CVE-2022-45582

Vulnerability

Overview

CVE-2022-45582 is an open redirect vulnerability in the OpenStack Horizon Dashboard, affecting versions 19.4.0 through 20.1.4. The root cause is the lack of input sanitization on the success_url parameter used when updating project snapshots. An attacker can craft a URL containing an external redirect target, and when a user clicks the link and submits the update form, the server responds with a 302 redirect to the attacker-controlled site. [1][2]

Exploitation

Details

The attack is performed by sending a user a specially crafted link like https://xxx.com/project/snapshots//update/?success_url=https://hacker.com. When the user clicks "Update", the browser sends a POST request including the malicious success_url parameter. The Horizon server processes the request and, without validating the target, issues a redirect (HTTP 302) with the Location header set to the attacker's URL. No authentication bypass or additional privileges are required beyond a valid session—the user must be logged in to Horizon for the request to succeed. [2]

Impact

A successful exploit allows an attacker to redirect users to an arbitrary external site. This can be leveraged for phishing campaigns, where the victim is tricked into entering credentials or sensitive information on a cloned login page. The vulnerability is classified as CWE-601 (URL Redirection to Untrusted Site), which can undermine the trustworthiness of the Horizon dashboard and lead to account compromise. [2]

Mitigation

OpenStack has addressed this issue in Horizon versions after 20.1.4. The fix likely involves validating that the success_url parameter points only to trusted internal paths. Users running affected versions (19.4.0 to 20.1.4) should upgrade to a patched release or apply any vendor-supplied workaround. The bug was reported in July 2022 and is documented in Launchpad bug #1982676. [1][2]