CVE-2022-1655

MEDIUM

Redhat Openstack - Incorrect Permission Assignment

Title source: rule

Description

An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confidentiality and integrity.

References (1)

[Vendor Advisory] https://access.redhat.com/security/cve/cve-2022-1655

Scores

CVSS v3 6.5

EPSS 0.0019

EPSS Percentile 40.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Classification

CWE

CWE-732

Status published

Affected Products (1)

redhat/openstack

Timeline

Published Jul 22, 2022

Tracked Since Feb 18, 2026