Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openstack_platform
(Redhat)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 34 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-09-24 | CVE-2023-1633 | A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials. | Barbican, Openstack_platform | 5.5 | ||
| 2023-09-24 | CVE-2023-1636 | A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican. | Barbican, Openstack_platform | 5.0 | ||
| 2022-08-25 | CVE-2021-3979 | A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks. | Fedora, Ceph_storage, Ceph_storage_for_ibm_z_systems, Ceph_storage_for_power, Openshift_container_storage, Openshift_data_foundation, Openstack_platform | 6.5 | ||
| 2022-08-29 | CVE-2022-0718 | A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext. | Debian_linux, Oslo\.utils, Openshift_container_platform, Openstack_platform | 4.9 | ||
| 2022-03-02 | CVE-2021-3654 | A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL. | Nova, Openstack_platform | 6.1 | ||
| 2023-03-06 | CVE-2022-3277 | An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service. | Neutron, Openstack_platform | 6.5 | ||
| 2020-11-12 | CVE-2020-25658 | It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA. | Fedora, Python\-Rsa, Openstack_platform | 5.9 | ||
| 2022-03-16 | CVE-2021-20257 | An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. | Debian_linux, Fedora, Qemu, Codeready_linux_builder, Enterprise_linux, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_power_little_endian, Openstack_platform | 6.5 | ||
| 2022-09-01 | CVE-2022-23452 | An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service. | Barbican, Openstack_platform | 4.9 | ||
| 2022-09-06 | CVE-2022-23451 | An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources. | Barbican, Openstack_platform | 8.1 |