CVE-2020-26943

Name of the Vulnerable Software and Affected Versions OpenStack blazar-dashboard versions prior to 1.3.1 OpenStack blazar-dashboard version 2.0.0 OpenStack blazar-dashboard version 3.0.0

Description An issue in OpenStack blazar-dashboard allows a user with access to the Blazar dashboard in Horizon to trigger code execution on the Horizon host. This is due to the use of the Python eval function, which may result in unauthorized access to the Horizon host and further compromise of the Horizon service. All setups using the Horizon dashboard with the blazar-dashboard plugin are affected.

Recommendations For OpenStack blazar-dashboard versions prior to 1.3.1, update to version 1.3.1 or later. For OpenStack blazar-dashboard version 2.0.0, update to a version later than 2.0.0. For OpenStack blazar-dashboard version 3.0.0, update to a version later than 3.0.0. As a temporary workaround, consider restricting access to the Blazar dashboard in Horizon to minimize the risk of exploitation.