Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openstack horizon vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-45582
Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter.
Openstack Horizon
NA
CVE-2022-1655
An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confiden...
Redhat Openstack 16.2
5.8
CVSSv2
CVE-2020-29565
An issue exists in OpenStack Horizon prior to 15.3.2, 16.x prior to 16.2.1, 17.x and 18.x prior to 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automat...
Openstack Horizon
Debian Debian Linux 10.0
9
CVSSv2
CVE-2020-26943
An issue exists in OpenStack blazar-dashboard prior to 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under (because the Python eval function is used). This may ...
Openstack Blazar-dashboard
Openstack Blazar-dashboard 2.0.0
Openstack Blazar-dashboard 3.0.0
2.1
CVSSv2
CVE-2012-5476
Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value.
Openstack Horizon 2012.2
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
2.1
CVSSv2
CVE-2012-5474
The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package prior to 2012.1.1) is world readable and exposes the secret key value.
Redhat Openstack 2.0
Openstack Horizon
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 18
4.3
CVSSv2
CVE-2016-6209
Cross-site scripting (XSS) vulnerability in Nagios.
Nagios Nagios -
4.3
CVSSv2
CVE-2015-3219
Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 prior to 2014.2.4 and 2015.1.x prior to 2015.1.1 allows remote malicious users to inject arbitrary web script or HTML via the description parameter in a heat templa...
Debian Debian Linux 8.0
Openstack Horizon 2014.2.0
Openstack Horizon 2014.2.1
Openstack Horizon 2015.1.0
Openstack Horizon 2014.2.2
Openstack Horizon 2014.2.3
Oracle Solaris 11.2
5
CVSSv2
CVE-2014-8124
OpenStack Dashboard (Horizon) prior to 2014.1.3 and 2014.2.x prior to 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote malicious users to cause a denial of service via a large number of requests to the login page.
Openstack Horizon
Fedoraproject Fedora 21
Opensuse Opensuse 13.1
Oracle Solaris 11.2
5.5
CVSSv2
CVE-2013-4471
The Identity v3 API in OpenStack Dashboard (Horizon) prior to 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote malicious users to change a user password by leveraging the authentication token for that user.
Openstack Horizon
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »