Main Vulnerability Database Vulnerabilities #VU70050

Incorrect permission assignment for critical resource in Red Hat OpenStack - CVE-2022-1655

Published: December 8, 2022

Vulnerability identifier: #VU70050

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-1655

CWE-ID: CWE-732

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Red Hat Inc.

Affected software:
Red Hat OpenStack

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files. A remote attacker can gain unauthorized access to potential sensitive information.

How to mitigate CVE-2022-1655

Install updates from vendor's website.

Sources

https://access.redhat.com/security/cve/cve-2022-1655
https://bugzilla.redhat.com/show_bug.cgi?id=2075681

Incorrect permission assignment for critical resource in Red Hat OpenStack - CVE-2022-1655

Detailed vulnerability description

How to mitigate CVE-2022-1655

Sources

Please verify you're human