Product:

Openstack_platform

(Redhat)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 37
Date Id Summary Products Score Patch Annotated
2023-01-18 CVE-2022-3100 A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API. Barbican, Openstack, Openstack_for_ibm_power, Openstack_platform 5.9
2023-03-06 CVE-2022-3277 An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service. Neutron, Openstack_platform 6.5
2023-04-10 CVE-2023-1668 A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow. Open_vswitch, Debian_linux, Fast_datapath, Openshift_container_platform, Openstack_platform, Virtualization 8.2
2023-07-11 CVE-2023-3354 A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service. Fedora, Qemu, Enterprise_linux, Openstack_platform 7.5
2023-07-25 CVE-2023-3637 An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service. Openstack_platform 6.5
2023-09-14 CVE-2023-1108 A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates. Oncommand_workflow_automation, Build_of_quarkus, Decision_manager, Fuse, Integration_camel_k, Integration_service_registry, Jboss_enterprise_application_platform, Jboss_enterprise_application_platform_expansion_pack, Openshift_application_runtimes, Openshift_container_platform, Openshift_container_platform_for_linuxone, Openshift_container_platform_for_power, Openstack_platform, Process_automation, Single_sign\-On, Undertow 7.5
2023-09-15 CVE-2022-3261 A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages during the OpenStack overcloud update run, leading to a disclosure of sensitive information problem. Openstack_platform 7.5
2023-09-20 CVE-2022-3596 An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials. Openstack_platform 7.5
2023-09-24 CVE-2023-1625 An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system. Heat, Openstack_platform 5.0
2023-09-24 CVE-2023-1633 A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials. Barbican, Openstack_platform 5.5