Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openstack_platform
(Redhat)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 37 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2023-09-15 | CVE-2022-3261 | A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages during the OpenStack overcloud update run, leading to a disclosure of sensitive information problem. | Openstack_platform | 7.5 | ||
2023-09-20 | CVE-2022-3596 | An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials. | Openstack_platform | 7.5 | ||
2023-09-24 | CVE-2023-1625 | An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system. | Heat, Openstack_platform | 5.0 | ||
2023-09-24 | CVE-2023-1633 | A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials. | Barbican, Openstack_platform | 5.5 | ||
2023-09-24 | CVE-2023-1636 | A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican. | Barbican, Openstack_platform | 5.0 | ||
2024-08-21 | CVE-2024-8007 | A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a man-in-the-middle (MITM) attack. | Openstack_platform | 8.1 | ||
2024-08-02 | CVE-2024-7319 | An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and the CVE-2023-1625 fix applied. | Heat, Openstack_platform | 5.0 | ||
2021-06-02 | CVE-2019-12067 | The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null. | Debian_linux, Fedora, Qemu, Enterprise_linux, Openstack_platform | 6.5 | ||
2020-07-31 | CVE-2020-10731 | A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabled. This flaw causes sVirt, an important isolation mechanism, to be disabled for all running virtual machines. | Openstack_platform | 9.9 | ||
2017-11-27 | CVE-2017-15114 | When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. As no additional authentication is configured this allows these services to connect to libvirtd (which is equivalent to root access). If a vulnerability exists in another service it could, combined with this flaw, be exploited to escalate privileges to gain control over compute nodes. | Openstack_platform | 8.1 |