CVE-2021-4472

The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of arbitrary local files content.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
redhatCNA
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mistral-dashboard
questing
needs-triage
plucky
needs-triage
noble
needs-triage
jammy
needs-triage
focal
needs-triage
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2021-4472
https://bugs.launchpad.net/horizon/+bug/1931558
https://bugzilla.redhat.com/show_bug.cgi?id=2417321
https://review.opendev.org/c/openstack/mistral-dashboard/+/800952
https://review.opendev.org/c/openstack/python-mistralclient/+/800950
https://lists.debian.org/debian-lts-announce/2025/12/msg00002.html
https://lists.debian.org/debian-lts-announce/2025/12/msg00003.html