CVE-2012-3540Improper Input Validation in Horizon

CWE-20Improper Input ValidationCWE-284Improper Access Control12 documents9 sources
Severity
5.8MEDIUMNVD
EPSS
1.9%
top 16.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openstack Horizon
Timeline
PublishedSep 5
Latest updateMay 17

Description

Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by mistake.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

NVDopenstack/horizon2012.1

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
GHSA-j72v-mpwp-rg79: Open redirect vulnerability in views/auth_forms2022-05-17
GHSA
OpenStack Keystone Allows Remote User Account Creation2022-05-17
CVEList
CVE-2012-3540: Open redirect vulnerability in views/auth_forms2012-09-05
OSV
CVE-2012-3540: Open redirect vulnerability in views/auth_forms2012-09-05

📋Vendor Advisories

4
Ubuntu
OpenStack Horizon vulnerability2012-09-13
Red Hat
OpenStack-Horizon: Open redirect through 'next' parameter2012-08-30
Red Hat
Keystone: Lack of authorization for adding users to tenants2012-08-30
Debian
CVE-2012-3540: horizon - Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horiz...2012

💬Community

3
Bugzilla
CVE-2012-3540 OpenStack-Horizon: Open redirect through 'next' parameter [epel-6]2012-08-30
Bugzilla
CVE-2012-3540 OpenStack-Horizon: Open redirect through 'next' parameter [fedora-17]2012-08-30
Bugzilla
CVE-2012-3540 OpenStack-Horizon: Open redirect through 'next' parameter2012-08-28
CVE-2012-3540 — Improper Input Validation in Horizon | cvebase