CVE-2012-3540

Priority
Medium
Description
Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard
(Horizon) Essex (2012.1) allows remote attackers to redirect users to
arbitrary web sites and conduct phishing attacks via a URL in the next
parameter to auth/login/. NOTE: this issue was originally assigned
CVE-2012-3542 by mistake.
References
Bugs
Package
Upstream:released (2012.1.1-5)
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):DNE
Ubuntu 11.10 (Oneiric Ocelot):DNE
Ubuntu 12.04 LTS (Precise Pangolin):released (2012.1.3+stable~20120815-691dd2-0ubuntu1.1)
Ubuntu 12.10 (Quantal Quetzal):not-affected (2012.2~f3-0ubuntu2)
More Information

Valid XHTML 1.0 Strict

Updated: 2012-09-13 07:14:09 UTC (commit 5757)