Title: OpenStack Dashboard (Horizon) auth/login/ next Parameter Arbitrary Site Redirect
Aug 30, 2012
Aug 30, 2012
OpenStack Dashboard (Horizon) contains a flaw that allows a remote cross site redirection attack. This flaw exists because the application does not validate the 'next' parameter upon submission to the auth/login/ script. This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing.
Such attacks are useful as the crafted URL initially appear to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client side software such as a web browser or document rendering programs.
Remote / Network Access
Loss of Integrity
Patch / RCS
Currently, there are no known workarounds or upgrades to correct this issue. However, a patch has been committed to the CVS/GIT repository that addresses this vulnerability. Until it is incorporated into the next release of the software, manually patching an existing installation is the only known available solution. Check the vendor advisory or solution URL in the references section.