From d9fb681d40ed9b2ec535b3ffa49451edfd199167 Mon Sep 17 00:00:00 2001
From: Tristan Cacqueray <tdecacqu@redhat.com>
Date: Fri, 17 Mar 2017 16:49:35 +0000
Subject: [PATCH] Adds OSSA-2017-003 (CVE-2017-7400)

Change-Id: Iead38e4f72cfe54102612a07a4001862cb5fd32c
Closes-Bug: #1667086
---
 ossa/OSSA-2017-003.yaml | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 ossa/OSSA-2017-003.yaml

diff --git a/ossa/OSSA-2017-003.yaml b/ossa/OSSA-2017-003.yaml
new file mode 100644
index 0000000..588a77b
--- /dev/null
+++ b/ossa/OSSA-2017-003.yaml
@@ -0,0 +1,37 @@
+date: 2017-04-04
+
+id: OSSA-2017-003
+
+title: XSS in Horizon federation mappings UI
+
+description: >
+   Eric Brown from VMware reported a vulnerability in Horizon. By creating a
+   malicious federation mapping, an adminstrator may conduct a persistent XSS
+   attack. All Horizon setups are affected.
+
+affected-products:
+  - product: horizon
+    version: ">=9.0.0 <=9.1.1, >=10.0.0 <=10.0.2, ==11.0.0"
+
+vulnerabilities:
+  - cve-id: CVE-2017-7400
+
+reporters:
+  - name: Eric Brown
+    affiliation: VMware
+    reported:
+      - CVE-2017-7400
+
+issues:
+  links:
+    - https://launchpad.net/bugs/1667086
+
+reviews:
+  pike:
+    - https://review.openstack.org/442277
+  ocata:
+    - https://review.openstack.org/442453
+  newton:
+    - https://review.openstack.org/442454
+  mitaka:
+    - https://review.openstack.org/442455