An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confidentiality and integrity.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/cve-2022-1655 | Vendor Advisory |
Configurations
History
29 Jul 2022, 19:41
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:redhat:openstack:16.2:*:*:*:*:*:*:* | |
References | (MISC) https://access.redhat.com/security/cve/cve-2022-1655 - Vendor Advisory | |
CWE | CWE-732 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
22 Jul 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-07-22 15:15
Updated : 2024-02-04 22:51
NVD link : CVE-2022-1655
Mitre link : CVE-2022-1655
CVE.ORG link : CVE-2022-1655
JSON object : View
Products Affected
redhat
- openstack
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource