MidnightBSD

Advisories for openstack

CVE-2011-4596 MEDIUM

Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball or (2) manifest.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
openstack nova *
CVE-2012-0030 MEDIUM

Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
openstack nova 2011.3
openstack essex *
CVE-2012-2094 MEDIUM

Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
openstack horizon 2012.1
openstack horizon folsom-1
CVE-2012-2101 LOW

Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request that triggers a large number of iptables rules.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
openstack nova 2012.1
openstack nova 2011.3
openstack nova folsom
CVE-2012-2144 MEDIUM

Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openstack horizon 2012.1
openstack horizon folsom-1
CVE-2012-2654 MEDIUM

The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
openstack essex 2012.1
openstack diablo 2011.3
openstack compute 2012.2
CVE-2012-3371 LOW

The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
openstack essex 2012.1
openstack folsom 2012.2
openstack compute 2012.2
CVE-2012-3447 MEDIUM

virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3361.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
openstack nova 2012.1
openstack folsom *
CVE-2012-3540 MEDIUM

Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by mistake.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
openstack horizon 2012.1
CVE-2012-3542 MEDIUM

OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
openstack essex 2012.1
openstack horizon folsom-3
CVE-2012-4406 HIGH

OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
openstack swift 1.0.1
openstack swift 1.4.6
openstack swift *
openstack swift 1.4.1
openstack swift 1.4.2
openstack swift 1.4.0
openstack swift 1.4.8
openstack swift 1.0.0
openstack swift 1.4.4
openstack swift 1.3.0
openstack swift 1.4.7
openstack swift 1.2.0
openstack swift 1.0.2
openstack swift 1.4.5
openstack swift 1.5.0
openstack swift 1.4.3
openstack swift 1.1.0
CVE-2012-4413 MEDIUM

OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
openstack keystone 2012.1.3
CVE-2012-4456 HIGH

The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the roles for an arbitrary user or get, create, or delete arbitrary services.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
openstack keystone *
openstack keystone 2012.2
CVE-2012-5563 MEDIUM

OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-255,

Products Affected

Vendor Product Version
openstack folsom 2012.2
CVE-2012-5571 LOW

A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 (Elastic Compute Cloud) tokens when a user's role has been removed from a tenant. An attacker can leverage a token associated with a removed user role to gain unauthorized access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

CVSS 2.0

Severity: LOW

Problem Type: CWE-639,CWE-255,

Products Affected

Vendor Product Version
openstack essex 2012.1
openstack folsom 2012.2
CVE-2013-0208 MEDIUM

The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
canonical ubuntu_linux 11.10
canonical ubuntu_linux 12.10
openstack folsom -
openstack essex -
CVE-2013-0212 MEDIUM

store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
canonical ubuntu_linux 11.10
canonical ubuntu_linux 12.10
openstack image_registry_and_delivery_service_(glance) 2012.2.1
openstack image_registry_and_delivery_service_(glance) 2012.2
openstack image_registry_and_delivery_service_(glance) 2012.1
openstack image_registry_and_delivery_service_(glance) 2012.2.2
CVE-2013-0247 MEDIUM

OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service (disk consumption) via many invalid token requests that trigger excessive generation of log entries.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
openstack keystone *
canonical ubuntu_linux 12.10
CVE-2013-0261 MEDIUM

A flaw was found in PackStack. A local user could exploit a symlink attack on a temporary file with a predictable name in the `/tmp` directory. This vulnerability allows the local user to overwrite arbitrary files on the system, potentially leading to system compromise or data corruption.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-59,CWE-264,

Products Affected

Vendor Product Version
openstack folsom -
openstack essex -
CVE-2013-0266 LOW

A flaw was found in the `puppetlabs-cinder` module, as used in PackStack. This vulnerability is due to incorrect file permissions, specifically world-readable permissions, on the `cinder.conf` and `api-paste.ini` configuration files. A local user can exploit this by reading these files, which leads to the disclosure of OpenStack administrative passwords. This information disclosure could allow unauthorized access to sensitive OpenStack resources.

CVSS 2.0

Severity: LOW

Problem Type: CWE-276,CWE-362,

Products Affected

Vendor Product Version
openstack folsom -
openstack essex -
CVE-2013-0270 MEDIUM

A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected system.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1284,CWE-119,

Products Affected

Vendor Product Version
openstack keystone *
openstack keystone 2013.1
CVE-2013-0282 MEDIUM

OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
openstack keystone *
openstack keystone 2013.1
CVE-2013-0326 LOW

OpenStack nova base images permissions are world readable

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-732,

Products Affected

Vendor Product Version
openstack nova -
debian debian_linux 10.0
debian debian_linux 8.0
debian debian_linux 9.0
CVE-2013-0335 MEDIUM

OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
openstack essex 2012.1
canonical ubuntu_linux 11.10
canonical ubuntu_linux 12.10
openstack folsom 2012.2
openstack grizzly 2012.2
CVE-2013-1664 MEDIUM

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
openstack compute_(nova)_folsom -
openstack keystone_essex -
openstack cinder_folsom -
openstack folsom -
openstack compute_(nova)_essex -
openstack grizzly -
CVE-2013-1665 MEDIUM

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openstack keystone_essex -
openstack folsom -
CVE-2013-1838 MEDIUM

OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
openstack essex 2012.1
canonical ubuntu_linux 11.10
canonical ubuntu_linux 12.10
openstack folsom 2012.2
openstack grizzly 2012.2
CVE-2013-1840 LOW

The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openstack glance v1
CVE-2013-1865 MEDIUM

OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.10
openstack folsom 2012.2
CVE-2013-1977 LOW

OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
openstack devstack -
CVE-2013-2006 LOW

OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openstack keystone 2013.1.1
CVE-2013-2013 LOW

The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the process.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openstack python-keystoneclient *
openstack python-keystoneclient 0.2.2
CVE-2013-2014 MEDIUM

OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
fedoraproject fedora 19
openstack keystone *
CVE-2013-2030 LOW

keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
openstack compute 2013.1.3
openstack compute 2013.1
openstack compute 2013.1.2
openstack folsom -
openstack grizzly 2013.1
openstack compute 2013.1.1
openstack havana havana-2
openstack havana havana-3
openstack havana havana-1
CVE-2013-2059 MEDIUM

OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
openstack keystone 2013.1
openstack keystone 2012.1
CVE-2013-2096 LOW

OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of data.

CVSS 2.0

Severity: LOW

Problem Type: CWE-399,

Products Affected

Vendor Product Version
openstack folsom -
openstack havana -
openstack grizzly -
CVE-2013-2104 MEDIUM

python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
openstack python-keystoneclient *
openstack python-keystoneclient 0.2.2
CVE-2013-2157 MEDIUM

OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
openstack keystone *
CVE-2013-2161 HIGH

XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
openstack folsom -
openstack havana -
opensuse opensuse 12.3
openstack grizzly -
CVE-2013-2166 HIGH

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-326,

Products Affected

Vendor Product Version
fedoraproject fedora 19
openstack python-keystoneclient *
redhat openstack 3.0
debian debian_linux 10.0
debian debian_linux 8.0
debian debian_linux 9.0
CVE-2013-2167 HIGH

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-345,

Products Affected

Vendor Product Version
openstack python-keystoneclient *
redhat openstack 3.0
debian debian_linux 10.0
debian debian_linux 8.0
debian debian_linux 9.0
CVE-2013-2255 MEDIUM

HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-295,

Products Affected

Vendor Product Version
openstack compute 2013.1
openstack keystone 2013
redhat openstack 4.0
redhat openstack 3.0
debian debian_linux 10.0
debian debian_linux 8.0
debian debian_linux 9.0
CVE-2013-2256 MEDIUM

OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors, and possibly have other unspecified impacts by guessing the flavor id.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
openstack nova *
openstack nova 2013.2
CVE-2013-4111 MEDIUM

The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate and allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
opensuse opensuse 12.3
openstack python_glanceclient 0.9.0
CVE-2013-4155 MEDIUM

OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service ("superfluous" tombstone consumption and Swift cluster slowdown) via a DELETE request with a timestamp that is older than expected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
openstack swift 1.7.5
openstack swift 1.4.6
openstack swift 1.4.1
openstack swift 1.4.8
openstack swift 1.0.0
openstack swift 1.7.0
openstack swift 1.4.7
openstack swift 1.4.5
openstack folsom -
openstack swift 1.5.0
openstack havana -
openstack swift 1.7.2
openstack swift 1.4.3
openstack grizzly -
openstack swift 1.0.1
openstack swift 1.7.6
openstack swift *
openstack swift 1.6.0
openstack swift 1.4.2
openstack swift 1.4.0
openstack swift 1.4.4
openstack swift 1.3.0
openstack swift 1.2.0
openstack swift 1.0.2
openstack swift 1.8.0
openstack swift 1.7.4
openstack swift 1.1.0
CVE-2013-4179 MEDIUM

The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
openstack compute 2013.1.3
openstack havana *
openstack havana havana-1
CVE-2013-4183 LOW

The clear_volume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive information via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openstack cinder 2013.1.1
openstack cinder 2013.1.2
CVE-2013-4185 MEDIUM

Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update requests.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
redhat openstack 3.0
openstack compute *
CVE-2013-4202 MEDIUM

The (1) backup (api/contrib/backups.py) and (2) volume transfer (contrib/volume_transfer.py) APIs in OpenStack Cinder Grizzly 2013.1.3 and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
canonical ubuntu_linux 13.04
openstack cinder *
CVE-2013-4222 MEDIUM

OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,

Products Affected

Vendor Product Version
openstack keystone *
canonical ubuntu_linux 13.04
canonical ubuntu_linux 12.10
fedoraproject fedora 20
redhat openstack 3.0
CVE-2013-4261 LOW

OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send long strings to an instance console and retrieving the console log.

CVSS 2.0

Severity: LOW

Problem Type: CWE-119,

Products Affected

Vendor Product Version
openstack grizzly *
openstack folsom *
redhat openstack 3.0
CVE-2013-4278 LOW

The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for CVE-2013-2256.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
openstack compute -
CVE-2013-4294 MEDIUM

The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
openstack keystone 2012.2
openstack keystone 2012.2.1
openstack keystone 2012.2.4
openstack keystone 2013.1
openstack keystone 2013.1.1
openstack keystone 2012.2.2
openstack keystone 2013.1.2
openstack keystone 2012.2.3
openstack keystone 2013.1.3
CVE-2013-4354 LOW

The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image.

CVSS 2.0

Severity: LOW

Problem Type: CWE-20,

Products Affected

Vendor Product Version
openstack image_registry_and_delivery_service_(glance) -
CVE-2013-4428 LOW

OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image UUID.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
openstack glance *
canonical ubuntu_linux 13.04
canonical ubuntu_linux 12.10
openstack glance 2013.2
CVE-2013-4463 LOW

OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) via a compressed QCOW2 image. NOTE: this issue is due to an incomplete fix for CVE-2013-2096.

CVSS 2.0

Severity: LOW

Problem Type: CWE-399,

Products Affected

Vendor Product Version
openstack folsom -
openstack havana -
openstack grizzly -
CVE-2013-4469 LOW

OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by transferring an image with a large virtual size that does not contain a large amount of data from Glance. NOTE: this issue is due to an incomplete fix for CVE-2013-2096.

CVSS 2.0

Severity: LOW

Problem Type: CWE-399,

Products Affected

Vendor Product Version
openstack folsom -
openstack havana -
openstack grizzly -
CVE-2013-4471 MEDIUM

The Identity v3 API in OpenStack Dashboard (Horizon) before 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to change a user password by leveraging the authentication token for that user.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-287,

Products Affected

Vendor Product Version
openstack horizon *
CVE-2013-4477 LOW

The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
openstack havana -
openstack grizzly -
CVE-2013-4497 MEDIUM

The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
openstack folsom -
openstack havana havana-2
openstack havana *
openstack havana havana-1
openstack grizzly -
CVE-2013-6384 LOW

(1) impl_db2.py and (2) impl_mongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to obtain sensitive information (the DB2 or MongoDB password) by reading the log file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-532,

Products Affected

Vendor Product Version
openstack ceilometer *
CVE-2013-6391 MEDIUM

The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2tokens API request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
openstack keystone *
redhat openstack 4.0
canonical ubuntu_linux 13.10
CVE-2013-6396 MEDIUM

The OpenStack Python client library for Swift (python-swiftclient) 1.0 through 1.9.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
openstack swift 1.7.5
openstack swift 1.4.6
openstack swift 1.4.1
openstack swift 1.4.8
openstack swift 1.0.0
openstack swift 1.7.0
openstack swift 1.4.7
openstack swift 1.4.5
openstack swift 1.5.0
openstack swift 1.10.0
openstack swift 1.7.2
openstack swift 1.4.3
openstack swift 1.0.1
openstack swift 1.7.6
openstack swift 1.11.0
openstack swift 1.6.0
openstack swift 1.4.2
openstack swift 1.4.0
openstack swift 1.9.0
openstack swift 1.4.4
openstack swift 1.3.0
openstack swift 1.2.0
openstack swift 1.0.2
openstack swift 1.8.0
openstack swift 1.7.4
openstack swift 1.1.0
CVE-2013-6419 MEDIUM

Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by (1) api/metadata/handler.py in Nova and (2) the neutron-metadata-agent (agent/metadata/agent.py) in Neutron.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openstack havana *
CVE-2013-6426 MEDIUM

The cloudformation-compatible API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance users to bypass intended access restrictions and (1) create a stack via the CreateStack method or (2) update a stack via the UpdateStack method.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
openstack heat *
CVE-2013-6428 MEDIUM

The ReST API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 allows remote authenticated users to bypass the tenant scoping restrictions via a modified tenant_id in the request path.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
openstack heat *
CVE-2013-6433 HIGH

The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
openstack neutron *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 13.10
CVE-2013-6437 MEDIUM

The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and icehouse before icehouse-2 allows remote authenticated users to cause a denial of service (disk consumption) by creating and deleting instances with unique os_type settings, which triggers the creation of a new ephemeral disk backing file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
openstack nova *
openstack nova 2014.1
CVE-2013-6491 MEDIUM

The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
openstack oslo *
redhat openstack 3.0
CVE-2013-6858 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topology" page.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
canonical ubuntu_linux 13.04
canonical ubuntu_linux 12.10
openstack horizon *
opensuse opensuse 13.1
canonical ubuntu_linux 13.10
CVE-2013-7048 LOW

OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
openstack nova *
CVE-2013-7130 HIGH

The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openstack compute 2013.1.3
openstack compute 2013.1
openstack compute 2013.1.2
openstack havana -
openstack compute 2013.1.1
openstack icehouse -
openstack compute 2012.2
openstack grizzly -
CVE-2014-0006 MEDIUM

The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openstack swift 1.7.5
openstack swift 1.7.6
openstack swift 1.4.6
openstack swift 1.11.0
openstack swift 1.6.0
openstack swift 1.9.2
openstack swift 1.4.8
openstack swift 1.9.0
openstack swift 1.9.1
openstack swift 1.7.0
openstack swift 1.4.7
openstack swift 1.5.0
openstack swift 1.8.0
openstack swift 1.7.4
openstack swift 1.10.0
openstack swift 1.7.2
CVE-2014-0056 LOW

The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command.

CVSS 2.0

Severity: LOW

Problem Type: CWE-287,

Products Affected

Vendor Product Version
openstack neutron 2013.1.2
openstack neutron 2013.2.2
openstack neutron 2013.1
openstack neutron 2013.1.3
openstack neutron 2013.1.4
canonical ubuntu_linux 13.10
openstack neutron 2013.1.1
openstack neutron 2012.2.1
openstack neutron 2012.2.3
openstack neutron 2012.2.2
openstack neutron 2013.2
openstack neutron 2012.2
openstack neutron 2013.2.1
openstack neutron 2013.1.5
openstack neutron 2012.2.4
CVE-2014-0105 MEDIUM

The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, related to an "interaction between eventlet and python-memcached."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-255,

Products Affected

Vendor Product Version
openstack python-keystoneclient 0.3.2
openstack python-keystoneclient 0.3.0
openstack python-keystoneclient 0.2.3
openstack python-keystoneclient *
openstack python-keystoneclient 0.2.2
openstack python-keystoneclient 0.3.1
openstack python-keystoneclient 0.2.4
CVE-2014-0134 LOW

The instance rescue mode in OpenStack Compute (Nova) 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and use_cow_images is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk with a crafted image.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openstack compute 2013.2.2
openstack compute 2013.2
openstack compute 2013.2.1
CVE-2014-0157 MEDIUM

Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to inject arbitrary web script or HTML via the description field of a Heat template.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
openstack horizon 2013.2.2
opensuse opensuse 13.1
openstack horizon 2013.2
openstack horizon 2013.2.1
openstack horizon 2013.2.3
CVE-2014-0162 MEDIUM

The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
openstack icehouse rc-1
openstack image_registry_and_delivery_service_(glance) 2013.2.3
openstack image_registry_and_delivery_service_(glance) 2013.2.1
openstack image_registry_and_delivery_service_(glance) 2013.2.2
openstack image_registry_and_delivery_service_(glance) 2013.2
CVE-2014-0167 MEDIUM

The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules, (3) destroy, and other unspecified methods in compute/api.py when using non-default policies, which allows remote authenticated users to gain privileges via these API requests.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
openstack compute 2013.1.3
openstack compute 2013.2.2
openstack compute 2013.1
openstack compute 2013.1.2
openstack compute 2013.2
openstack compute 2013.1.1
openstack icehouse -
openstack compute 2013.2.1
openstack compute 2013.2.3
CVE-2014-0187 HIGH

The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
openstack neutron 2013.1.2
openstack neutron 2013.2.2
openstack neutron 2013.1
openstack neutron 2013.1.3
opensuse opensuse 13.1
openstack neutron 2013.1.4
openstack neutron 2014.1
canonical ubuntu_linux 14.04
openstack neutron 2013.1.1
openstack neutron 2013.2
canonical ubuntu_linux 13.04
openstack neutron 2013.2.1
openstack neutron 2013.1.5
openstack neutron 2013.2.3
CVE-2014-0204 MEDIUM

OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
openstack keystone *
CVE-2014-1948 LOW

OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log.

CVSS 2.0

Severity: LOW

Problem Type: CWE-255,

Products Affected

Vendor Product Version
openstack image_registry_and_delivery_service_(glance) 2013.2.1
openstack image_registry_and_delivery_service_(glance) 2013.2
CVE-2014-2237 MEDIUM

The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being invalidated by bulk token revocation and allows the trustee to bypass intended access restrictions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
openstack keystone 2013.1
openstack keystone 2013.1.1
openstack keystone 2013.1.2
openstack keystone 2013.2.2
openstack keystone 2013.1.4
openstack keystone 2013.1.3
CVE-2014-2573 LOW

The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
openstack compute 2013.2.2
openstack compute 2013.2
openstack compute 2013.2.1
CVE-2014-2828 HIGH

The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the same authentication method in a request, aka "authentication chaining."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
openstack keystone 2013.2.1
openstack keystone 2013.2.3
openstack keystone 2013.1
openstack keystone 2013.1.1
openstack keystone 2013.1.2
openstack keystone 2013.2.2
openstack keystone 2013.2
openstack keystone 2013.1.3
CVE-2014-3473 MEDIUM

Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2, when used with Heat, allows remote Orchestration template owners or catalogs to inject arbitrary web script or HTML via a crafted template.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
openstack horizon *
opensuse opensuse 13.1
openstack horizon juno-1
CVE-2014-3474 LOW

Cross-site scripting (XSS) vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to inject arbitrary web script or HTML via a network name.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
openstack horizon *
opensuse opensuse 13.1
openstack horizon juno-1
CVE-2014-3475 LOW

Cross-site scripting (XSS) vulnerability in the Users panel (admin/users/) in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-8578.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
openstack horizon *
opensuse opensuse 13.1
openstack horizon juno-1
CVE-2014-3476 MEDIUM

OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a (1) trust or (2) OAuth token with impersonation enabled to create a new token with additional roles.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
openstack keystone *
suse cloud 3
CVE-2014-3497 MEDIUM

Cross-site scripting (XSS) vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
openstack swift 1.11.0
openstack swift 1.12.0
openstack swift 1.13.0
openstack swift 1.13.1
CVE-2014-3517 MEDIUM

api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openstack nova *
openstack nova 2014.2.0
CVE-2014-3520 MEDIUM

OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust token request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
openstack keystone *
CVE-2014-3555 MEDIUM

OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a large number of allowed address pairs.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
openstack neutron 2013.2.4
openstack neutron 2014.1
openstack neutron juno-1
openstack neutron 2014.1.1
CVE-2014-3594 LOW

Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via a new host aggregate name.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
openstack horizon *
openstack horizon juno-2
opensuse opensuse 13.1
openstack horizon juno-1
CVE-2014-3608 LOW

The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by putting the VM into the rescue state, suspending it, which puts into an ERROR state, and then deleting the image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2573.

CVSS 2.0

Severity: LOW

Problem Type: CWE-399,

Products Affected

Vendor Product Version
openstack nova *
CVE-2014-3621 MEDIUM

The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openstack keystone *
canonical ubuntu_linux 14.04
redhat openstack 4.0
redhat openstack 5.0
CVE-2014-3632 HIGH

The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6, allows remote attackers to gain privileges via a crafted configuration file. NOTE: this vulnerability exists because of a CVE-2013-6433 regression.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
openstack neutron *
CVE-2014-3641 MEDIUM

The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder before 2014.1.3 allows remote authenticated users to obtain file data from the Cinder-volume host by cloning and attaching a volume with a crafted qcow2 header.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openstack cinder 2014.1.1
openstack cinder *
CVE-2014-3708 MEDIUM

OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
openstack nova *
redhat openstack 5.0
CVE-2014-3801 LOW

OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openstack heat 2013.2.2
openstack heat 2013.2.1
openstack heat 2013.2
openstack heat 2013.2.3
openstack heat 2014.1
CVE-2014-4167 LOW

The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router.

CVSS 2.0

Severity: LOW

Problem Type: CWE-264,

Products Affected

Vendor Product Version
openstack neutron *
openstack neutron 2014.1
canonical ubuntu_linux 14.04
canonical ubuntu_linux 13.10
openstack neutron 2014.1.1
CVE-2014-4615 MEDIUM

The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/meters/http.request).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openstack pycadf 0.1.3
openstack pycadf 0.3.1
openstack pycadf 0.1.2
openstack pycadf 0.1.9
openstack pycadf 0.2.1
openstack pycadf 0.2.2
openstack pycadf 0.1
openstack telemetry_(ceilometer) 2014.1
openstack pycadf 0.1.5
openstack pycadf 0.1.6
openstack pycadf 0.1.8
openstack neutron 2014.1.1
openstack pycadf 0.1.7
openstack pycadf *
openstack pycadf 0.2
openstack neutron 2014.1
openstack neutron juno1
canonical ubuntu_linux 14.04
redhat openstack 4.0
openstack pycadf 0.1.4
openstack pycadf 0.4
openstack pycadf 0.4.1
openstack pycadf 0.1.1
openstack pycadf 0.3
openstack oslo -
openstack telemetry_(ceilometer) 2013.2
CVE-2014-5251 MEDIUM

The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-255,

Products Affected

Vendor Product Version
openstack keystone juno-2
canonical ubuntu_linux 14.04
openstack keystone juno-1
openstack keystone 2014.1
openstack keystone 2014.1.2
CVE-2014-5252 MEDIUM

The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification (1) GET or (2) HEAD request to v3/auth/tokens/.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-255,

Products Affected

Vendor Product Version
openstack keystone juno-2
canonical ubuntu_linux 14.04
openstack keystone juno-1
openstack keystone 2014.1
openstack keystone 2014.1.2
CVE-2014-5253 MEDIUM

OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-255,

Products Affected

Vendor Product Version
openstack keystone juno-2
canonical ubuntu_linux 14.04
openstack keystone juno-1
openstack keystone 2014.1
openstack keystone 2014.1.2
CVE-2014-5356 MEDIUM

OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a large image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
openstack image_registry_and_delivery_service_(glance) 2014.1.1
openstack image_registry_and_delivery_service_(glance) juno-2
openstack image_registry_and_delivery_service_(glance) *
openstack image_registry_and_delivery_service_(glance) 2013.2.1
openstack image_registry_and_delivery_service_(glance) 2014.1
canonical ubuntu_linux 14.04
openstack image_registry_and_delivery_service_(glance) juno-1
openstack image_registry_and_delivery_service_(glance) 2013.2.2
openstack image_registry_and_delivery_service_(glance) 2013.2
openstack image_registry_and_delivery_service_(glance) 2014.1.2
CVE-2014-6414 MEDIUM

OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
openstack neutron *
canonical ubuntu_linux 14.04
CVE-2014-7144 MEDIUM

OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
openstack python-keystoneclient *
openstack keystonemiddleware 1.1.0
openstack keystonemiddleware 1.1.1
openstack keystonemiddleware 1.0.0
CVE-2014-7230 LOW

The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openstack nova *
openstack cinder *
canonical ubuntu_linux 14.04
openstack trove *
redhat openstack 5.0
CVE-2014-7231 LOW

The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openstack nova *
openstack cinder *
openstack trove *
redhat openstack 5.0
CVE-2014-7821 MEDIUM

OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-399,

Products Affected

Vendor Product Version
openstack neutron *
fedoraproject fedora 20
redhat openstack 4.0
CVE-2014-7960 MEDIUM

OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when combined.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
openstack swift *
CVE-2014-8124 MEDIUM

OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service via a large number of requests to the login page.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
fedoraproject fedora 21
oracle solaris 11.2
openstack horizon *
opensuse opensuse 13.1
CVE-2014-8153 MEDIUM

The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service (blocked router update processing) by creating eight routers and assigning an ipv6 non-provider subnet to each.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
openstack neutron 2014.2
openstack neutron 2014.2.1
litech router_advertisement_daemon 2.0
CVE-2014-8333 MEDIUM

The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
openstack nova *
redhat openstack 5.0
CVE-2014-8578 LOW

Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-3475.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
openstack horizon *
openstack horizon juno-1
CVE-2014-8750 MEDIUM

Race condition in the VMware driver in OpenStack Compute (Nova) before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance that triggers the same VNC port to be allocated to two different instances.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
openstack nova *
openstack nova 2014.2
CVE-2014-9493 MEDIUM

The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
openstack image_registry_and_delivery_service_(glance) *
redhat openstack 4.0
redhat openstack 5.0
CVE-2014-9623 MEDIUM

OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
openstack image_registry_and_delivery_service_(glance) *
openstack image_registry_and_delivery_service_(glance) 2014.2
redhat openstack 5.0
CVE-2014-9684 MEDIUM

OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them before the uploads finish, a different vulnerability than CVE-2015-1881.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
openstack image_registry_and_delivery_service_(glance) 2014.2.1
openstack image_registry_and_delivery_service_(glance) 2014.2
openstack image_registry_and_delivery_service_(glance) 2014.2.2
CVE-2015-0259 MEDIUM

OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-345,

Products Affected

Vendor Product Version
openstack nova *
openstack nova 2015.1.0
CVE-2015-1195 MEDIUM

The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9493.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
openstack image_registry_and_delivery_service_(glance) *
CVE-2015-1851 MEDIUM

OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openstack juno 2014.2.2
openstack icehouse *
openstack juno 2014.2
openstack juno 2014.2.3
canonical ubuntu_linux 15.04
openstack kilo 2015.1.0
CVE-2015-1852 MEDIUM

The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate, a different vulnerability than CVE-2014-7144.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-17,

Products Affected

Vendor Product Version
openstack python-keystoneclient *
canonical ubuntu_linux 14.04
openstack keystonemiddleware *
canonical ubuntu_linux 15.04
CVE-2015-1856 MEDIUM

OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
openstack swift *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 15.04
CVE-2015-1881 MEDIUM

OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them, a different vulnerability than CVE-2014-9684.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
openstack image_registry_and_delivery_service_(glance) 2014.2.1
openstack image_registry_and_delivery_service_(glance) 2014.2
openstack image_registry_and_delivery_service_(glance) 2014.2.2
CVE-2015-2687 LOW

OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for.

CVSS 2.0

Severity: LOW

Problem Type: CWE-284,

Products Affected

Vendor Product Version
openstack compute 2014.1
openstack compute 2014.1.2
openstack compute 2014.1.1
openstack compute 2014.1.4
openstack compute 2013.2.4
openstack compute 2014.1.5
openstack compute 2014.2.3
openstack compute 2014.1.3
openstack compute 2014.2
openstack compute 2013.2.3
openstack compute 2013.2.2
openstack compute 2013.2
openstack compute 2014.2.1
openstack compute 2014.2.4
openstack compute 2014.2.2
openstack compute 2013.2.1
CVE-2015-3156 LOW

The _write_config function in trove/guestagent/datastore/experimental/mongodb/service.py, reset_configuration function in trove/guestagent/datastore/experimental/postgresql/service/config.py, write_config function in trove/guestagent/datastore/experimental/redis/service.py, _write_mycnf function in trove/guestagent/datastore/mysql/service.py, InnoBackupEx::_run_prepare function in trove/guestagent/strategies/restore/mysql_impl.py, InnoBackupEx::cmd function in trove/guestagent/strategies/backup/mysql_impl.py, MySQLDump::cmd in trove/guestagent/strategies/backup/mysql_impl.py, InnoBackupExIncremental::cmd function in trove/guestagent/strategies/backup/mysql_impl.py, _get_actual_db_status function in trove/guestagent/datastore/experimental/cassandra/system.py and trove/guestagent/datastore/experimental/cassandra/service.py, and multiple class CbBackup methods in trove/guestagent/strategies/backup/experimental/couchbase_impl.py in Openstack DBaaS (aka Trove) as packaged in Openstack before 2015.1.0 (aka Kilo) allows local users to write to configuration files via a symlink attack on a temporary file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
openstack trove *
CVE-2015-3219 MEDIUM

Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handled in the help_text attribute in the Field class.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
openstack horizon 2014.2.0
openstack horizon 2014.2.2
oracle solaris 11.2
openstack horizon 2014.2.1
openstack horizon 2014.2.3
openstack horizon 2015.1.0
debian debian_linux 8.0
CVE-2015-3221 MEDIUM

OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset tool.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
openstack neutron *
CVE-2015-3241 MEDIUM

OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then deleting an instance.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
openstack nova *
CVE-2015-3280 MEDIUM

OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
openstack nova *
CVE-2015-3289 MEDIUM

OpenStack Glance before 2015.1.1 (kilo) allows remote authenticated users to cause a denial of service (disk consumption) by repeatedly using the import task flow API to create images and then deleting them.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
openstack glance *
CVE-2015-3646 MEDIUM

OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openstack keystone *
oracle solaris 11.2
CVE-2015-3988 LOW

Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance image, (2) Nova flavor or (3) Host Aggregate.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
oracle solaris 11.2
openstack horizon 2015.1.0
CVE-2015-5162 HIGH

The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attackers to cause a denial of service (memory and disk consumption) via a crafted disk image.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
openstack glance *
openstack nova *
openstack nova 13.0.0
openstack cinder 8.1.0
openstack glance 12.0.0
openstack cinder 8.0.0
openstack cinder 7.0.2
openstack glance 11.0.1
CVE-2015-5163 LOW

The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openstack glance 2015.1.0
openstack glance 2015.1.1
CVE-2015-5223 MEDIUM

OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openstack swift *
CVE-2015-5240 LOW

Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: before the security group rules are applied.

CVSS 2.0

Severity: LOW

Problem Type: CWE-362,

Products Affected

Vendor Product Version
openstack neutron 2014.2.3
openstack neutron 2015.1.0
openstack neutron 2015.1.1
CVE-2015-5251 MEDIUM

OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
openstack image_registry_and_delivery_service_(glance) *
openstack image_registry_and_delivery_service_(glance) 2015.1.1
openstack image_registry_and_delivery_service_(glance) 2015.1.0
CVE-2015-5271 MEDIUM

The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive information from private containers via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
redhat openstack 7.0
openstack tripleo_heat_templates -
CVE-2015-5286 MEDIUM

OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a token that expires during the process. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9623.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
openstack image_registry_and_delivery_service_(glance) *
openstack image_registry_and_delivery_service_(glance) 2015.1.1
openstack image_registry_and_delivery_service_(glance) 2015.1.0
CVE-2015-5295 MEDIUM

The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory consumption) or determine the existence of local files via the resource type in a template, as demonstrated by file:///dev/zero.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
redhat openstack 7.0
fedoraproject fedora 23
openstack orchestration_api *
oracle solaris 11.3
CVE-2015-5303 MEDIUM

The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
openstack tripleo_heat_templates *
CVE-2015-5306 MEDIUM

OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
openstack ironic_inspector *
CVE-2015-5694 MEDIUM

Designate does not enforce the DNS protocol limit concerning record set sizes

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-835,

Products Affected

Vendor Product Version
redhat enterprise_linux_openstack_platform 7
openstack designate 1.0.0.0
openstack designate 2015.1.0
debian debian_linux 10.0
openstack designate 1.0.0
debian debian_linux 8.0
debian debian_linux 9.0
CVE-2015-5695 MEDIUM

Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted resource record set.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
openstack designate 2015.1.0
openstack designate 1.0.0.0b1
openstack designate 1.0.0a0
CVE-2015-7514 MEDIUM

OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after use, which allows remote authenticated users to obtain sensitive information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openstack ironic 4.2.1
openstack ironic 4.2.0
CVE-2015-7546 MEDIUM

The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers, which allows remote authenticated users to bypass intended access restrictions and gain access to cloud resources by manipulating byte fields within a revoked token.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 1.6 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-522,

Products Affected

Vendor Product Version
openstack keystone *
openstack keystonemiddleware *
oracle solaris 11.3
CVE-2015-7548 LOW

OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openstack nova *
CVE-2015-7713 MEDIUM

OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
openstack nova *
CVE-2015-8234 MEDIUM

The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
openstack glance 11.0.0
CVE-2015-8466 MEDIUM

Swift3 before 1.9 allows remote attackers to conduct replay attacks via an Authorization request that lacks a Date header.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
fedoraproject fedora 23
openstack swift3 *
CVE-2015-8749 MEDIUM

The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openstack nova *
CVE-2015-8914 MEDIUM

The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
openstack neutron *
CVE-2015-9543 LOW

An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is related to NovaProxyRequestHandlerBase.new_websocket_client in console/websocketproxy.py.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 1.8 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openstack nova *
CVE-2016-0737 MEDIUM

OpenStack Object Storage (Swift) before 2.4.0 does not properly close client connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
openstack swift *
CVE-2016-0738 MEDIUM

OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
openstack swift *
openstack swift 2.5.0
openstack swift 2.4.0
CVE-2016-0757 MEDIUM

OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x before 11.0.2 (liberty), when show_multiple_locations is enabled, allow remote authenticated users to change image status and upload new image data by removing the last location of an image.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
openstack image_registry_and_delivery_service_(glance) 2015.1.2
openstack image_registry_and_delivery_service_(glance) 11.0.1
openstack image_registry_and_delivery_service_(glance) 11.0.0
CVE-2016-2140 LOW

The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) and 12.0.x before 12.0.3 (liberty), when using raw storage and use_cow_images is set to false, allows remote authenticated users to read arbitrary files via a crafted qcow2 header in an ephemeral or root disk.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openstack nova *
CVE-2016-4428 LOW

Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
redhat openstack 6.0
redhat openstack 8
openstack horizon *
redhat openstack 7.0
openstack horizon 9.0.1
openstack horizon 9.0.0
debian debian_linux 8.0
debian debian_linux 9.0
redhat openstack 5.0
CVE-2016-4972 HIGH

OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), Murano-dashboard before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), and python-muranoclient before 0.7.3 (liberty) and 0.8.x before 0.8.5 (mitaka) improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files, which allows remote attackers to create arbitrary Python objects and execute arbitrary code via crafted extended YAML tags in UI definitions in packages.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
openstack murano-dashboard *
openstack mitaka-murano *
openstack murano *
openstack python-muranoclient *
CVE-2016-5362 MEDIUM

The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
openstack neutron *
CVE-2016-5363 MEDIUM

The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via (1) a crafted DHCP discovery message or (2) crafted non-IP traffic.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-254,

Products Affected

Vendor Product Version
openstack neutron 7.0.4
openstack neutron 8.1.0
openstack neutron 8.0.0
openstack neutron 7.0.2
openstack neutron 7.0.3
openstack neutron 7.0.1
openstack neutron 7.0.0
CVE-2016-5737 MEDIUM

The Gerrit configuration in the Openstack Puppet module for Gerrit (aka puppet-gerrit) improperly marks text/html as a safe mimetype, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a crafted review.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
openstack puppet-gerrit -
CVE-2016-6519 LOW

Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
redhat openstack 8
redhat openstack 7.0
openstack manila *
redhat openstack 9
CVE-2016-7404 HIGH

OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openstack magnum -
CVE-2016-7498 MEDIUM

OpenStack Compute (nova) 13.0.0 does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state. NOTE: this vulnerability exists because of a CVE-2015-3280 regression.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
openstack compute_(nova) 13.0.0
CVE-2016-8611 MEDIUM

A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 `/images` API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-20,

Products Affected

Vendor Product Version
openstack glance *
CVE-2016-9185 MEDIUM

In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are <=5.0.3, >=6.0.0 <=6.1.0, and ==7.0.0.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openstack heat 7.0.0
openstack heat 6.0.0
openstack heat 5.0.3
openstack heat 6.1.0
CVE-2016-9590 MEDIUM

puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage (swift). During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
redhat openstack 8
redhat openstack 10
openstack puppet-swift *
redhat openstack 9
CVE-2016-9599 MEDIUM

puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gain access to unauthorized resources.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,CWE-284,

Products Affected

Vendor Product Version
redhat openstack 10
openstack puppet-tripleo 5.5.0
openstack puppet-tripleo 6.2.0
CVE-2017-1000366 HIGH

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
redhat enterprise_linux 6.0
suse linux_enterprise_server 12
openstack cloud_magnum_orchestration 7
redhat enterprise_linux_server_eus 6.7
suse linux_enterprise_software_development_kit 12.0
redhat enterprise_linux_server_aus 6.2
redhat enterprise_linux 5
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_aus 7.3
suse linux_enterprise_for_sap 12
suse linux_enterprise_server 11
redhat enterprise_linux_server_aus 5.9
suse linux_enterprise_software_development_kit 11.0
suse linux_enterprise_server 10
suse linux_enterprise_server_for_raspberry_pi 12
redhat enterprise_linux 7.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server_aus 6.6
redhat enterprise_linux_server_aus 6.5
redhat enterprise_linux_server_aus 6.4
mcafee web_gateway *
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_eus 7.2
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server 6.6
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_eus 7.3
redhat enterprise_linux_server_aus 7.4
gnu glibc *
redhat enterprise_linux_server_eus 6.2
opensuse leap 42.2
debian debian_linux 9.0
redhat enterprise_linux_server_eus 6.5
redhat enterprise_linux_server_tus 7.2
redhat enterprise_linux_server_tus 6.5
redhat enterprise_linux_workstation 7.0
novell suse_linux_enterprise_server 11.0
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.2
redhat enterprise_linux_workstation 6.0
novell suse_linux_enterprise_desktop 12.0
redhat enterprise_linux_server_tus 6.6
redhat enterprise_linux_server_long_life 5.9
novell suse_linux_enterprise_point_of_sale 11.0
debian debian_linux 8.0
CVE-2017-12440 MEDIUM

Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with knowledge of trust IDs where Aodh is the trustee to obtain a Keystone token and perform unspecified authenticated actions by adding an alarm action with the scheme trust+http, and providing a trust id where Aodh is the trustee.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-306,

Products Affected

Vendor Product Version
openstack openstack 07132017
CVE-2017-15139 MEDIUM

A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-200,

Products Affected

Vendor Product Version
redhat openstack 13
redhat openstack 10
openstack cinder *
CVE-2017-16239 MEDIUM

In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through 16.0.2, by rebuilding an instance, an authenticated user may be able to circumvent the Filter Scheduler bypassing imposed filters (for example, the ImagePropertiesFilter or the IsolatedHostsFilter). All setups using Nova Filter Scheduler are affected. Because of the regression described in Launchpad Bug #1732947, the preferred fix is a 14.x version after 14.0.10, a 15.x version after 15.0.8, or a 16.x version after 16.0.3.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
openstack nova 16.0.2
openstack nova 15.0.7
openstack nova 15.0.2
openstack nova 15.0.3
openstack nova 16.0.1
openstack nova 15.0.0
openstack nova 15.0.5
openstack nova *
openstack nova 15.0.1
openstack nova 16.0.0
openstack nova 15.0.6
openstack nova 15.0.4
CVE-2017-16613 HIGH

An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI. This allows attackers to bypass authentication by inserting a token into an X-Auth-Token header of a new request. NOTE: github.com/openstack/swauth URLs do not mean that Swauth is maintained by an official OpenStack project team.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-287,

Products Affected

Vendor Product Version
openstack swauth *
openstack swift *
debian debian_linux 9.0
CVE-2017-17051 MEDIUM

An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regression was introduced with the fix for OSSA-2017-005 (CVE-2017-16239); however, only Nova stable/pike or later deployments with that fix applied and relying on the default FilterScheduler are affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,

Products Affected

Vendor Product Version
openstack nova 16.0.3
CVE-2017-18017 HIGH

The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
redhat enterprise_linux_server_tus 7.6
suse linux_enterprise_real_time_extension 11
suse linux_enterprise_workstation_extension 12
suse linux_enterprise_server 12
redhat enterprise_linux_server_tus 7.3
suse linux_enterprise_software_development_kit 11
suse caas_platform *
openstack cloud_magnum_orchestration 7
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.3
suse linux_enterprise_high_availability 12
suse linux_enterprise_high_availability_extension 11
suse linux_enterprise_server 11
suse linux_enterprise_point_of_sale 11
f5 arx *
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server_tus 7.4
opensuse leap 42.3
suse linux_enterprise_real_time_extension 12
suse linux_enterprise_debuginfo 11
redhat enterprise_linux_for_real_time_for_nfv 7
suse openstack_cloud 6
arista eos *
debian debian_linux 7.0
suse linux_enterprise_desktop 12
canonical ubuntu_linux 14.04
redhat enterprise_linux_eus 7.3
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 7.0
linux linux_kernel *
redhat enterprise_linux_eus 7.6
redhat mrg_realtime 2.0
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server 7.0
suse linux_enterprise_module_for_public_cloud 12
arista eos 4.20.1fx-virtual-router
suse linux_enterprise_live_patching 12
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_for_real_time 7
suse linux_enterprise_software_development_kit 12
debian debian_linux 8.0
CVE-2017-18191 HIGH

An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
openstack nova *
redhat openstack 10
redhat openstack 12
redhat openstack 9
CVE-2017-2592 LOW

python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens).

CVSS 2.0

Severity: LOW

Problem Type: CWE-532,CWE-532,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
openstack oslo.middleware *
CVE-2017-2621 LOW

An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-552,CWE-532,

Products Affected

Vendor Product Version
redhat openstack 10
openstack heat *
redhat openstack 9
CVE-2017-2627 HIGH

A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. The sudoers file as installed with OSP's openstack-tripleo-common package is much too permissive. It contains several lines for the mistral user that have wildcards that allow directory traversal with '..' and it grants full passwordless root access to the validations user.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
openstack tripleo-common -
redhat openstack 10
redhat openstack 11
CVE-2017-5936 MEDIUM

OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
openstack nova-lxd *
canonical ubuntu_linux 16.04
CVE-2017-7200 MEDIUM

An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to enumerate internal network details while appearing masked, since the scan would appear to originate from the Glance Image service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
openstack glance *
CVE-2017-7214 MEDIUM

An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-532,

Products Affected

Vendor Product Version
openstack nova 13.0.0
openstack nova 14.0.1
openstack nova 15.0.0
openstack nova 13.1.1
openstack nova 13.1.2
openstack nova 13.1.0
openstack nova 13.1.3
openstack nova 15.0.1
openstack nova 14.0.2
openstack nova 14.0.3
openstack nova 14.0.4
openstack nova 14.0.0
CVE-2017-7400 LOW

OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
openstack horizon 10.0.0
openstack horizon 11.0.0
openstack horizon 10.0.1
openstack horizon 10.0.2
openstack horizon 9.1.0
openstack horizon 9.0.1
openstack horizon 9.0.0
openstack horizon 9.1.1
CVE-2017-7543 MEDIUM

A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,CWE-362,

Products Affected

Vendor Product Version
redhat openstack 6.0
redhat openstack 8
redhat openstack 10
redhat openstack 7.0
openstack neutron *
redhat openstack 11
redhat openstack 9
CVE-2017-7549 LOW

A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.

CVSS 2.0

Severity: LOW

Problem Type: CWE-377,CWE-59,

Products Affected

Vendor Product Version
openstack instack-undercloud 5.3.0
openstack instack-undercloud 7.2.0
openstack instack-undercloud 6.1.0
CVE-2017-8761 MEDIUM

In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openstack swift *
openstack swift 2.14.0
CVE-2018-10898 MEDIUM

A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-798,CWE-798,

Products Affected

Vendor Product Version
redhat openstack 13
openstack tripleo_heat_templates *
CVE-2018-14432 LOW

In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access, leaking all projects in the deployment and their attributes. Only Keystone with the /v3/OS-FEDERATION endpoint enabled via policy.json is affected.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openstack keystone *
redhat openstack 13
redhat openstack 10
openstack keystone 13.0.0
openstack keystone 12.0.0
debian debian_linux 9.0
redhat openstack 12
CVE-2018-14635 MEDIUM

When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside of the allowed allocation pool. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3 and 11.0.5 are vulnerable.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-20,

Products Affected

Vendor Product Version
redhat openstack 13
redhat openstack 10
openstack neutron *
openstack neutron 13.0.0.0
redhat openstack 12
CVE-2018-14636 LOW

Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively down prior to live-migration and kept down after the migration is complete. This is possible due to the Open vSwitch integration bridge being connected to the instance during migration. When connected to the integration bridge, all traffic for instances using the same Open vSwitch instance would potentially be visible to the migrated guest, as the required Open vSwitch VLAN filters are only applied post-migration. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3, 11.0.5 are vulnerable.

CVSS 2.0

Severity: LOW

Problem Type: CWE-300,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
openstack neutron 13.0.0
openstack neutron *
CVE-2018-16856 MEDIUM

In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowing for information exposure.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-532,CWE-532,

Products Affected

Vendor Product Version
redhat openstack 13
redhat openstack 14
openstack octavia *
redhat openstack 12
CVE-2018-20170 MEDIUM

OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should have an OpenStack Security Advisory

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
openstack keystone *
CVE-2019-10141 MEDIUM

A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's node_cache.find_node(). This function makes a SQL query using unfiltered data from a server reporting inspection results (by a POST to the /v1/continue endpoint). Because the API is unauthenticated, the flaw could be exploited by an attacker with access to the network on which ironic-inspector is listening. Because of how ironic-inspector uses the query results, it is unlikely that data could be obtained. However, the attacker could pass malicious data and create a denial of service.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,CWE-89,

Products Affected

Vendor Product Version
redhat openstack 13
redhat openstack 10
redhat openstack 14
openstack ironic-inspector *
redhat openstack 9
CVE-2019-10876 MEDIUM

An issue was discovered in OpenStack Neutron 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By creating two security groups with separate/overlapping port ranges, an authenticated user may prevent Neutron from being able to configure networks on any compute nodes where those security groups are present, because of an Open vSwitch (OVS) firewall KeyError. All Neutron deployments utilizing neutron-openvswitch-agent are affected.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat openstack 13
openstack neutron *
redhat openstack 14
CVE-2019-14433 MEDIUM

An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-209,

Products Affected

Vendor Product Version
openstack nova *
redhat openstack 13
redhat openstack 10
canonical ubuntu_linux 19.04
redhat openstack 14
canonical ubuntu_linux 16.04
debian debian_linux 10.0
canonical ubuntu_linux 18.04
CVE-2019-15753 MEDIUM

In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instances belonging to other tenants sharing the same network. Only deployments using the linuxbridge backend are affected. This occurs in PyRoute2.add() in internal/command/ip/linux/impl_pyroute2.py.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,

Products Affected

Vendor Product Version
openstack os-vif 1.16.0
openstack os-vif *
CVE-2019-19687 LOW

OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforce_scope is false. Users with a role on a project are able to view any other users' credentials, which could (for example) leak sign-on information for Time-based One Time Passwords (TOTP). Deployments with enforce_scope set to false are affected. (There will be a slight performance impact for the list credentials API once this issue is fixed.)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-522,

Products Affected

Vendor Product Version
openstack keystone 15.0.0
openstack keystone 16.0.0
CVE-2019-3830 LOW

A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: LOW

Problem Type: CWE-532,CWE-532,

Products Affected

Vendor Product Version
redhat openstack 10
openstack ceilometer *
CVE-2019-3895 MEDIUM

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested to spawn new amphorae, Octavia would then pick up the compromised image.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.0 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 2.1 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,NVD-CWE-Other,

Products Affected

Vendor Product Version
openstack octavia *
redhat openstack 12
CVE-2019-9735 MEDIUM

An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option (for example, VRRP), an authenticated user may block further application of security group rules for instances from any project/tenant on the compute hosts to which it's applied. (Only deployments using the iptables security group driver are affected.)

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-755,

Products Affected

Vendor Product Version
redhat openstack 13
redhat openstack 10
openstack neutron *
redhat openstack 14
debian debian_linux 9.0
CVE-2020-12689 MEDIUM

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-269,

Products Affected

Vendor Product Version
openstack keystone *
openstack keystone 16.0.0
canonical ubuntu_linux 18.04
CVE-2020-12690 MEDIUM

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. This results in the provided keystone token having more role assignments than the creator intended, possibly giving unintended escalated access.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-613,

Products Affected

Vendor Product Version
openstack keystone *
openstack keystone 16.0.0
CVE-2020-12691 MEDIUM

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
openstack keystone *
openstack keystone 16.0.0
canonical ubuntu_linux 18.04
CVE-2020-12692 MEDIUM

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N 2.8 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-294,CWE-347,

Products Affected

Vendor Product Version
openstack keystone *
openstack keystone 16.0.0
canonical ubuntu_linux 18.04
CVE-2020-17376 MEDIUM

An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployments allowing host-based connections (for instance, root and ephemeral devices) are affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.3 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L 2.8 5.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
openstack nova *
openstack nova 21.0.0
CVE-2020-26943 HIGH

An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under (because the Python eval function is used). This may result in Horizon host unauthorized access and further compromise of the Horizon service. All setups using the Horizon dashboard with the blazar-dashboard plugin are affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
openstack blazar-dashboard 2.0.0
openstack blazar-dashboard *
openstack blazar-dashboard 3.0.0
CVE-2020-29565 MEDIUM

An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provided malicious URL.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,

Products Affected

Vendor Product Version
openstack horizon *
debian debian_linux 10.0
CVE-2020-9543 MEDIUM

OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.3 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L 2.8 5.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-276,

Products Affected

Vendor Product Version
openstack manila *
CVE-2021-20267 MEDIUM

A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations. Only deployments using the Open vSwitch driver are affected. Source: OpenStack project. Versions before openstack-neutron 15.3.3, openstack-neutron 16.3.1 and openstack-neutron 17.1.1 are affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H 2.8 4.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-345,

Products Affected

Vendor Product Version
redhat openstack_platform 16.1
openstack neutron 18.0.0
redhat openstack_platform 10.0
openstack neutron *
redhat openstack_platform 13.0
redhat openstack_platform 16.2
CVE-2021-3563

A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.

Products Affected

Vendor Product Version
redhat openstack_platform 16.1
openstack keystone *
debian debian_linux 11.0
redhat openstack_platform 10.0
redhat openstack_platform 13.0
redhat openstack_platform 16.2
debian debian_linux 10.0
CVE-2021-3585

A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
openstack tripleo_heat_templates *
CVE-2021-3654 MEDIUM

A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-601,CWE-601,

Products Affected

Vendor Product Version
redhat openstack_platform 16.1
openstack nova *
redhat openstack_platform 16.2
CVE-2021-38155 MEDIUM

OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). By guessing the name of an account and failing to authenticate multiple times, any unauthenticated actor could both confirm the account exists and obtain that account's corresponding UUID, which might be leveraged for other unrelated attacks. All deployments enabling security_compliance.lockout_failure_attempts are affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-307,

Products Affected

Vendor Product Version
openstack keystone *
CVE-2021-38598 MEDIUM

OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the hardware addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-290,

Products Affected

Vendor Product Version
openstack neutron 18.0.0
openstack neutron *
CVE-2021-40085 MEDIUM

An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 11.0
openstack neutron *
debian debian_linux 10.0
debian debian_linux 9.0
CVE-2021-40797 MEDIUM

An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-772,

Products Affected

Vendor Product Version
openstack neutron *
CVE-2021-4180 MEDIUM

An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would give sensitive information which may aid in additional system exploitation. This flaw affects openstack-tripleo-heat-templates versions prior to 11.6.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 2.8 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,CWE-668,

Products Affected

Vendor Product Version
redhat openstack 13
redhat openstack 16.1
openstack tripleo_heat_templates *
redhat openstack 16.2
CVE-2022-0718

A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

Products Affected

Vendor Product Version
redhat openstack_platform 16.1
debian debian_linux 11.0
redhat openshift_container_platform 4.0
openstack oslo.utils *
openstack oslo.utils 4.12.0
debian debian_linux 10.0
CVE-2022-23451

An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H 2.8 5.2

Products Affected

Vendor Product Version
redhat openstack_platform 16.1
redhat openstack_platform 13.0
openstack barbican *
redhat openstack_platform 16.2
CVE-2022-23452

An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 1.2 3.6

Products Affected

Vendor Product Version
redhat openstack_platform 16.1
openstack barbican *
CVE-2022-2447

A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.6 MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H 0.7 5.9

Products Affected

Vendor Product Version
redhat openstack_platform 16.1
redhat quay 3.0.0
openstack keystone -
redhat storage 3.0
redhat openstack_platform 16.2
CVE-2022-3100

A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API.

Products Affected

Vendor Product Version
redhat openstack 13
redhat openstack 17
redhat openstack_for_ibm_power 16.1
redhat openstack 16.1
openstack barbican -
redhat openstack_platform 13.0
redhat openstack_for_ibm_power 13
redhat openstack_for_ibm_power 16.2
redhat openstack 16.2
CVE-2022-3101

A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file, leading to information disclosure of important configuration details from the OpenStack deployment.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
redhat openstack_for_ibm_power 16.1
redhat openstack 16.1
openstack tripleo_ansible -
redhat openstack_for_ibm_power 16.2
redhat openstack 16.2
CVE-2022-3146

A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information disclosure of important configuration details from the OpenStack deployment.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
redhat openstack_for_ibm_power 16.1
redhat openstack 16.1
openstack tripleo_ansible -
redhat openstack_for_ibm_power 16.2
redhat openstack 16.2
CVE-2022-3277

An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
redhat openstack_platform 16.1
openstack neutron *
redhat openstack_platform 13.0
redhat openstack_platform 16.2
CVE-2022-37394

An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnic_type, creating an instance bound to that port, and then changing the vnic_type of the bound port to macvtap, an authenticated user may cause the compute service to fail to restart, resulting in a possible denial of service. Only Nova deployments configured with SR-IOV are affected.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.3 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 1.8 1.4

Products Affected

Vendor Product Version
openstack nova *
CVE-2022-38060

A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges.

Products Affected

Vendor Product Version
openstack kolla -
CVE-2022-4134

A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 2.8 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N 1.3 1.4

Products Affected

Vendor Product Version
openstack glance *
redhat openstack 13
redhat openstack 17
redhat openstack 16.1
redhat openstack 16.2
CVE-2022-45582

Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

Products Affected

Vendor Product Version
openstack horizon *
CVE-2022-47950

An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed).

Products Affected

Vendor Product Version
openstack swift *
openstack swift 2.30.0
debian debian_linux 10.0
CVE-2022-47951

An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.

Products Affected

Vendor Product Version
openstack glance *
openstack nova *
debian debian_linux 11.0
openstack cinder *
debian debian_linux 10.0
CVE-2023-1625

An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 7.4 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L 3.1 3.7
nvd@nist.gov 5.0 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 3.1 1.4

Products Affected

Vendor Product Version
redhat openstack_platform 16.1
openstack heat -
redhat openstack_platform 13.0
redhat openstack_platform 17.0
redhat openstack_platform 16.2
CVE-2023-1633

A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
secalert@redhat.com 6.6 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L 1.8 4.7

Products Affected

Vendor Product Version
redhat openstack_platform 16.1
openstack barbican -
redhat openstack_platform 17.0
redhat openstack_platform 16.2
CVE-2023-1636

A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.0 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 3.1 1.4
secalert@redhat.com 6.0 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L 1.8 3.7

Products Affected

Vendor Product Version
redhat openstack_platform 16.1
openstack barbican -
redhat openstack_platform 17.0
redhat openstack_platform 16.2
CVE-2024-1141

A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level is enabled.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6
secalert@redhat.com 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 1.8 3.6

Products Affected

Vendor Product Version
openstack glance-store *
openstack glacne_store -
CVE-2024-28718

An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the cert_manager.py. component.

Products Affected

Vendor Product Version
openstack magnum -
CVE-2024-29156

In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information.

Products Affected

Vendor Product Version
openstack yaql *
openstack murano *
CVE-2024-32498

An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected.

Products Affected

Vendor Product Version
openstack glance *
openstack nova *
openstack cinder *
openstack glance 27.0.0
openstack cinder 24.0.0
CVE-2024-40767

In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Nova deployments are affected. NOTE: this issue exists because of an incomplete fix for CVE-2022-47951 and CVE-2024-32498.

Products Affected

Vendor Product Version
openstack nova *
CVE-2026-28370

In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise of the Vitrage service. All deployments exposing the Vitrage API are affected. This occurs in _create_query_function in vitrage/graph/query.py.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 2.3 6.0

Products Affected

Vendor Product Version
openstack vitrage *