← Voltar para CVEs
CVE-2020-26943
CRITICAL9.9
Descricao
An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under (because the Python eval function is used). This may result in Horizon host unauthorized access and further compromise of the Horizon service. All setups using the Horizon dashboard with the blazar-dashboard plugin are affected.
Detalhes CVE
Pontuacao CVSS v3.19.9
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado10/16/2020
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
openstack:blazar-dashboard
Referencias
http://www.openwall.com/lists/oss-security/2020/10/16/5(cve@mitre.org)
https://launchpad.net/bugs/1895688(cve@mitre.org)
https://review.opendev.org/755810(cve@mitre.org)
https://review.opendev.org/755812(cve@mitre.org)
https://review.opendev.org/755813(cve@mitre.org)
https://review.opendev.org/755814(cve@mitre.org)
https://review.opendev.org/756064(cve@mitre.org)
https://security.openstack.org/ossa/OSSA-2020-007.html(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2020/10/16/5(af854a3a-2127-422b-91ae-364da2661108)
https://launchpad.net/bugs/1895688(af854a3a-2127-422b-91ae-364da2661108)
https://review.opendev.org/755810(af854a3a-2127-422b-91ae-364da2661108)
https://review.opendev.org/755812(af854a3a-2127-422b-91ae-364da2661108)
https://review.opendev.org/755813(af854a3a-2127-422b-91ae-364da2661108)
https://review.opendev.org/755814(af854a3a-2127-422b-91ae-364da2661108)
https://review.opendev.org/756064(af854a3a-2127-422b-91ae-364da2661108)
https://security.openstack.org/ossa/OSSA-2020-007.html(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.