PyPi: Horizon

CVE-2022-1655

Safety vulnerability ID: 50264

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jul 22, 2022 Updated at Nov 29, 2024

Scan your Python projects for vulnerabilities →

Advisory

Horizon 22.2.0 and prior versions are affected by CVE-2022-1655: An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confidentiality and integrity.
https://bugzilla.redhat.com/show_bug.cgi?id=2075681

Affected package

horizon

Latest version: 25.1.0

OpenStack Dashboard

Affected versions

Fixed versions

Vulnerability changelog

An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confidentiality and integrity. See CVE-2022-1655.

MISC:https://access.redhat.com/security/cve/cve-2022-1655: https://access.redhat.com/security/cve/cve-2022-1655

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

MEDIUM 6.5

CVSS v3 Details

MEDIUM 6.5

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): LOW
Integrity Impact (I): LOW
Availability Availability (A): NONE