Users will have to upgrade their operating systems in order to fix the problem

Dec 29, 2013 15:42 GMT  ·  By

In a security notice, Canonical published details about an OpenStack Horizon vulnerability in its Ubuntu 13.10, Ubuntu 13.04, and Ubuntu 12.10 operating systems.

According to the company, Horizon could have been made to expose sensitive information over the network.

Cross-site scripting (XSS) vulnerabilities have been discovered in Horizon via the Volumes and Network Topology pages. An authenticated attacker could have exploited these vulnerabilities to conduct stored cross-site scripting (XSS) attacks against users viewing these pages, in order to modify the contents or steal confidential data within the same domain.

For a more detailed description of the problems, you can see Canonical's security notification.

The security flaws can be fixed if you upgrade your system(s) to the latest python-django-horizon package specific to each distribution. To apply the update, run the Update Manager application.

In general, a standard system update will make all the necessary changes, and this time a system restart won't be necessary to implement them.