Safety vulnerability ID: 38884
The information on this page was manually curated by our Cybersecurity Intelligence Team.
An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under (because the Python eval function is used). This may result in Horizon host unauthorized access and further compromise of the Horizon service. All setups using the Horizon dashboard with the blazar-dashboard plugin are affected. See: CVE-2020-26943.
Latest version: 14.0.0
Reservation Service for OpenStack clouds
An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under (because the Python eval function is used). This may result in Horizon host unauthorized access and further compromise of the Horizon service. All setups using the Horizon dashboard with the blazar-dashboard plugin are affected.
CONFIRM:https://security.openstack.org/ossa/OSSA-2020-007.html: https://security.openstack.org/ossa/OSSA-2020-007.html
MISC:https://launchpad.net/bugs/1895688: https://launchpad.net/bugs/1895688
MISC:https://review.opendev.org/755810: https://review.opendev.org/755810
MISC:https://review.opendev.org/755812: https://review.opendev.org/755812
MISC:https://review.opendev.org/755813: https://review.opendev.org/755813
MISC:https://review.opendev.org/755814: https://review.opendev.org/755814
MISC:https://review.opendev.org/756064: https://review.opendev.org/756064
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application