PT-2012-4795 · Openstack · Openstack Dashboard

Thomas Biege

Publicado

2012-09-05

Atualizado

2023-02-13

CVE-2012-3540

CVSS v2.0

5.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions OpenStack Dashboard (Horizon) version 2012.1

Description The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to the "/auth/login/" API endpoint.

Recommendations For OpenStack Dashboard (Horizon) version 2012.1, as a temporary workaround, consider restricting access to the /auth/login/ API endpoint to minimize the risk of exploitation. Avoid using the next parameter in the affected API endpoint until the issue is resolved.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2012-3540

PYSEC-2012-18

RHSA-2012:1380

Produtos afetados

Openstack Dashboard

PT-2012-4795 · Openstack · Openstack Dashboard

CVE-2012-3540

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 15