OpenStack Dashboard (Horizon)

CVEs related to bugs in OpenStack Dashboard (Horizon)

Open bugs

Bug	CVE(s)
Bug #1892848: XSS in adding JavaScript into the ‘Subnet Name’ field	CVE-2014-3474
OpenStack Dashboard (Horizon)	Incomplete, assigned to Ivan Kolodyazhny
Bug #1997545: CVE-2019-10768 in Angular libs < 1.7.9	CVE-2019-10768
OpenStack Dashboard (Horizon)	New (unassigned)
Bug #2032682: Heat template network discovery	CVE-2016-9185
OpenStack Dashboard (Horizon)	New (unassigned)

Resolved bugs

Bug	CVE(s)
Bug #977944: refreshing in log viewer interprets html and javascript	CVE-2012-2094
OpenStack Dashboard (Horizon)	Fix released (unassigned)
Bug #978896: session fixation vulnerability	CVE-2012-2144
OpenStack Dashboard (Horizon)	Fix released, assigned to Paul McMillan
Bug #997669: When adding ICMP rule, the type/code is being validated as from/to ports	CVE-2012-2094 CVE-2012-2144
OpenStack Dashboard (Horizon)	Fix released, assigned to Tihomir Trifonov
Bug #1020555: Wrong 'Download CSV Summary' link	CVE-2012-3540
OpenStack Dashboard (Horizon)	Fix released, assigned to Gabriel Hurley
Bug #1031291: TypeError when trying to delete an unnamed volume via dashboard	CVE-2012-3540
OpenStack Dashboard (Horizon)	Fix released, assigned to Gabriel Hurley
Bug #1039077: [OSSA 2012-012] open redirect / phishing attack via "next" parameter	CVE-2012-3540
OpenStack Dashboard (Horizon)	Invalid (unassigned)
Bug #1057125: stable/essex horizon installs unusable version of glance	CVE-2012-3540
OpenStack Dashboard (Horizon)	Invalid by Brian Waldon
Bug #1177924: Use testr instead of nose as the unittest runner.	CVE-2016-0738
OpenStack Dashboard (Horizon)	Won't fix (unassigned)
Bug #1237989: user can update his password without knowing the old password	CVE-2013-4471
OpenStack Dashboard (Horizon)	Fix released, assigned to Matthias Runge
Bug #1247675: [OSSA 2013-036] Insufficient sanitization of Instance Name in Horizon (CVE-2013-6858)	CVE-2013-6406 CVE-2013-6858
OpenStack Dashboard (Horizon)	Fix released, assigned to Rob Raymond
Bug #1289033: [OSSA-2014-010] XSS in Horizon-Orchestration (CVE-2014-0157)	CVE-2014-0157
OpenStack Dashboard (Horizon)	Fix released, assigned to Cristian Fiorentino
Bug #1308727: [OSSA 2014-023] XSS in Horizon Heat template - resource name (CVE-2014-3473)	CVE-2014-3473
OpenStack Dashboard (Horizon)	Fix released, assigned to Julie Pichon
Bug #1320235: [OSSA 2014-023] Stored XSS for /admin/users/ (CVE-2014-3475)	CVE-2014-3475 CVE-2014-8578
OpenStack Dashboard (Horizon)	Fix released, assigned to Julie Pichon
Bug #1322197: [OSSA 2014-023] Persistent XSS in OpenStack Havana UI for Network Name (CVE-2014-3474)	CVE-2014-3474
OpenStack Dashboard (Horizon)	Fix released, assigned to Julie Pichon
Bug #1349491: [OSSA 2014-027] Persistent XSS in the Host Aggregates interface (CVE-2014-3594)	CVE-2014-3594
OpenStack Dashboard (Horizon)	Fix released, assigned to Julie Pichon
Bug #1394370: [OSSA 2014-040] horizon login page is vulnerable to DOS attack (CVE-2014-8124)	CVE-2014-8124
OpenStack Dashboard (Horizon)	Fix released, assigned to Eric Peterson
Bug #1453074: [OSSA 2015-010] help_text parameter of fields is vulnerable to arbitrary html injection (CVE-2015-3219)	CVE-2015-3219
OpenStack Dashboard (Horizon)	Fix released, assigned to Lin Hua Cheng
Bug #1529836: Fix deprecated library function (os.popen()).	CVE-2016-0738
OpenStack Dashboard (Horizon)	Fix released, assigned to Harshada Mangesh Kakad
Bug #1567673: [OSSA-2016-010] Possible client side template injection in horizon (CVE-2016-4428)	CVE-2016-4428
OpenStack Dashboard (Horizon)	Fix released, assigned to Tristan Cacqueray
Bug #1606500: [OSSA 2016-013] Heat: template source URL allows network port scan (CVE-2016-9185)	CVE-2016-9185
OpenStack Dashboard (Horizon)	Invalid (unassigned)
Bug #1667086: [OSSA-2017-003] XSS in federation mappings UI (CVE-2017-7400)	CVE-2017-7400
OpenStack Dashboard (Horizon)	Fix released, assigned to Richard Jones
Bug #1865026: [OSSA-2020-008] Open redirect in workflow forms (CVE-2020-29565)	CVE-2020-29565
OpenStack Dashboard (Horizon)	Fix released, assigned to Radomir Dopieralski
Bug #1940450: XSS The data-template attribute of the tooltip and popover plugins lacks input sanitization and may allow attacker to execute arbitrary JavaScript.	CVE-2019-8331
OpenStack Dashboard (Horizon)	Invalid (unassigned)
Bug #1955556: Javascript libraries with vulnerabilities	CVE-2015-9251
OpenStack Dashboard (Horizon)	Fix released, assigned to Vishal Manchanda