Vulnerabilities (CVE)

Filtered by vendor Openstack Subscribe
Filtered by product Manila
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-9543 1 Openstack 1 Manila 2024-11-21 6.5 MEDIUM 8.3 HIGH
OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks.
CVE-2016-6519 2 Openstack, Redhat 2 Manila, Openstack 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form.