CVE-2020-26943 - Vulnerability Details - OpenCVE

An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under (because the Python eval function is used). This may result in Horizon host unauthorized access and further compromise of the Horizon service. All setups using the Horizon dashboard with the blazar-dashboard plugin are affected.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Openstack	Blazar-dashboard

Configuration 1 [-]

OR	cpe:2.3:a:openstack:blazar-dashboard::::::::
	cpe:2.3:a:openstack:blazar-dashboard:2.0.0:::::::*
	cpe:2.3:a:openstack:blazar-dashboard:3.0.0:::::::*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2020/10/16/5
https://launchpad.net/bugs/1895688
https://review.opendev.org/755810
https://review.opendev.org/755812
https://review.opendev.org/755813
https://review.opendev.org/755814
https://review.opendev.org/756064
https://security.openstack.org/ossa/OSSA-2020-007.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-10-16T05:12:46

Updated: 2024-08-04T16:03:23.104Z

Reserved: 2020-10-10T00:00:00

Link: CVE-2020-26943

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-10-16T06:15:12.527

Modified: 2024-11-21T05:20:33.137

Link: CVE-2020-26943

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under (because the Python eval function is used). This may result in Horizon host unauthorized access and further compromise of the Horizon service. All setups using the Horizon dashboard with the blazar-dashboard plugin are affected."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-16T23:06:18", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://launchpad.net/bugs/1895688"}, {"tags": ["x_refsource_MISC"], "url": "https://review.opendev.org/755810"}, {"tags": ["x_refsource_MISC"], "url": "https://review.opendev.org/756064"}, {"tags": ["x_refsource_MISC"], "url": "https://review.opendev.org/755812"}, {"tags": ["x_refsource_MISC"], "url": "https://review.opendev.org/755813"}, {"tags": ["x_refsource_MISC"], "url": "https://review.opendev.org/755814"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.openstack.org/ossa/OSSA-2020-007.html"}, {"name": "[oss-security] 20201016 [OSSA-2020-007] Blazar: Remote code execution in blazar-dashboard (CVE-2020-26943)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2020/10/16/5"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-26943", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under (because the Python eval function is used). This may result in Horizon host unauthorized access and further compromise of the Horizon service. All setups using the Horizon dashboard with the blazar-dashboard plugin are affected."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://launchpad.net/bugs/1895688", "refsource": "MISC", "url": "https://launchpad.net/bugs/1895688"}, {"name": "https://review.opendev.org/755810", "refsource": "MISC", "url": "https://review.opendev.org/755810"}, {"name": "https://review.opendev.org/756064", "refsource": "MISC", "url": "https://review.opendev.org/756064"}, {"name": "https://review.opendev.org/755812", "refsource": "MISC", "url": "https://review.opendev.org/755812"}, {"name": "https://review.opendev.org/755813", "refsource": "MISC", "url": "https://review.opendev.org/755813"}, {"name": "https://review.opendev.org/755814", "refsource": "MISC", "url": "https://review.opendev.org/755814"}, {"name": "https://security.openstack.org/ossa/OSSA-2020-007.html", "refsource": "CONFIRM", "url": "https://security.openstack.org/ossa/OSSA-2020-007.html"}, {"name": "[oss-security] 20201016 [OSSA-2020-007] Blazar: Remote code execution in blazar-dashboard (CVE-2020-26943)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2020/10/16/5"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:03:23.104Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://launchpad.net/bugs/1895688"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://review.opendev.org/755810"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://review.opendev.org/756064"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://review.opendev.org/755812"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://review.opendev.org/755813"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://review.opendev.org/755814"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.openstack.org/ossa/OSSA-2020-007.html"}, {"name": "[oss-security] 20201016 [OSSA-2020-007] Blazar: Remote code execution in blazar-dashboard (CVE-2020-26943)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2020/10/16/5"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-26943", "datePublished": "2020-10-16T05:12:46", "dateReserved": "2020-10-10T00:00:00", "dateUpdated": "2024-08-04T16:03:23.104Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openstack:blazar-dashboard:*:*:*:*:*:*:*:*", "matchCriteriaId": "C542CF97-351B-46A8-B373-B1F2CD5DA304", "versionEndExcluding": "1.3.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:blazar-dashboard:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0919CDBF-253D-42F1-82F2-925F5E5284FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:blazar-dashboard:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "148468A5-A1F5-4373-91AB-F5CD4264BA5B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under (because the Python eval function is used). This may result in Horizon host unauthorized access and further compromise of the Horizon service. All setups using the Horizon dashboard with the blazar-dashboard plugin are affected."}, {"lang": "es", "value": "Se detect\u00f3 un problema en OpenStack blazar-dashboard versiones anteriores a 1.3.1, 2.0.0 y 3.0.0. Un usuario al que se le permite acceder al panel Blazar en Horizon puede activar una ejecuci\u00f3n de c\u00f3digo en el host de Horizon como el usuario bajo el cual se ejecuta el servicio de Horizon (porque la funci\u00f3n eval de Python es usada). Esto puede resultar en un acceso no autorizado del host de Horizon y un mayor compromiso del servicio de Horizon. Todas las configuraciones que usan el panel de Horizon con el plugin blazar-dashboard est\u00e1n afectadas"}], "id": "CVE-2020-26943", "lastModified": "2024-11-21T05:20:33.137", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-10-16T06:15:12.527", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2020/10/16/5"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://launchpad.net/bugs/1895688"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://review.opendev.org/755810"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://review.opendev.org/755812"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://review.opendev.org/755813"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://review.opendev.org/755814"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://review.opendev.org/756064"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.openstack.org/ossa/OSSA-2020-007.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2020/10/16/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://launchpad.net/bugs/1895688"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://review.opendev.org/755810"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://review.opendev.org/755812"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://review.opendev.org/755813"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://review.opendev.org/755814"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://review.opendev.org/756064"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.openstack.org/ossa/OSSA-2020-007.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}