Impact
The flaw lies in the generation of OpenStack RC files in Horizon releases before 25.7.4, where a project name containing shell metacharacters can be embedded without sanitization. This may expose internal script references within the RC file, potentially leaking sensitive configuration data. Based on the supplied description, it is inferred that, in certain configurations, the unsanitized metacharacters could lead to unintended command execution, but the CVE record does not explicitly confirm such execution.
Affected Systems
All OpenStack Horizon releases prior to version 25.7.4 are affected. Users who create or modify projects with names that include shell metacharacters may be impacted.
Risk and Exploitability
The CVSS score of 6 indicates a moderate severity, while the EPSS score of less than 1% suggests a very low likelihood of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote via the Horizon web interface: an attacker must have the ability to submit a crafted project name, after which the resulting RC file may reveal sensitive information or, as an inference, could enable command execution.
OpenCVE Enrichment
Github GHSA