Friday, October 16, 2020, 12:20 GMT
Warning a new vulnerability in OpenStack Before 1.3.1, 2.0.0, and 220.127.116.11, a problem was found in the OpenStack blazar-dashboard.
A user that can access the Blazar dashboard in Horizon can activate the execution of code on the Horizon host as the user runs the Horizon service (because the Python evaluation feature is used).
This could lead to unauthorized access of the Horizon host and further compromise of the Horizon service. All setups with the blazar-dashboard plugin using the Horizon dashboard are affected.