CVE-2012-3540 – horizon

Package

Manager: pip
Name: horizon
Vulnerable Version: =12.0.2 || =12.0.3 || =12.0.4 || =13.0.0 || =13.0.0.0b3 || =13.0.0.0rc1 || =13.0.0.0rc2 || =13.0.1 || =13.0.2 || =13.0.3 || =14.0.0 || =14.0.0.0b1 || =14.0.0.0b2 || =14.0.0.0b3 || =14.0.0.0rc1 || =14.0.0.0rc2 || =14.0.1 || =14.0.2 || =14.0.3 || =14.0.4 || =14.1.0 || =15.0.0 || =15.0.0.0b1 || =15.0.0.0b2 || =15.0.0.0rc1 || =15.0.0.0rc2 || =15.1.0 || =15.1.1 || =15.2.0 || =15.3.0 || =15.3.1 || =15.3.2 || =16.0.0 || =16.0.0.0b1 || =16.0.0.0b2 || =16.0.0.0rc1 || =16.0.0.0rc2 || =16.1.0 || =16.2.0 || =16.2.1 || =16.2.2 || =17.0.0 || =17.1.0 || =18.0.0 || =18.1.0 || =18.2.0 || =18.3.0 || =18.3.1 || =18.3.2 || =18.3.3 || =18.3.4 || =18.3.5 || =18.4.0 || =18.4.1 || =18.5.0 || =18.6.0 || =18.6.1 || =18.6.2 || =18.6.3 || =18.6.4 || =19.0.0 || =19.1.0 || =19.2.0 || =19.3.0 || =19.4.0 || =20.0.0 || =20.1.0 || =20.1.1 || =20.1.2 || =20.1.3 || =20.1.4 || =20.2.0 || =21.0.0 || =22.0.0 || =22.1.0 || =22.1.1 || =22.2.0 || =23.0.0 || =23.1.0 || =23.2.0 || =23.3.0 || >=0 <35eada8a27323c0f83c400177797927aba6bc99b

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01917 pctl0.82622

Details

Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by mistake.

Metadata

Created: 2012-09-05T23:55:00Z
Modified: 2023-11-08T03:57:06.847391Z
Source: https://osv-vulnerabilities
CWE IDs: N/A
Alternative ID: N/A
Finding: F156
Auto approve: 1