CVE-2022-1655
First published: Fri Jul 22 2022(Updated: )
An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confidentiality and integrity.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Openstack | =16.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this flaw?
The vulnerability ID is CVE-2022-1655.
What is the severity level of CVE-2022-1655?
The severity level of CVE-2022-1655 is medium.
What software is affected by CVE-2022-1655?
Redhat Openstack version 16.2 is affected by CVE-2022-1655.
What is the impact of CVE-2022-1655?
CVE-2022-1655 can lead to a loss of confidentiality and integrity.
How can I fix CVE-2022-1655?
To fix CVE-2022-1655, ensure that Horizon session cookies are created with the HttpOnly flag by setting HorizonSecureCookies to true in the environmental files.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/references
- agent/severity
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-index
- vendor/redhat
- canonical/redhat openstack
- version/redhat openstack/16.2