CVE-2020-29565: OpenStack Horizon Open redirect in workflow forms
(updated )
An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the “next” parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provided malicious URL.
References
- bugs.launchpad.net/horizon/+bug/1865026
- github.com/advisories/GHSA-f8fh-xp28-q59m
- github.com/openstack/horizon
- github.com/openstack/horizon/commit/252467100f75587e18df9c43ed5802ee8f0017fa
- github.com/openstack/horizon/commit/6c208edf323ced07b15ec4bc3879bddb91d398bc
- github.com/openstack/horizon/commit/9e0e333ab5277b6c396f602862ff90398cb0242b
- github.com/openstack/horizon/commit/baa370f84332ad41502daea29a551705696f4421
- github.com/pypa/advisory-database/tree/main/vulns/horizon/PYSEC-2020-45.yaml
- nvd.nist.gov/vuln/detail/CVE-2020-29565
- review.opendev.org/c/openstack/horizon/+/758841
- review.opendev.org/c/openstack/horizon/+/758843
- security.openstack.org/ossa/OSSA-2020-008.html
- www.debian.org/security/2020/dsa-4820
Detect and mitigate CVE-2020-29565 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →