d30583209b6ecc7061d6772b243f3c

Download | Favorite | View