Main Vulnerability Database Vulnerabilities #VU70050

Incorrect permission assignment for critical resource in Red Hat OpenStack - CVE-2022-1655

Published: December 8, 2022

Vulnerability identifier: #VU70050

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-1655

CWE-ID: CWE-732

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Red Hat OpenStack

Software vendor:
Red Hat Inc.

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files. A remote attacker can gain unauthorized access to potential sensitive information.

Remediation

Install updates from vendor's website.

External links

https://access.redhat.com/security/cve/cve-2022-1655
https://bugzilla.redhat.com/show_bug.cgi?id=2075681

Incorrect permission assignment for critical resource in Red Hat OpenStack - CVE-2022-1655

Description

Remediation

External links

Please verify you're human