CVE-2020-29565

Summary

CVE	CVE-2020-29565
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2020-12-04 08:15:00 UTC
Updated	2021-03-09 15:08:00 UTC
Description	An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provided malicious URL.

Risk And Classification

Problem Types: CWE-601

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Debian	Debian Linux	10.0	All	All	All
Application	Openstack	Horizon	All	All	All	All
Application	Openstack	Horizon	All	All	All	All
Application	Openstack	Horizon	All	All	All	All

References

Reference	Source	Link	Tags
OpenStack Docs: OSSA-2020-008: Open redirect in workflow forms	CONFIRM	security.openstack.org	Patch, Vendor Advisory
Debian -- Security Information -- DSA-4820-1 horizon	DEBIAN	www.debian.org	Third Party Advisory
review.opendev.org/c/openstack/horizon/+/758843	MISC	review.opendev.org	Patch, Third Party Advisory
oss-security - [OSSA-2020-008] horizon: Open redirect in workflow forms (CVE-2020-29565)	MLIST	www.openwall.com	Mailing List, Patch, Third Party Advisory
review.opendev.org/c/openstack/horizon/+/758841	MISC	review.opendev.org	Patch, Third Party Advisory
Bug #1865026 “Open redirect in workflow forms (CVE-2020-29565)” : Bugs : OpenStack Dashboard (Horizon)	MISC	bugs.launchpad.net	Exploit, Issue Tracking, Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.