Ubuntu 12.04 LTS : horizon vulnerability (USN-1565-1)
Medium Nessus Plugin ID 62073
SynopsisThe remote Ubuntu host is missing one or more security-related patches.
DescriptionThomas Biege discovered that the Horizon authentication mechanism did not validate the next parameter. An attacker could use this to construct a link to legitimate OpenStack web dashboard that redirected the user to a malicious website after authentication.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected openstack-dashboard and / or python-django-horizon packages.