An issue was discovered in OpenStack blazar

Friday, October 16, 2020, 12:20 GMT

Warning a new vulnerability in OpenStack Before 1.3.1, 2.0.0, and 3.0.0.0, a problem was found in the OpenStack blazar-dashboard.

A user that can access the Blazar dashboard in Horizon can activate the execution of code on the Horizon host as the user runs the Horizon service (because the Python evaluation feature is used).

This could lead to unauthorized access of the Horizon host and further compromise of the Horizon service. All setups with the blazar-dashboard plugin using the Horizon dashboard are affected.

docs.openstack.org/blazar-dashboard/latest/index.html