Source: horizon Version: 3:10.0.0-1 Severity: grave Tags: security upstream Justification: user security hole Forwarded: https://bugs.launchpad.net/horizon/+bug/1667086
Hi, the following vulnerability was published for horizon. CVE-2017-7400[0]: | OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 | allows remote authenticated administrators to conduct XSS attacks via a | crafted federation mapping. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-7400 [1] https://bugs.launchpad.net/horizon/+bug/1667086 Please adjust the affected versions in the BTS as needed. Regards, Salvatore