CVE-2020-29565

Name of the Vulnerable Software and Affected Versions: OpenStack Horizon versions prior to 15.3.2 OpenStack Horizon versions 16.x prior to 16.2.1 OpenStack Horizon versions 17.x and 18.x prior to 18.3.3 OpenStack Horizon versions 18.4.x and 18.5.x

Description: The issue is related to a lack of validation of the next parameter in OpenStack Horizon. This allows an attacker to supply a malicious URL that can cause an automatic redirect to the provided malicious URL, potentially leading to unauthorized access to confidential data and disruption of its integrity.

Recommendations: For OpenStack Horizon versions prior to 15.3.2, update to version 15.3.2 or later. For OpenStack Horizon versions 16.x prior to 16.2.1, update to version 16.2.1 or later. For OpenStack Horizon versions 17.x and 18.x prior to 18.3.3, update to version 18.3.3 or later. For OpenStack Horizon versions 18.4.x and 18.5.x, consider disabling the use of the next parameter until a patch is available. As a temporary workaround, consider restricting access to the vulnerable interface to minimize the risk of exploitation.