{"id":"PYSEC-2012-18","details":"Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/.  NOTE: this issue was originally assigned CVE-2012-3542 by mistake.","aliases":["CVE-2012-3540"],"modified":"2025-10-09T05:18:21.626755Z","published":"2012-09-05T23:55:00Z","references":[{"type":"FIX","url":"https://github.com/openstack/horizon/commit/35eada8a27323c0f83c400177797927aba6bc99b"},{"type":"WEB","url":"http://www.securityfocus.com/bid/55329"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2012/08/30/5"},{"type":"ADVISORY","url":"http://secunia.com/advisories/50480"},{"type":"WEB","url":"https://lists.launchpad.net/openstack/msg16278.html"},{"type":"WEB","url":"https://lists.launchpad.net/openstack/msg16281.html"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2012/08/30/4"},{"type":"WEB","url":"https://bugs.launchpad.net/horizon/+bug/1039077"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-1565-1"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/78196"}],"affected":[{"package":{"name":"horizon","ecosystem":"PyPI","purl":"pkg:pypi/horizon"},"ranges":[{"type":"GIT","repo":"https://github.com/openstack/horizon","events":[{"introduced":"0"},{"fixed":"35eada8a27323c0f83c400177797927aba6bc99b"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["12.0.2","12.0.3","12.0.4","13.0.0","13.0.0.0b3","13.0.0.0rc1","13.0.0.0rc2","13.0.1","13.0.2","13.0.3","14.0.0","14.0.0.0b1","14.0.0.0b2","14.0.0.0b3","14.0.0.0rc1","14.0.0.0rc2","14.0.1","14.0.2","14.0.3","14.0.4","14.1.0","15.0.0","15.0.0.0b1","15.0.0.0b2","15.0.0.0rc1","15.0.0.0rc2","15.1.0","15.1.1","15.2.0","15.3.0","15.3.1","15.3.2","16.0.0","16.0.0.0b1","16.0.0.0b2","16.0.0.0rc1","16.0.0.0rc2","16.1.0","16.2.0","16.2.1","16.2.2","17.0.0","17.1.0","18.0.0","18.1.0","18.2.0","18.3.0","18.3.1","18.3.2","18.3.3","18.3.4","18.3.5","18.4.0","18.4.1","18.5.0","18.6.0","18.6.1","18.6.2","18.6.3","18.6.4","19.0.0","19.1.0","19.2.0","19.3.0","19.4.0","20.0.0","20.1.0","20.1.1","20.1.2","20.1.3","20.1.4","20.2.0","21.0.0","22.0.0","22.1.0","22.1.1","22.2.0","23.0.0","23.1.0","23.2.0","23.3.0","23.0.1","23.0.2","23.1.1","23.3.1","23.4.0","24.0.0","24.0.1","24.0.2","25.0.0","25.1.0","25.1.1","25.2.0","25.3.0","25.3.1","25.4.0","25.5.0","25.5.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/horizon/PYSEC-2012-18.yaml"}}],"schema_version":"1.7.3"}