Merge "Add OSSA-2020-007 (CVE-2020-26943)"
This commit is contained in:
commit
d92b7ffa98
|
@ -0,0 +1,42 @@
|
||||||
|
date: 2020-10-12
|
||||||
|
|
||||||
|
id: OSSA-2020-007
|
||||||
|
|
||||||
|
title: Remote code execution in blazar-dashboard
|
||||||
|
|
||||||
|
description: >
|
||||||
|
Lukas Euler (Positive Security) reported a vulnerability in blazar-dashboard.
|
||||||
|
A user allowed to access the Blazar dashboard in Horizon may trigger code
|
||||||
|
execution on the Horizon host as the user the Horizon service runs under.
|
||||||
|
This may result in Horizon host unauthorized access and further compromise of
|
||||||
|
the Horizon service. All setups using the Horizon dashboard with the
|
||||||
|
blazar-dashboard plugin are affected.
|
||||||
|
|
||||||
|
affected-products:
|
||||||
|
- product: blazar-dashboard
|
||||||
|
version: '<1.3.1, ==2.0.0, ==3.0.0'
|
||||||
|
|
||||||
|
vulnerabilities:
|
||||||
|
- cve-id: CVE-2020-26943
|
||||||
|
|
||||||
|
reporters:
|
||||||
|
- name: Lukas Euler
|
||||||
|
affiliation: Positive Security
|
||||||
|
reported:
|
||||||
|
- CVE-2020-26943
|
||||||
|
|
||||||
|
issues:
|
||||||
|
links:
|
||||||
|
- https://launchpad.net/bugs/1895688
|
||||||
|
|
||||||
|
reviews:
|
||||||
|
wallaby:
|
||||||
|
- https://review.opendev.org/755810
|
||||||
|
victoria:
|
||||||
|
- https://review.opendev.org/756064
|
||||||
|
ussuri:
|
||||||
|
- https://review.opendev.org/755812
|
||||||
|
train:
|
||||||
|
- https://review.opendev.org/755813
|
||||||
|
stein:
|
||||||
|
- https://review.opendev.org/755814
|
Loading…
Reference in New Issue