CVE-2020-29565

NameCVE-2020-29565
DescriptionAn issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provided malicious URL.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-4820-1
NVD severitymedium
Debian Bugs976872

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
horizon (PTS)stretch3:10.0.1-1vulnerable
buster3:14.0.2-3vulnerable
buster (security)3:14.0.2-3+deb10u2fixed
bullseye, sid3:18.6.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
horizonsourcebuster3:14.0.2-3+deb10u2DSA-4820-1
horizonsource(unstable)3:18.6.1-1976872

Notes

[stretch] - horizon <no-dsa> (Minor issue)
https://bugs.launchpad.net/horizon/+bug/1865026
https://review.opendev.org/c/openstack/horizon/+/758841/
https://review.opendev.org/c/openstack/horizon/+/758843/
https://opendev.org/openstack/horizon/commit/252467100f75587e18df9c43ed5802ee8f0017fa

Search for package or bug name: Reporting problems