6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
5.5 Medium
AI Score
Confidence
High
0.024 Low
EPSS
Percentile
90.0%
Matthias Weckbecker discovered a cross-site scripting (XSS) vulnerability
in Horizon via the log viewer refrash mechanism. If a user were tricked
into viewing a specially crafted log message, a remote attacker could
exploit this to modify the contents or steal confidential data within the
same domain. (CVE-2012-2094)
Thomas Biege discovered a session fixation vulnerability in Horizon. An
attacker could exploit this to potentially allow access to unauthorized
information and capabilities. (CVE-2012-2144)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 12.04 | noarch | python-django-horizon | < 2012.1-0ubuntu8.1 | UNKNOWN |
Ubuntu | 12.04 | noarch | openstack-dashboard | < 2012.1-0ubuntu8.1 | UNKNOWN |
Ubuntu | 12.04 | noarch | openstack-dashboard-ubuntu-theme | < 2012.1-0ubuntu8.1 | UNKNOWN |
Ubuntu | 12.04 | noarch | python-django-openstack | < 2012.1-0ubuntu8.1 | UNKNOWN |