Vulnerabilities (CVE)

Filtered by vendor Openstack Subscribe
Total 256 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-3895 2 Openstack, Redhat 2 Octavia, Openstack 2024-02-28 6.8 MEDIUM 8.0 HIGH
An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested to spawn new amphorae, Octavia would then pick up the compromised image.
CVE-2016-7404 1 Openstack 1 Magnum 2024-02-28 7.5 HIGH 9.8 CRITICAL
OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform.
CVE-2018-14432 3 Debian, Openstack, Redhat 3 Debian Linux, Keystone, Openstack 2024-02-28 3.5 LOW 5.3 MEDIUM
In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access, leaking all projects in the deployment and their attributes. Only Keystone with the /v3/OS-FEDERATION endpoint enabled via policy.json is affected.
CVE-2018-14636 1 Openstack 1 Neutron 2024-02-28 3.5 LOW 5.3 MEDIUM
Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively down prior to live-migration and kept down after the migration is complete. This is possible due to the Open vSwitch integration bridge being connected to the instance during migration. When connected to the integration bridge, all traffic for instances using the same Open vSwitch instance would potentially be visible to the migrated guest, as the required Open vSwitch VLAN filters are only applied post-migration. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3, 11.0.5 are vulnerable.
CVE-2018-14635 2 Openstack, Redhat 2 Neutron, Openstack 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside of the allowed allocation pool. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3 and 11.0.5 are vulnerable.
CVE-2017-15139 2 Openstack, Redhat 2 Cinder, Openstack 2024-02-28 5.0 MEDIUM 7.5 HIGH
A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants.
CVE-2018-10898 2 Openstack, Redhat 2 Tripleo Heat Templates, Openstack 2024-02-28 5.8 MEDIUM 8.8 HIGH
A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials.
CVE-2017-2627 2 Openstack, Redhat 2 Tripleo-common, Openstack 2024-02-28 7.2 HIGH 8.2 HIGH
A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. The sudoers file as installed with OSP's openstack-tripleo-common package is much too permissive. It contains several lines for the mistral user that have wildcards that allow directory traversal with '..' and it grants full passwordless root access to the validations user.
CVE-2016-8611 1 Openstack 1 Glance 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 `/images` API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation.
CVE-2017-7543 2 Openstack, Redhat 3 Neutron, Enterprise Linux, Openstack 2024-02-28 4.3 MEDIUM 5.9 MEDIUM
A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources.
CVE-2017-2621 2 Openstack, Redhat 2 Heat, Openstack 2024-02-28 2.1 LOW 5.5 MEDIUM
An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.
CVE-2016-9590 2 Openstack, Redhat 2 Puppet-swift, Openstack 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage (swift). During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions.
CVE-2017-2592 2 Canonical, Openstack 2 Ubuntu Linux, Oslo.middleware 2024-02-28 2.1 LOW 5.5 MEDIUM
python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens).
CVE-2017-18191 2 Openstack, Redhat 2 Nova, Openstack 2024-02-28 7.8 HIGH 7.5 HIGH
An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected.
CVE-2016-9599 2 Openstack, Redhat 2 Puppet-tripleo, Openstack 2024-02-28 6.0 MEDIUM 7.5 HIGH
puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gain access to unauthorized resources.
CVE-2017-12440 1 Openstack 1 Openstack 2024-02-28 6.0 MEDIUM 7.5 HIGH
Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with knowledge of trust IDs where Aodh is the trustee to obtain a Keystone token and perform unspecified authenticated actions by adding an alarm action with the scheme trust+http, and providing a trust id where Aodh is the trustee.
CVE-2017-1000366 8 Debian, Gnu, Mcafee and 5 more 20 Debian Linux, Glibc, Web Gateway and 17 more 2024-02-28 7.2 HIGH 7.8 HIGH
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.
CVE-2017-16613 2 Debian, Openstack 3 Debian Linux, Swauth, Swift 2024-02-28 7.5 HIGH 9.8 CRITICAL
An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI. This allows attackers to bypass authentication by inserting a token into an X-Auth-Token header of a new request. NOTE: github.com/openstack/swauth URLs do not mean that Swauth is maintained by an official OpenStack project team.
CVE-2017-16239 1 Openstack 1 Nova 2024-02-28 4.0 MEDIUM 6.5 MEDIUM
In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected. Because of the regression described in Launchpad Bug #1732947, the preferred fix is a 14.x version after 14.0.10, a 15.x version after 15.0.8, or a 16.x version after 16.0.3.
CVE-2017-7549 2 Openstack, Redhat 2 Instack-undercloud, Openstack 2024-02-28 3.3 LOW 6.4 MEDIUM
A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.