CVE-2022-1655 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2022-1655 Interim 1 15 2025-02-16T03:28:14Z current 2022-05-11T23:54:38Z 2025-02-16T03:28:14Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2022-1655 An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confidentiality and integrity. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings HPE Helion OpenStack 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 openstack-dashboard python-horizon python-openstack_auth openstack-dashboard as a component of HPE Helion OpenStack 8 python-horizon as a component of HPE Helion OpenStack 8 openstack-dashboard as a component of SUSE OpenStack Cloud 8 python-horizon as a component of SUSE OpenStack Cloud 8 openstack-dashboard as a component of SUSE OpenStack Cloud 9 python-horizon as a component of SUSE OpenStack Cloud 9 python-openstack_auth as a component of SUSE OpenStack Cloud 9 openstack-dashboard as a component of SUSE OpenStack Cloud Crowbar 8 python-horizon as a component of SUSE OpenStack Cloud Crowbar 8 openstack-dashboard as a component of SUSE OpenStack Cloud Crowbar 9 python-horizon as a component of SUSE OpenStack Cloud Crowbar 9 python-openstack_auth as a component of SUSE OpenStack Cloud Crowbar 9 An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confidentiality and integrity. CVE-2022-1655 HPE Helion OpenStack 8:openstack-dashboard HPE Helion OpenStack 8:python-horizon SUSE OpenStack Cloud 8:openstack-dashboard SUSE OpenStack Cloud 8:python-horizon SUSE OpenStack Cloud 9:openstack-dashboard SUSE OpenStack Cloud 9:python-horizon SUSE OpenStack Cloud 9:python-openstack_auth SUSE OpenStack Cloud Crowbar 8:openstack-dashboard SUSE OpenStack Cloud Crowbar 8:python-horizon SUSE OpenStack Cloud Crowbar 9:openstack-dashboard SUSE OpenStack Cloud Crowbar 9:python-horizon SUSE OpenStack Cloud Crowbar 9:python-openstack_auth moderate 4.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N