Vulnerability Details : CVE-2020-26943
An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under (because the Python eval function is used). This may result in Horizon host unauthorized access and further compromise of the Horizon service. All setups using the Horizon dashboard with the blazar-dashboard plugin are affected.
Vulnerability category: Bypass
Products affected by CVE-2020-26943
- cpe:2.3:a:openstack:blazar-dashboard:*:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:blazar-dashboard:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:blazar-dashboard:3.0.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-26943
0.23%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 60 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-26943
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:S/C:C/I:C/A:C |
8.0
|
10.0
|
NIST | |
9.9
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
3.1
|
6.0
|
NIST |
References for CVE-2020-26943
-
https://review.opendev.org/755814
review.opendev Code ReviewThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2020/10/16/5
oss-security - [OSSA-2020-007] Blazar: Remote code execution in blazar-dashboard (CVE-2020-26943)Third Party Advisory
-
https://launchpad.net/bugs/1895688
Bug #1895688 “Authenticated RCE in blazar-dashboard via python e...” : Bugs : BlazarThird Party Advisory
-
https://review.opendev.org/755812
Change I998d6929: Use json.loads instead of eval for JSON parsing | review.opendev Code ReviewThird Party Advisory
-
https://review.opendev.org/755810
Change I998d6929: Use json.loads instead of eval for JSON parsing | review.opendev Code ReviewThird Party Advisory
-
https://review.opendev.org/755813
Change I998d6929: Use json.loads instead of eval for JSON parsing | review.opendev Code ReviewThird Party Advisory
-
https://security.openstack.org/ossa/OSSA-2020-007.html
OpenStack Docs: OSSA-2020-007: Remote code execution in blazar-dashboardThird Party Advisory
-
https://review.opendev.org/756064
Change I998d6929: Use json.loads instead of eval for JSON parsing | review.opendev Code ReviewThird Party Advisory
Jump to