← Volver a CVEs
CVE-2020-26943
CRITICAL9.9
Descripcion
An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under (because the Python eval function is used). This may result in Horizon host unauthorized access and further compromise of the Horizon service. All setups using the Horizon dashboard with the blazar-dashboard plugin are affected.
Detalles CVE
Puntuacion CVSS v3.19.9
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado10/16/2020
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
openstack:blazar-dashboard
Referencias
http://www.openwall.com/lists/oss-security/2020/10/16/5(cve@mitre.org)
https://launchpad.net/bugs/1895688(cve@mitre.org)
https://review.opendev.org/755810(cve@mitre.org)
https://review.opendev.org/755812(cve@mitre.org)
https://review.opendev.org/755813(cve@mitre.org)
https://review.opendev.org/755814(cve@mitre.org)
https://review.opendev.org/756064(cve@mitre.org)
https://security.openstack.org/ossa/OSSA-2020-007.html(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2020/10/16/5(af854a3a-2127-422b-91ae-364da2661108)
https://launchpad.net/bugs/1895688(af854a3a-2127-422b-91ae-364da2661108)
https://review.opendev.org/755810(af854a3a-2127-422b-91ae-364da2661108)
https://review.opendev.org/755812(af854a3a-2127-422b-91ae-364da2661108)
https://review.opendev.org/755813(af854a3a-2127-422b-91ae-364da2661108)
https://review.opendev.org/755814(af854a3a-2127-422b-91ae-364da2661108)
https://review.opendev.org/756064(af854a3a-2127-422b-91ae-364da2661108)
https://security.openstack.org/ossa/OSSA-2020-007.html(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.