Release date:
Updated on:
Affected Systems:
Openstack OpenStack Dashboard (Horizon) 2012.2-4. fc6
Openstack OpenStack Dashboard (Horizon)
Description:
--------------------------------------------------------------------------------
Bugtraq id: 56657
CVE (CAN) ID: CVE-2012-5474
OpenStack Dashboard Horizon is an OpenStack Dashboard project that provides Web user interfaces to the OpenStack service.
The file/etc/OpenStack-dashboard/local_settings in the openstack dashboard package is globally readable and contains "# Note: You shocould change this value SECRET_KEY = 'secret'", resulting in key leakage.
<* Source: Thomas Goirand
Link: https://bugzilla.redhat.com/show_bug.cgi? CVE-2012-5474
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Openstack
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://horizon.openstack.org/intro.html