Moderate severityNVD Advisory· Published Dec 4, 2020· Updated Aug 4, 2024
CVE-2020-29565
CVE-2020-29565
Description
An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provided malicious URL.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
horizonPyPI | < 15.3.2 | 15.3.2 |
horizonPyPI | >= 16.0.0, < 16.2.1 | 16.2.1 |
horizonPyPI | >= 17.0.0, < 18.3.3 | 18.3.3 |
horizonPyPI | >= 18.4.0, < 18.6.0 | 18.6.0 |
Affected products
8- OpenStack/Horizondescription
- ghsa-coords7 versionspkg:pypi/horizonpkg:rpm/suse/openstack-dashboard&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-dashboard&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-dashboard&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/release-notes-hpe-helion-openstack&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/release-notes-suse-openstack-cloud&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/release-notes-suse-openstack-cloud&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208
< 15.3.2+ 6 more
- (no CPE)range: < 15.3.2
- (no CPE)range: < 12.0.5~dev6-3.29.1
- (no CPE)range: < 12.0.5~dev6-3.29.1
- (no CPE)range: < 12.0.5~dev6-3.29.1
- (no CPE)range: < 8.20201214-3.26.1
- (no CPE)range: < 8.20201214-3.26.1
- (no CPE)range: < 8.20201214-3.26.1
Patches
Vulnerability mechanics
References
15- github.com/advisories/GHSA-f8fh-xp28-q59mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-29565ghsaADVISORY
- www.debian.org/security/2020/dsa-4820ghsavendor-advisoryx_refsource_DEBIANWEB
- www.openwall.com/lists/oss-security/2020/12/08/2ghsamailing-listx_refsource_MLISTWEB
- bugs.launchpad.net/horizon/+bug/1865026ghsax_refsource_MISCWEB
- github.com/openstack/horizon/commit/252467100f75587e18df9c43ed5802ee8f0017faghsaWEB
- github.com/openstack/horizon/commit/6c208edf323ced07b15ec4bc3879bddb91d398bcghsaWEB
- github.com/openstack/horizon/commit/9e0e333ab5277b6c396f602862ff90398cb0242bghsaWEB
- github.com/openstack/horizon/commit/baa370f84332ad41502daea29a551705696f4421ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/horizon/PYSEC-2020-45.yamlghsaWEB
- review.opendev.org/c/openstack/horizon/+/758841ghsaWEB
- review.opendev.org/c/openstack/horizon/+/758841/mitrex_refsource_MISC
- review.opendev.org/c/openstack/horizon/+/758843ghsaWEB
- review.opendev.org/c/openstack/horizon/+/758843/mitrex_refsource_MISC
- security.openstack.org/ossa/OSSA-2020-008.htmlghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.