CVE-2021-4472: OpenStack's Mistral Client has a local file inclusion vulnerability
(updated )
The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the ‘Create Workbook’ feature that may result in disclosure of arbitrary local files content.
References
- access.redhat.com/security/cve/CVE-2021-4472
- bugs.launchpad.net/horizon/+bug/1931558
- bugzilla.redhat.com/show_bug.cgi?id=2417321
- github.com/advisories/GHSA-75hx-6r6j-hw56
- lists.debian.org/debian-lts-announce/2025/12/msg00002.html
- lists.debian.org/debian-lts-announce/2025/12/msg00003.html
- nvd.nist.gov/vuln/detail/CVE-2021-4472
- opendev.org/openstack/mistral-dashboard
- review.opendev.org/c/openstack/mistral-dashboard/+/800952
- review.opendev.org/c/openstack/python-mistralclient/+/800950
Code Behaviors & Features
Detect and mitigate CVE-2021-4472 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →