Home
MEDIUM: 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NDefault status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Default status
affected
Description
The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of arbitrary local files content.
Problem types
External Control of File Name or Path
Product status
Timeline
| 2025-11-26: | Reported to Red Hat. |
| 2025-11-26: | Made public. |
References
lists.debian.org/debian-lts-announce/2025/12/msg00002.html
lists.debian.org/debian-lts-announce/2025/12/msg00003.html
access.redhat.com/security/cve/CVE-2021-4472
bugs.launchpad.net/horizon/+bug/1931558
bugzilla.redhat.com/show_bug.cgi?id=2417321 (RHBZ#2417321)
review.opendev.org/c/openstack/mistral-dashboard/+/800952
review.opendev.org/c/openstack/python-mistralclient/+/800950
