Filtered by vendor Openstack
Subscriptions
Total
259 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2013-0335 | 3 Canonical, Openstack, Redhat | 5 Ubuntu Linux, Essex, Folsom and 2 more | 2024-11-21 | N/A |
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port. | ||||
CVE-2013-0326 | 2 Debian, Openstack | 2 Debian Linux, Nova | 2024-11-21 | 5.5 Medium |
OpenStack nova base images permissions are world readable | ||||
CVE-2013-0282 | 2 Openstack, Redhat | 2 Keystone, Openstack | 2024-11-21 | N/A |
OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions. | ||||
CVE-2013-0270 | 2 Openstack, Redhat | 2 Keystone, Openstack | 2024-11-21 | N/A |
OpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a large HTTP request, as demonstrated by a long tenant_name when requesting a token. | ||||
CVE-2013-0266 | 2 Openstack, Redhat | 3 Essex, Folsom, Openstack | 2024-11-21 | N/A |
manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files. | ||||
CVE-2013-0261 | 2 Openstack, Redhat | 3 Essex, Folsom, Openstack | 2024-11-21 | N/A |
(1) installer/basedefs.py and (2) modules/ospluginutils.py in PackStack allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp. | ||||
CVE-2013-0247 | 3 Canonical, Openstack, Redhat | 3 Ubuntu Linux, Keystone, Openstack | 2024-11-21 | N/A |
OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service (disk consumption) via many invalid token requests that trigger excessive generation of log entries. | ||||
CVE-2013-0212 | 3 Canonical, Openstack, Redhat | 3 Ubuntu Linux, Image Registry And Delivery Service \(glance\), Openstack | 2024-11-21 | N/A |
store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages. | ||||
CVE-2013-0208 | 3 Canonical, Openstack, Redhat | 4 Ubuntu Linux, Essex, Folsom and 1 more | 2024-11-21 | N/A |
The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter. | ||||
CVE-2012-5625 | 2 Openstack, Redhat | 3 Folsom, Grizzly, Openstack | 2024-11-21 | N/A |
OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV). | ||||
CVE-2012-5571 | 2 Openstack, Redhat | 3 Essex, Folsom, Openstack | 2024-11-21 | N/A |
OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role. | ||||
CVE-2012-5563 | 2 Openstack, Redhat | 2 Folsom, Openstack | 2024-11-21 | N/A |
OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression. | ||||
CVE-2012-5483 | 2 Openstack, Redhat | 2 Keystone, Openstack | 2024-11-21 | N/A |
tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elastic Compute Cloud (Amazon EC2) is configured, uses world-readable permissions for /etc/keystone/ec2rc, which allows local users to obtain access to EC2 services by reading administrative access and secret values from this file. | ||||
CVE-2012-5482 | 1 Openstack | 3 Essex, Folsom, Image Registry And Delivery Service \(glance\) | 2024-11-21 | N/A |
The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573. | ||||
CVE-2012-5476 | 2 Debian, Openstack | 2 Debian Linux, Horizon | 2024-11-21 | 5.5 Medium |
Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value. | ||||
CVE-2012-5474 | 4 Debian, Fedoraproject, Openstack and 1 more | 4 Debian Linux, Fedora, Horizon and 1 more | 2024-11-21 | 5.5 Medium |
The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value. | ||||
CVE-2012-4573 | 2 Openstack, Redhat | 4 Essex, Folsom, Image Registry And Delivery Service \(glance\) and 1 more | 2024-11-21 | N/A |
The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482. | ||||
CVE-2012-4457 | 2 Openstack, Redhat | 2 Keystone, Openstack | 2024-11-21 | N/A |
OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant. | ||||
CVE-2012-4456 | 2 Openstack, Redhat | 2 Keystone, Openstack | 2024-11-21 | N/A |
The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the roles for an arbitrary user or get, create, or delete arbitrary services. | ||||
CVE-2012-4413 | 2 Openstack, Redhat | 2 Keystone, Openstack | 2024-11-21 | N/A |
OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles. |