Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Folsom
(Openstack)| Repositories |
• https://github.com/openstack/nova
• https://github.com/openstack/keystone • https://github.com/openstack/glance • https://github.com/puppetlabs/puppetlabs-cinder |
| #Vulnerabilities | 25 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2012-08-20 | CVE-2012-3447 | virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3361. | Folsom, Nova | N/A | ||
| 2012-12-18 | CVE-2012-5563 | OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression. | Folsom | N/A | ||
| 2013-11-02 | CVE-2013-4469 | OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by transferring an image with a large virtual size that does not contain a large amount of data from Glance. NOTE: this issue is due to an incomplete fix for CVE-2013-2096. | Folsom, Grizzly, Havana | N/A | ||
| 2014-02-06 | CVE-2013-4463 | OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) via a compressed QCOW2 image. NOTE: this issue is due to an incomplete fix for CVE-2013-2096. | Folsom, Grizzly, Havana | N/A | ||
| 2013-03-22 | CVE-2013-1865 | OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token. | Ubuntu_linux, Folsom | N/A |