CVE-2012-2144 — OpenStack Horizon Session Fixation

Description

Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie.

How to fix CVE-2012-2144

To remediate CVE-2012-2144, upgrade the affected package to a fixed version below.

Debian/horizon—upgrade to 2012.1-4 or later
PyPI/horizon—upgrade to 8.0.0a0 or later
PyPI/horizon—upgrade to 041b1c44c7d6cf5429505067c32f8f35166a8bab or later

Is CVE-2012-2144 being exploited?

Low — EPSS is 2.9%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

from 0, < 2012.1-4
from 0, < 8.0.0a0
from 0, < 041b1c44c7d6cf5429505067c32f8f35166a8bab | from 0

References (16)

ADVISORYgithub.com/advisories/GHSA-w7h9-8wr4-hwqh
ADVISORYnvd.nist.gov/vuln/detail/CVE-2012-2144
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2012-2144
PATCHgithub.com/openstack/horizon
WEB