Veracode Vulnerability DatabaseVERACODE:42946Open Redirect
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
20.4%
Horizon is vulnerable to Open Redirect. The vulnerability is due to improper URL redirects validation in the get_context_data function of views.py, which allows an attacker to redirect a user to a malicious URL.
References
bugs.launchpad.net/horizon/+bug/1982676
github.com/advisories/GHSA-5pv6-rprw-82wv
github.com/openstack/horizon/blob/master/horizon/workflows/views.py#L96-L102
github.com/openstack/horizon/commit/fade123b22d0c0bdc04a2f8bff53c7b6e5ca80d9
lists.debian.org/debian-lts-announce/2023/11/msg00033.html
lists.debian.org/debian-lts-announce/2023/12/msg00000.html
opendev.org/openstack/horizon/commit/79d139594290779b2f74ca894332aa7f2f7e4735
Related
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
20.4%