GCVE - cpe:2.3:a:openstack:horizon:folsom-1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:openstack:horizon:folsom-1:*:*:*:*:*:*:*

part: a version: folsom-1 update: *

Vendor	Openstack (`7b0cf974-b2b5-592e-bdf4-6953805ef02a`)
Product	Horizon (`e7083d4d-18db-5d21-bd2a-55bbcb933374`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/horizon`	purl2cpe	2026-06-01 10:17:03.184762
`pkg:deb/ubuntu/horizon`	purl2cpe	2026-06-01 10:17:03.184764
`pkg:github/openstack/horizon`	purl2cpe	2026-06-01 10:17:03.184765
`pkg:pypi/horizon`	purl2cpe	2026-06-01 10:17:03.184767
`pkg:rpm/opensuse/python-horizon`	purl2cpe	2026-06-01 10:17:03.184768

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2012-3426`	vulnerable	2026-06-03 14:31:58.287478	Details available OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password. Published: 2012-07-31T10:00:00.000Z Updated: 2024-08-06T20:05:12.524Z Open on db.gcve.eu Reference links http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454 http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa https://bugs.launchpad.net/keystone/+bug/998185 https://bugs.launchpad.net/keystone/+bug/997194 https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-2144`	vulnerable	2026-06-03 14:31:46.629468	Details available Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie. Published: 2012-06-05T22:00:00.000Z Updated: 2024-08-06T19:26:08.936Z Open on db.gcve.eu Reference links http://secunia.com/advisories/49024 http://www.openwall.com/lists/oss-security/2012/05/05/1 https://exchange.xforce.ibmcloud.com/vulnerabilities/75423 http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081173.html https://bugs.launchpad.net/horizon/+bug/978896	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-2094`	vulnerable	2026-06-03 14:31:46.423593	Details available Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console. Published: 2012-06-05T22:00:00.000Z Updated: 2024-08-06T19:26:07.602Z Open on db.gcve.eu Reference links http://secunia.com/advisories/49024 https://exchange.xforce.ibmcloud.com/vulnerabilities/76136 http://www.osvdb.org/81742 http://ubuntu.com/usn/usn-1439-1 https://bugs.launchpad.net/horizon/+bug/977944	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.