Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-1655

An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confidentiality and integrity.

Published

2022-07-22T15:15:08.057

Last Modified

2024-11-21T06:41:11.280

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-732
Type: Primary
CWE-732

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	openstack	16.2	Yes

References

https://access.redhat.com/security/cve/cve-2022-1655 Vendor Advisory ([email protected])
https://access.redhat.com/security/cve/cve-2022-1655 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)