OSSA-2020-008 has been published to relevant mailing lists and the https://security.openstack.org/ site.
** Changed in: ossa Assignee: (unassigned) => Gage Hugo (gagehugo) ** Changed in: ossa Status: Incomplete => Fix Released ** Changed in: ossa Importance: Undecided => Medium ** Summary changed: - Open redirect in workflow forms (CVE-2020-29565) + [OSSA-2020-008] Open redirect in workflow forms (CVE-2020-29565) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1865026 Title: [OSSA-2020-008] Open redirect in workflow forms (CVE-2020-29565) Status in OpenStack Dashboard (Horizon): Fix Released Status in OpenStack Security Advisory: Fix Released Bug description: This affects all released versions of Horizon. It is possible to make Horizon redirect to an arbitrary URL: Steps of Reproduction: 1. Visit https://rhos-d.infra.prod.upshift.rdu2.redhat.com 2. Click on Instances 3. Pick any available instance and click on it. 4. On Right side - Click on Down arrow button 5. Hover on 'Edit Instance' and copy its link location and open in the same browser in the same tab. 6. It will look like: https://rhos-d.infra.prod.upshift.rdu2.redhat.com/dashboard/project/instances/<instance_id>/update?step=instance_info&next=<path_and_id>; Change the &next= value with &next=https://evil.com and refresh the page ; then click on Save Button. 7. It will redirect the page to Evil.com. To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1865026/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp