CVE-2012-5474 — Missing Encryption of Sensitive Data in Horizon

CWE-311 — Missing Encryption of Sensitive Data7 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 79.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Horizon Python-django-horizon Debian Linux +2 more

Timeline

PublishedDec 30

Latest updateApr 23

Description

The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶NVDopenstack/horizon2012.1 — 2012.1.1

▶CVEListV5python-django-horizon/python-django-horizonbefore 2012.1.1

▶NVDredhat/openstack2.0

Also affects: Debian Linux 10.0, 8.0, 9.0, Fedora 18

🔴Vulnerability Details

GHSA

GHSA-4q46-pmqc-c3vc: The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2↗2022-04-23

▶

OSV

CVE-2012-5474: The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2↗2019-12-30

▶

CVEList

CVE-2012-5474: The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2↗2019-12-30

▶

📋Vendor Advisories

Debian

CVE-2012-5474: horizon - The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platfo...↗2012

▶

💬Community

Bugzilla

CVE-2012-5474 OpenStack: Dashboard /etc/openstack-dashboard/local_settings secret key exposure [epel-6]↗2012-11-13

▶

Bugzilla

CVE-2012-5474 OpenStack: Dashboard /etc/openstack-dashboard/local_settings secret key exposure↗2012-11-05

▶