Bug 891815 – VUL-0: CVE-2014-3594: openstack-dashboard: Persistent XSS in Horizon Host Aggregates interface

Bug 891815 - (CVE-2014-3594) VUL-0: CVE-2014-3594: openstack-dashboard: Persistent XSS in Horizon Host Aggregates interface

(CVE-2014-3594)
Summary:	VUL-0: CVE-2014-3594: openstack-dashboard: Persistent XSS in Horizon Host Agg...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	maint:running:58190:moderate maint:re...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2014-08-13 17:08 UTC by Alexander Bergmann
Modified:	2015-02-19 02:00 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Comment 4 Swamp Workflow Management 2014-08-13 22:00:46 UTC

bugbot adjusting priority

Comment 7 Bernhard Wiedemann 2014-08-20 13:31:24 UTC

is public
https://review.openstack.org/#/q/Id82eefe48ccb17a158751ec65d24f3ac779380ec,n,z
https://bugs.launchpad.net/horizon/+bug/1349491

Comment 8 Bernhard Wiedemann 2014-08-28 06:39:24 UTC

submitted
https://build.suse.de/request/show/43192 Cloud3 / openstack-dashboard
https://build.suse.de/request/show/43191 Cloud4 / openstack-dashboard

Comment 9 Swamp Workflow Management 2014-09-10 18:04:36 UTC

SUSE-SU-2014:1111-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 891815
CVE References: CVE-2014-3475
Sources used:
SUSE Cloud 4 (src):    openstack-dashboard-2014.1.3.dev4.ge53cc81-0.7.1

Comment 10 Marcus Meissner 2014-09-25 16:03:33 UTC

released for cl4, pending for cl3

Comment 11 Bernhard Wiedemann 2014-12-12 14:00:39 UTC

This is an autogenerated message for OBS integration:
This bug (891815) was mentioned in
https://build.opensuse.org/request/show/265000 13.1 / openstack-dashboard

Comment 12 Swamp Workflow Management 2015-01-19 13:05:59 UTC

openSUSE-SU-2015:0078-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 852175,869696,871855,885588,891815,908199
CVE References: CVE-2013-6858,CVE-2014-0157,CVE-2014-3473,CVE-2014-3474,CVE-2014-3475,CVE-2014-3594,CVE-2014-8124
Sources used:
openSUSE 13.1 (src):    openstack-dashboard-2013.2.5.dev2.g9ee7273-4.1, python-django_openstack_auth-1.1.3-4.1