LiveActive security incident?Get immediate response
CVE Record

CVE-2021-4472: Python-mistralclient: mistral-dashboard: local file inclusion through the 'create workbook' feature

The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of arbitrary local files content.

MediumCVSS 6.5Not KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

CVE-2021-4472 is a medium-severity local file inclusion issue in the OpenStack mistral-dashboard plugin. An authenticated user with access to the Create Workbook feature may be able to make the application disclose arbitrary local file contents from the affected server context.

Executive priority

Prioritize remediation for OpenStack environments where mistral-dashboard is available to broad tenant, operator, or support user groups. The issue is not marked as actively exploited in the bundle, but the confidentiality impact is high because arbitrary local file disclosure may expose secrets or sensitive configuration.

Technical view

The vulnerability is classified as CWE-73 and has CVSS 3.1 score 6.5 with vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The source bundle identifies the affected area as mistral-dashboard/python-mistralclient behavior reachable through the Create Workbook feature. The listed affected product set is Red Hat OpenStack Platform 13 (Queens), with multiple rhosp13 OpenStack package entries marked affected in the bundle.

Likely exposure

Exposure is most likely in OpenStack environments where Horizon/mistral-dashboard is deployed and reachable by authenticated users, especially Red Hat OpenStack Platform 13 (Queens) deployments matching the affected package entries in the bundle. The issue requires privileges, so anonymous internet exposure is not indicated by the provided CVSS vector.

Exploitation context

The bundle does not indicate CISA KEV listing and does not provide evidence of active exploitation. A successful attack would center on abusing Create Workbook functionality to trigger server-side local file inclusion and disclose file contents, but no exploit code, payload, or active exploitation source is provided.

Researcher notes

The affected list in the bundle is broad and Red Hat-specific, covering Red Hat OpenStack Platform 13 (Queens) package entries. The references include Red Hat, Launchpad, Bugzilla, OpenDev review links, and Debian LTS announcements, but the bundle does not include specific fixed version details. Avoid claiming active exploitation because KEV is false and no provided source states exploitation in the wild.

Mitigation direction

  • Identify whether mistral-dashboard is deployed and whether the affected Red Hat OpenStack Platform 13 package entries are present.
  • Apply vendor-provided security updates or fixed packages where available; if patch evidence is unclear for a specific deployment, check Red Hat, OpenStack, Debian, or distribution guidance before assuming a fixed version.
  • Restrict access to Horizon/mistral-dashboard and the Create Workbook workflow to trusted users and roles until remediation is confirmed.
  • Review application and access logs for unusual Create Workbook activity or file-read related errors without attempting exploit reproduction in production.
  • Treat any exposed local secrets, configuration files, or credentials as potentially at risk if suspicious activity is found.

Validation and detection

  • Confirm the deployed OpenStack release, mistral-dashboard presence, and relevant package inventory against the affected product/package list in the source bundle.
  • Verify installed package versions against vendor advisories or distribution security updates rather than relying on package names alone.
  • Confirm that only expected roles can access the Create Workbook feature.
  • After applying updates, run the organization’s normal OpenStack dashboard regression tests and confirm workbook creation still works for legitimate inputs.
  • Review logs for historical access to the vulnerable workflow and document whether any suspicious authenticated usage occurred.
Prepared
Confidence
high
Sources
9

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cwe · medium confidence lookup

CWE-73: File access and web shell behavior lookup

File traversal and upload weaknesses can lead teams to review file, web shell, execution, and collection telemetry. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
description · low confidence lookup

Container behavior lookup

The affected technology mentions containers, so container-specific ATT&CK technique review may help. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2021-4472 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Medium
CVSS
6.5 (3.1)
Known Exploited
No
Published

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
0Timeline events
0ADP providers
8Source links

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
6.5CVSS 3.1MediumCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N2.83.6Primary CVE score

Vulnerability scoring details

Base CVSS 3.1 score

6.5Medium
CVSS 3.1 vector shape for CVE-2021-4472Attack VectorAttack ComplexityPrivileges RequiredUser InteractionScopeConfidentiality ImpactIntegrity ImpactAvailability Impact

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Privileges Required
NoneLowHigh
User Interaction
NoneRequired
Scope
ChangedUnchanged
Confidentiality Impact
HighLowNone
Integrity Impact
HighLowNone
Availability Impact
HighLowNone
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
Red HatRed Hat OpenStack Platform 13 (Queens)rhosp13/openstack-aodh-apiaffected
Red HatRed Hat OpenStack Platform 13 (Queens)rhosp13/openstack-aodh-baseaffected
Red HatRed Hat OpenStack Platform 13 (Queens)rhosp13/openstack-aodh-evaluatoraffected
Red HatRed Hat OpenStack Platform 13 (Queens)rhosp13/openstack-aodh-listeneraffected
Red HatRed Hat OpenStack Platform 13 (Queens)rhosp13/openstack-aodh-notifieraffected
Red HatRed Hat OpenStack Platform 13 (Queens)rhosp13/openstack-barbican-apiaffected
Red HatRed Hat OpenStack Platform 13 (Queens)rhosp13/openstack-barbican-baseaffected
Red HatRed Hat OpenStack Platform 13 (Queens)rhosp13/openstack-barbican-keystone-listeneraffected
Red HatRed Hat OpenStack Platform 13 (Queens)rhosp13/openstack-barbican-workeraffected
Red HatRed Hat OpenStack Platform 13 (Queens)rhosp13/openstack-ceilometer-baseaffected
Red HatRed Hat OpenStack Platform 13 (Queens)rhosp13/openstack-ceilometer-centralaffected
Red HatRed Hat OpenStack Platform 13 (Queens)rhosp13/openstack-ceilometer-computeaffected
Red HatRed Hat OpenStack Platform 13 (Queens)rhosp13/openstack-ceilometer-ipmiaffected
Red HatRed Hat OpenStack Platform 13 (Queens)rhosp13/openstack-ceilometer-notificationaffected
Red HatRed Hat OpenStack Platform 13 (Queens)rhosp13/openstack-cinder-apiaffected
Red HatRed Hat OpenStack Platform 13 (Queens)rhosp13/openstack-cinder-backupaffected
Red HatRed Hat OpenStack Platform 13 (Queens)rhosp13/openstack-cinder-baseaffected
Red HatRed Hat OpenStack Platform 13 (Queens)rhosp13/openstack-cinder-scheduleraffected
Red HatRed Hat OpenStack Platform 13 (Queens)rhosp13/openstack-cinder-volumeaffected
Red HatRed Hat OpenStack Platform 13 (Queens)rhosp13/openstack-collectdaffected
Red HatRed Hat OpenStack Platform 13 (Queens)rhosp13/openstack-dependenciesaffected
Red HatRed Hat OpenStack Platform 13 (Queens)rhosp13/openstack-ec2-apiaffected
Red HatRed Hat OpenStack Platform 13 (Queens)rhosp13/openstack-glance-apiaffected
Red HatRed Hat OpenStack Platform 13 (Queens)rhosp13/openstack-glance-baseaffected
Red HatRed Hat OpenStack Platform 13 (Queens)rhosp13/openstack-gnocchi-apiaffected
Red HatRed Hat OpenStack Platform 13 (Queens)rhosp13/openstack-gnocchi-baseaffected
Red HatRed Hat OpenStack Platform 13 (Queens)rhosp13/openstack-gnocchi-metricdaffected
Red HatRed Hat OpenStack Platform 13 (Queens)rhosp13/openstack-gnocchi-statsdaffected
Red HatRed Hat OpenStack Platform 13 (Queens)rhosp13/openstack-heat-allaffected
Red HatRed Hat OpenStack Platform 13 (Queens)rhosp13/openstack-heat-apiaffected
Weakness

CWE details

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.

CWE-73 · source CWE mapping

External Control of File Name or Path

External Control of File Name or Path represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.