CVE-2022-1655

CWE-732Incorrect Permission Assignment5 documents5 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 58.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Openstack
Timeline
PublishedJul 22
Latest updateJul 23

Description

An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confidentiality and integrity.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages2 packages

CVEListV5openstackOpenStack 16.2

🔴Vulnerability Details

2
GHSA
GHSA-xm48-7qq2-36x4: An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack2022-07-23
CVEList
CVE-2022-1655: An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack2022-07-22

📋Vendor Advisories

2
Red Hat
OpenStack: Horizon session cookies are not flagged HttpOnly2022-04-14
Debian
CVE-2022-1655: horizon - An Incorrect Permission Assignment for Critical Resource flaw was found in Horiz...2022
CVE-2022-1655 (MEDIUM CVSS 6.5) | An Incorrect Permission Assignment | cvebase.io