CVE-2020-26943: Improper Access Control

October 16, 2020 (updated October 27, 2020)

An issue was discovered in OpenStack blazar-dashboard. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under (because the Python eval function is used). This may result in Horizon host unauthorized access and further compromise of the Horizon service. All setups using the Horizon dashboard with the blazar-dashboard plugin are affected.

References

nvd.nist.gov/vuln/detail/CVE-2020-26943

Code Behaviors & Features

Detect and mitigate CVE-2020-26943 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →