Description
An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confidentiality and integrity.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://access.redhat.com/security/cve/cve-2022-1655
Scores
CVSS v3
6.5
EPSS
0.0019
EPSS Percentile
40.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-732
Status
published
Products (1)
redhat/openstack
16.2
Published
Jul 22, 2022
Tracked Since
Feb 18, 2026