Filtered by vendor Openstack
Subscribe
Total
256 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-3654 | 2 Openstack, Redhat | 2 Nova, Openstack Platform | 2024-11-21 | 4.0 MEDIUM | 6.1 MEDIUM |
A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL. | |||||
CVE-2021-3585 | 1 Openstack | 1 Tripleo Heat Templates | 2024-11-21 | N/A | 5.5 MEDIUM |
A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager. | |||||
CVE-2021-3563 | 3 Debian, Openstack, Redhat | 3 Debian Linux, Keystone, Openstack Platform | 2024-11-21 | N/A | 7.4 HIGH |
A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity. | |||||
CVE-2021-38598 | 1 Openstack | 1 Neutron | 2024-11-21 | 5.8 MEDIUM | 9.1 CRITICAL |
OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the hardware addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations. | |||||
CVE-2021-38155 | 1 Openstack | 1 Keystone | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). By guessing the name of an account and failing to authenticate multiple times, any unauthenticated actor could both confirm the account exists and obtain that account's corresponding UUID, which might be leveraged for other unrelated attacks. All deployments enabling security_compliance.lockout_failure_attempts are affected. | |||||
CVE-2021-20267 | 2 Openstack, Redhat | 2 Neutron, Openstack Platform | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations. Only deployments using the Open vSwitch driver are affected. Source: OpenStack project. Versions before openstack-neutron 15.3.3, openstack-neutron 16.3.1 and openstack-neutron 17.1.1 are affected. | |||||
CVE-2020-9543 | 1 Openstack | 1 Manila | 2024-11-21 | 6.5 MEDIUM | 8.3 HIGH |
OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks. | |||||
CVE-2020-29565 | 2 Debian, Openstack | 2 Debian Linux, Horizon | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provided malicious URL. | |||||
CVE-2020-26943 | 1 Openstack | 1 Blazar-dashboard | 2024-11-21 | 9.0 HIGH | 9.9 CRITICAL |
An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under (because the Python eval function is used). This may result in Horizon host unauthorized access and further compromise of the Horizon service. All setups using the Horizon dashboard with the blazar-dashboard plugin are affected. | |||||
CVE-2020-17376 | 1 Openstack | 1 Nova | 2024-11-21 | 6.5 MEDIUM | 8.3 HIGH |
An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployments allowing host-based connections (for instance, root and ephemeral devices) are affected. | |||||
CVE-2020-12692 | 2 Canonical, Openstack | 2 Ubuntu Linux, Keystone | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times. | |||||
CVE-2020-12691 | 2 Canonical, Openstack | 2 Ubuntu Linux, Keystone | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges. | |||||
CVE-2020-12690 | 1 Openstack | 1 Keystone | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. This results in the provided keystone token having more role assignments than the creator intended, possibly giving unintended escalated access. | |||||
CVE-2020-12689 | 2 Canonical, Openstack | 2 Ubuntu Linux, Keystone | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges. | |||||
CVE-2019-9735 | 3 Debian, Openstack, Redhat | 3 Debian Linux, Neutron, Openstack | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option (for example, VRRP), an authenticated user may block further application of security group rules for instances from any project/tenant on the compute hosts to which it's applied. (Only deployments using the iptables security group driver are affected.) | |||||
CVE-2019-3895 | 2 Openstack, Redhat | 2 Octavia, Openstack | 2024-11-21 | 6.8 MEDIUM | 8.0 HIGH |
An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested to spawn new amphorae, Octavia would then pick up the compromised image. | |||||
CVE-2019-3830 | 2 Openstack, Redhat | 2 Ceilometer, Openstack | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated. | |||||
CVE-2019-19687 | 1 Openstack | 1 Keystone | 2024-11-21 | 3.5 LOW | 8.8 HIGH |
OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforce_scope is false. Users with a role on a project are able to view any other users' credentials, which could (for example) leak sign-on information for Time-based One Time Passwords (TOTP). Deployments with enforce_scope set to false are affected. (There will be a slight performance impact for the list credentials API once this issue is fixed.) | |||||
CVE-2019-15753 | 1 Openstack | 1 Os-vif | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instances belonging to other tenants sharing the same network. Only deployments using the linuxbridge backend are affected. This occurs in PyRoute2.add() in internal/command/ip/linux/impl_pyroute2.py. | |||||
CVE-2019-14433 | 4 Canonical, Debian, Openstack and 1 more | 4 Ubuntu Linux, Debian Linux, Nova and 1 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data. |