GitHub Advisory DatabaseGHSA-5PV6-RPRW-82WVHorizon Web Dashboard Open Redirect vulnerability
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
20.4%
Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter.
Affected configurations
References
bugs.launchpad.net/horizon/+bug/1982676
github.com/advisories/GHSA-5pv6-rprw-82wv
github.com/openstack/horizon/blob/master/horizon/workflows/views.py#L96-L102
github.com/pypa/advisory-database/tree/main/vulns/horizon/PYSEC-2023-153.yaml
lists.debian.org/debian-lts-announce/2023/11/msg00033.html
lists.debian.org/debian-lts-announce/2023/12/msg00000.html
nvd.nist.gov/vuln/detail/CVE-2022-45582
opendev.org/openstack/horizon/commit/79d139594290779b2f74ca894332aa7f2f7e4735
Related
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
20.4%