Product:

Essex

(Openstack)
Repositories https://github.com/openstack/nova
https://github.com/openstack/keystone
https://github.com/openstack/glance
https://github.com/puppetlabs/puppetlabs-cinder
#Vulnerabilities 15
Date Id Summary Products Score Patch Annotated
2012-09-05 CVE-2012-3542 OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540. Essex, Horizon N/A
2013-03-22 CVE-2013-1838 OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function. Ubuntu_linux, Essex, Folsom, Grizzly N/A
2013-03-22 CVE-2013-0335 OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port. Ubuntu_linux, Essex, Folsom, Grizzly N/A
2013-03-08 CVE-2013-0266 manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files. Essex, Folsom N/A
2013-03-08 CVE-2013-0261 (1) installer/basedefs.py and (2) modules/ospluginutils.py in PackStack allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp. Essex, Folsom N/A