Login Sign Up

CVE-2021-4472

6.5 MEDIUM

📋 TL;DR

The mistral-dashboard plugin for OpenStack contains a local file inclusion vulnerability in the 'Create Workbook' feature. This allows authenticated users to read arbitrary files from the local filesystem, potentially exposing sensitive configuration files, credentials, or other confidential data. This affects OpenStack deployments using the vulnerable mistral-dashboard plugin.

💻 Affected Systems

Products:
  • OpenStack mistral-dashboard plugin
Versions: All versions before the fix
Operating Systems: Linux distributions running OpenStack
Default Config Vulnerable: ⚠️ Yes
Notes: Requires the mistral-dashboard plugin to be installed and enabled in OpenStack Horizon dashboard.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could read sensitive system files including configuration files, SSH keys, database credentials, or other secrets, leading to complete system compromise or data exfiltration.

🟠

Likely Case

Authenticated users with dashboard access could read sensitive OpenStack configuration files, potentially gaining access to credentials or system information that could be used for further attacks.

🟢

If Mitigated

With proper access controls and network segmentation, the impact is limited to reading files accessible to the mistral-dashboard process, though sensitive configuration data could still be exposed.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access to the OpenStack dashboard. The vulnerability is in the file upload/processing logic of the Create Workbook feature.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in mistral-dashboard commit 800952 and python-mistralclient commit 800950

Vendor Advisory: https://access.redhat.com/security/cve/CVE-2021-4472

Restart Required: Yes

Instructions:

1. Update mistral-dashboard to patched version. 2. Update python-mistralclient to patched version. 3. Restart Horizon dashboard service. 4. Verify the fix by testing the Create Workbook feature.

🔧 Temporary Workarounds

Disable mistral-dashboard plugin

linux

Temporarily disable the vulnerable mistral-dashboard plugin from Horizon dashboard

Edit Horizon configuration to remove or disable mistral-dashboard plugin
Restart Horizon service

Restrict dashboard access

all

Limit access to OpenStack dashboard to trusted users only

Configure firewall rules to restrict dashboard access
Implement strict authentication controls

🧯 If You Can't Patch

  • Disable the mistral-dashboard plugin entirely from Horizon configuration
  • Implement strict network segmentation to isolate the OpenStack dashboard from sensitive systems

🔍 How to Verify

Check if Vulnerable:

Check if mistral-dashboard plugin is installed and enabled in Horizon configuration, and verify version against patched commits

Check Version:

pip show mistral-dashboard python-mistralclient

Verify Fix Applied:

Test the Create Workbook feature with attempts to include local files; successful patch should reject such attempts

📡 Detection & Monitoring

Log Indicators:

  • Unusual file access patterns in mistral-dashboard logs
  • Multiple failed workbook creation attempts
  • Access to unusual file paths in dashboard logs

Network Indicators:

  • Unusual traffic patterns to dashboard workbook creation endpoints
  • Multiple rapid requests to Create Workbook feature

SIEM Query:

source="horizon.log" AND "Create Workbook" AND ("file://" OR "../" OR path traversal patterns)

📊 Metadata

CVE ID: CVE-2021-4472
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-73
EPSS Score: 0.05% exploit probability (16th percentile)
Published: November 26, 2025
Last Updated: December 1, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-4472, you might also want to check these:

CVE-2026-27211 10.0

Cloud Hypervisor versions 34.0 through 50.0 are vulnerable to host file exfiltration when using virt...

Same vulnerability type (CWE-73)
CVE-2024-55371 9.8

Wallos versions up to 2.38.2 contain a file upload vulnerability in the restore backup function that...

Same vulnerability type (CWE-73)
CVE-2025-29708 9.8

SourceCodester Company Website CMS 1.0 contains an unauthenticated file upload vulnerability in the ...

Same vulnerability type (CWE-73)