CVE-2012-5474
published 2019-12-30CVE-2012-5474: The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1)…
medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | horizon | < horizon 2012.1.1-7 (bookworm) | horizon 2012.1.1-7 (bookworm) |
| fedoraproject | fedora | — | — |
| openstack | horizon | >= 0 < 2012.1.1-7 | 2012.1.1-7 |
| openstack | horizon | >= 0 < 2012.1.1-7 | 2012.1.1-7 |
| openstack | horizon | >= 0 < 2012.1.1-7 | 2012.1.1-7 |
| openstack | horizon | >= 0 < 2012.1.1-7 | 2012.1.1-7 |
| openstack | horizon | >= 2012.1 < 2012.1.1 | 2012.1.1 |
| python-django-horizon | python-django-horizon | — | — |
| redhat | openstack | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
osv5.5MEDIUM