CVE 2022-1655
An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCo
See the
CVE page on Mitre.org
for more details.