Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2020-29565

Source

Debian Bug report logs - #976872
CVE-2020-29565: Open redirect in workflow forms (OSSA-2020-008)

Package: src:horizon; Maintainer for src:horizon is Debian OpenStack <team+openstack@tracker.debian.org>;

Reported by: Thomas Goirand <zigo@debian.org>

Date: Tue, 8 Dec 2020 20:15:01 UTC

Severity: important

Tags: patch, security, upstream

Found in version horizon/3:14.0.2-3

Fixed in version horizon/3:18.6.1-1

Forwarded to https://bugs.launchpad.net/horizon/+bug/1865026

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian OpenStack <team+openstack@tracker.debian.org>:
Bug#976872; Package src:horizon. (Tue, 08 Dec 2020 20:15:03 GMT) (full text, mbox, link).

Acknowledgement sent to Thomas Goirand <zigo@debian.org>:
New Bug report received and forwarded. Copy sent to Debian OpenStack <team+openstack@tracker.debian.org>. (Tue, 08 Dec 2020 20:15:03 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Source: horizon
Severity: important
Tags: patch

==============================================
OSSA-2020-008: Open redirect in workflow forms
==============================================

:Date: December 03, 2020
:CVE: CVE-2020-29565


Affects
~~~~~~~
- - Horizon:  <15.3.2, >=16.0.0 <16.2.1, >=17.0.0 <18.3.3, >=18.4.0 <18.6.0


Description
~~~~~~~~~~~
Pritam Singh (Red Hat) reported a vulnerability in Horizon's workflow
forms. Previously there was a lack of validation on the "next"
parameter, which would allow someone to supply a malicious URL in
Horizon that can cause an automatic redirect to the provided malicious
URL.


Patches
~~~~~~~
- - https://review.opendev.org/758843 (Stein)
- - https://review.opendev.org/758841 (Train)


Credits
~~~~~~~
- - Pritam Singh from Red Hat (CVE-2020-29565)


References
~~~~~~~~~~
- - https://launchpad.net/bugs/1865026
- - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29565

Set Bug forwarded-to-address to 'https://bugs.launchpad.net/horizon/+bug/1865026'. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Tue, 08 Dec 2020 20:24:02 GMT) (full text, mbox, link).

Added tag(s) upstream and security. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Tue, 08 Dec 2020 20:24:03 GMT) (full text, mbox, link).

Marked as found in versions horizon/3:14.0.2-3. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Tue, 08 Dec 2020 20:54:02 GMT) (full text, mbox, link).

Marked as fixed in versions horizon/3:18.6.1-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Tue, 08 Dec 2020 20:54:03 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Dec 9 07:57:42 2020; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-29565: Open redirect in workflow forms (OSSA-2020-008)

Debian Bug report logs - #976872
CVE-2020-29565: Open redirect in workflow forms (OSSA-2020-008)

Vulmon Search

About

Products

Connect

CVE-2020-29565: Open redirect in workflow forms (OSSA-2020-008)

Debian Bug report logs - #976872 CVE-2020-29565: Open redirect in workflow forms (OSSA-2020-008)

Vulmon Search

About

Products

Connect

Debian Bug report logs - #976872
CVE-2020-29565: Open redirect in workflow forms (OSSA-2020-008)