An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provided malicious URL.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| horizon(PyPI) | 0 | 15.3.2 | N/A |
| horizon(PyPI) | 16.0.0 | 16.2.1 | N/A |
| horizon(PyPI) | 17.0.0 | 18.3.3 | N/A |
| horizon(PyPI) | 18.4.0 | 18.6.0 | N/A |
CVSS Metrics
