Required CVE Record Information
Description
Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter.
References 4 Total
- https://bugs.launchpad.net/horizon/+bug/1982676
- https://github.com/openstack/horizon/blob/master/horizon/workflows/views.py#L96-L102
- lists.debian.org: [debian-lts-announce] 20231130 [SECURITY] [DLA 3676-1] horizon security update mailing-list
- lists.debian.org: [debian-lts-announce] 20231201 [SECURITY] [DLA 3678-1] horizon security update - CORRECTED ANNOUNCEMENT mailing-list
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 4 Total
- https://bugs.launchpad.net/horizon/+bug/1982676 x_transferred
- https://github.com/openstack/horizon/blob/master/horizon/workflows/views.py#L96-L102 x_transferred
- lists.debian.org: [debian-lts-announce] 20231130 [SECURITY] [DLA 3676-1] horizon security update mailing-listx_transferred
- lists.debian.org: [debian-lts-announce] 20231201 [SECURITY] [DLA 3678-1] horizon security update - CORRECTED ANNOUNCEMENT mailing-listx_transferred