CVE-2018-17954

🗓️ 03 Apr 2020 07:05:13Reported by microfocusType

Improper privilege management in SUSE OpenStack Cloud allows root users to gain unauthorized access

Reporter	Title	Published	Views	Family All 24
Circl	CVE-2018-17954	3 Apr 202013:58	–	circl
Cvelist	CVE-2018-17954 crowbar provision leaks admin password to all nodes in cleartext	3 Apr 202007:05	–	cvelist
EUVD	EUVD-2018-9695	7 Oct 202500:30	–	euvd
NVD	CVE-2018-17954	3 Apr 202007:15	–	nvd
OSV	SUSE-SU-2020:0311-1 Security update for crowbar-core, crowbar-openstack, openstack-neutron-fwaas, rubygem-crowbar-client	3 Feb 202017:18	–	osv
OSV	SUSE-SU-2020:0640-1 Security update for ardana-cinder, ardana-cobbler, ardana-designate, ardana-extensions-example, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-input-model, ardana-ironic, ardana-keystone, ardana-logging, ardana-monasca, ardana-monasca-transform, ardana-mq, ardana-neutron, ardana-nova, ardana-octavia, ardana-osconfig, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, keepalived, mariadb, openstack-cinder, openstack-dashboard, openstack-dashboard-theme-SUSE, openstack-heat, openstack-heat-templates, openstack-horizon-plugin-designate-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-ironic, openstack-keystone, openstack-monasca-agent, openstack-neutron, openstack-neutron-gbp, openstack-neutron-vsphere, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, openstack-resource-agents, openstack-sahara, openstack-trove, python-cinderlm, python-congressclient, python-designateclient, python-ironic-lib, python-networking-cisco, python-osc-lib, python-oslo.context, python-oslo.rootwrap, python-oslo.serialization, python-oslo.service, python-stevedore, python-taskflow, rubygem-crowbar-client, rubygem-pumavenv-openstack-swift	11 Mar 202011:30	–	osv
OSV	SUSE-SU-2020:0642-1 Security update for ardana-ansible, ardana-cinder, ardana-cobbler, ardana-db, ardana-horizon, ardana-input-model, ardana-monasca, ardana-mq, ardana-nova, ardana-octavia, ardana-osconfig, ardana-tempest, ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, keepalived, openstack-barbican, openstack-ceilometer, openstack-cinder, openstack-dashboard, openstack-dashboard-theme-SUSE, openstack-designate, openstack-heat, openstack-horizon-plugin-designate-ui, openstack-horizon-plugin-ironic-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-horizon-plugin-octavia-ui, openstack-ironic, openstack-ironic-python-agent, openstack-keystone, openstack-magnum, openstack-monasca-agent, openstack-neutron, openstack-neutron-fwaas, openstack-neutron-gbp, openstack-neutron-vpnaas, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, openstack-sahara, openstack-swift, python-amqp, python-ironic-lib, python-keystoneauth1, python-keystoneclient, python-keystonemiddleware, python-ovs, supportutils-plugin-suse-openstack-cloud, rubygem-crowbar-client, rubygem-puma, venv-openstack-horizon	11 Mar 202011:33	–	osv
OSV	SUSE-SU-2020:2876-1 Security update for ardana-ansible, ardana-cinder, ardana-cobbler, ardana-installer-ui, ardana-opsconsole-ui, ardana-osconfig, crowbar-core, grafana, grafana-natel-discrete-panel, openstack-cinder, openstack-dashboard, openstack-ironic, openstack-ironic-python-agent, openstack-manila, openstack-neutron, openstack-neutron-infoblox, openstack-nova, python-Flask-Cors, rubygem-crowbar-client, storm, storm-kit, venv-openstack-cinder, venv-openstack-horizon	7 Oct 202011:40	–	osv
OSV	SUSE-SU-2020:2911-1 Security update for ansible, crowbar-core, crowbar-openstack, grafana, grafana-natel-discrete-panel, openstack-aodh, openstack-barbican, openstack-cinder, openstack-gnocchi, openstack-heat, openstack-ironic, openstack-magnum, openstack-manila, openstack-monasca-agent, openstack-murano, openstack-neutron, openstack-neutron-vpnaas, openstack-nova, openstack-sahara, python-Pillow, rubygem-crowbar-client	13 Oct 202014:46	–	osv
Prion	Input validation	3 Apr 202007:15	–	prion

NVD

Node

suse openstack_cloudMatch7.0

suse openstack_cloudMatch8.0

suse openstack_cloudMatch9.0

suse openstack_cloud_crowbarMatch8.0

suse openstack_cloud_crowbarMatch9.0

[
  {
    "vendor": "SUSE",
    "product": "SUSE OpenStack Cloud 7",
    "versions": [
      {
        "version": "crowbar-core",
        "status": "affected",
        "lessThan": "4.0+git.1578392992.fabfd186c-9.63.1, crowbar-",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "SUSE",
    "product": "SUSE OpenStack Cloud 8",
    "versions": [
      {
        "version": "ardana-cinder",
        "status": "affected",
        "lessThan": "8.0+git.1579279939.ee7da88-3.39.3, ardana-",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "SUSE",
    "product": "SUSE OpenStack Cloud 9",
    "versions": [
      {
        "version": "ardana-ansible",
        "status": "affected",
        "lessThan": "9.0+git.1581611758.f694f7d-3.16.1, ardana-",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "SUSE",
    "product": "SUSE OpenStack Cloud Crowbar 8",
    "versions": [
      {
        "version": "crowbar-core",
        "status": "affected",
        "lessThan": "5.0+git.1582968668.1a55c77c5-3.35.4, crowbar-",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "SUSE",
    "product": "SUSE OpenStack Cloud Crowbar 9",
    "versions": [
      {
        "version": "crowbar-core",
        "status": "affected",
        "lessThan": "6.0+git.1582892022.cbd70e833-3.19.3, crowbar-",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
bugzilla	www.bugzilla.suse.com/show_bug.cgi

21 Nov 2024 03:55Current

7.8High risk

Vulners AI Score7.8

CVSS 27.2

CVSS 3.17.8 - 9.3

EPSS0.00042

CWE-269