CVE 2012-3540
Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by mistake.
Related bugs and status
CVE-2012-3540 (Candidate) is related to these bugs:
Bug #1020555: Wrong 'Download CSV Summary' link
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1020555 | Wrong 'Download CSV Summary' link | OpenStack Dashboard (Horizon) | High | Fix Released | ||
| 1020555 | Wrong 'Download CSV Summary' link | OpenStack Dashboard (Horizon) essex | Undecided | Fix Released | ||
| 1020555 | Wrong 'Download CSV Summary' link | horizon (Ubuntu) | Undecided | Fix Released | ||
| 1020555 | Wrong 'Download CSV Summary' link | horizon (Ubuntu Precise) | Undecided | Fix Released | ||
Bug #1031291: TypeError when trying to delete an unnamed volume via dashboard
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1031291 | TypeError when trying to delete an unnamed volume via dashboard | OpenStack Dashboard (Horizon) | High | Fix Released | ||
| 1031291 | TypeError when trying to delete an unnamed volume via dashboard | OpenStack Dashboard (Horizon) essex | Undecided | Fix Released | ||
| 1031291 | TypeError when trying to delete an unnamed volume via dashboard | horizon (Ubuntu) | Undecided | Fix Released | ||
| 1031291 | TypeError when trying to delete an unnamed volume via dashboard | horizon (Ubuntu Precise) | Undecided | Fix Released | ||
Bug #1039077: [OSSA 2012-012] open redirect / phishing attack via "next" parameter
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1039077 | [OSSA 2012-012] open redirect / phishing attack via "next" parameter | OpenStack Dashboard (Horizon) | Medium | Invalid | ||
| 1039077 | [OSSA 2012-012] open redirect / phishing attack via "next" parameter | OpenStack Dashboard (Horizon) essex | Medium | Fix Released | ||
| 1039077 | [OSSA 2012-012] open redirect / phishing attack via "next" parameter | horizon (Ubuntu) | Undecided | Fix Released | ||
| 1039077 | [OSSA 2012-012] open redirect / phishing attack via "next" parameter | OpenStack Security Advisory | Undecided | Fix Released | ||
Bug #1057125: stable/essex horizon installs unusable version of glance
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1057125 | stable/essex horizon installs unusable version of glance | OpenStack Dashboard (Horizon) | Undecided | Invalid | ||
| 1057125 | stable/essex horizon installs unusable version of glance | OpenStack Dashboard (Horizon) essex | Critical | Fix Released | ||
| 1057125 | stable/essex horizon installs unusable version of glance | horizon (Ubuntu) | Undecided | Fix Released | ||
| 1057125 | stable/essex horizon installs unusable version of glance | horizon (Ubuntu Precise) | Undecided | Fix Released | ||
Bug #1089488: Meta bug for tracking Openstack Stable Updates
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1089488 | Meta bug for tracking Openstack Stable Updates | nova (Ubuntu) | Undecided | Invalid | ||
| 1089488 | Meta bug for tracking Openstack Stable Updates | horizon (Ubuntu) | Undecided | Invalid | ||
| 1089488 | Meta bug for tracking Openstack Stable Updates | keystone (Ubuntu) | Undecided | Invalid | ||
| 1089488 | Meta bug for tracking Openstack Stable Updates | horizon (Ubuntu Precise) | Undecided | Fix Released | ||
| 1089488 | Meta bug for tracking Openstack Stable Updates | keystone (Ubuntu Precise) | Undecided | Fix Released | ||
| 1089488 | Meta bug for tracking Openstack Stable Updates | nova (Ubuntu Precise) | Undecided | Fix Released | ||
| 1089488 | Meta bug for tracking Openstack Stable Updates | glance (Ubuntu) | Undecided | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
