Primary

Context

OpenStack Mistral-Dashboard Local File Inclusion Vulnerability

Vulnerability

A local file inclusion vulnerability has been identified in the Mistral-Dashboard plugin for OpenStack. This issue arises in the 'Create Workbook' feature, allowing the disclosure of arbitrary local file contents. The vulnerability is present in OpenStack versions through 18.6.3.

Impact

Exploitation of this vulnerability allows for local file inclusion, where an attacker can read sensitive files on the server, such as the password file or configuration files.

Reproduction

To reproduce this vulnerability, upload a text file containing the path to a sensitive file, such as '/etc/passwd', using the 'Create Workbook' feature. The application will read the file's content and return it, demonstrating the local file inclusion.

Remediation

Users can upgrade to OpenStack Mistral-Dashboard versions 15.0.0.0rc1 or 14.0.1, both of which include the necessary fix.

Added: Nov 26, 2025, 7:24 PM

Updated: Nov 26, 2025, 7:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

1.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

1.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenStack Mistral-Dashboard Local File Inclusion Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating