Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2017:3227
HistoryNov 15, 2017 - 1:08 p.m.

(RHSA-2017:3227) Moderate: openstack-aodh security update

2017-11-1513:08:36
access.redhat.com
12

0.005 Low

EPSS

Percentile

76.4%

JSON

openstack-aodh provides the ability to trigger actions based on defined rules against metric or event data collected by OpenStack Telemetry (ceilometer) or Time-Series-Database-as-a-Service (gnocchi).

Security Fix(es):

  • A verification flaw was found in openstack-aodh. As part of an HTTP alarm action, a user could pass in a trust ID. However, the trust could be from anyone because it was not verified. Because the trust was then used by openstack-aodh to obtain a keystone token for the alarm action, a malicious user could pass in another person’s trust ID and obtain a keystone token containing the delegated authority of that user. (CVE-2017-12440)

This issue was discovered by Luke Hinds (Red Hat). Upstream acknowledges Zane Bitter (Red Hat) as the original reporter.

OSVersionArchitecturePackageVersionFilename
RedHat7noarchopenstack-aodh-listener< 3.0.4-1.el7ostopenstack-aodh-listener-3.0.4-1.el7ost.noarch.rpm
RedHat7noarchpython-aodh-tests< 3.0.4-1.el7ostpython-aodh-tests-3.0.4-1.el7ost.noarch.rpm
RedHat7noarchopenstack-aodh-evaluator< 3.0.4-1.el7ostopenstack-aodh-evaluator-3.0.4-1.el7ost.noarch.rpm
RedHat7noarchopenstack-aodh-compat< 3.0.4-1.el7ostopenstack-aodh-compat-3.0.4-1.el7ost.noarch.rpm
RedHat7noarchopenstack-aodh-notifier< 3.0.4-1.el7ostopenstack-aodh-notifier-3.0.4-1.el7ost.noarch.rpm
RedHat7noarchpython-aodh< 3.0.4-1.el7ostpython-aodh-3.0.4-1.el7ost.noarch.rpm
RedHat7noarchopenstack-aodh-common< 3.0.4-1.el7ostopenstack-aodh-common-3.0.4-1.el7ost.noarch.rpm
RedHat7noarchopenstack-aodh-api< 3.0.4-1.el7ostopenstack-aodh-api-3.0.4-1.el7ost.noarch.rpm
RedHat7noarchopenstack-aodh-expirer< 3.0.4-1.el7ostopenstack-aodh-expirer-3.0.4-1.el7ost.noarch.rpm

Related

nessus 3
github 1
veracode 2
cvelist 1
redhatcve 1
cve 1
osv 1
ubuntucve 1
debian 2
redhat 1
openvas 1
prion 1
nvd 1
debiancve 1
nessus
nessus
RHEL 7 : openstack-aodh (RHSA-2018:0315)
2024-04-27 00:00:00
RHEL 7 : openstack-aodh (RHSA-2017:3227)
2024-04-27 00:00:00
Debian DSA-3953-1 : aodh - security update
2017-08-24 00:00:00
github
github
Openstack Aodh can be used to launder Keystone trusts
2022-05-13 01:42:42
veracode
veracode
Authorisation Bypass
2017-09-08 05:40:41
Authorisation Bypass
2019-01-15 09:20:57
cvelist
cvelist
CVE-2017-12440
2017-08-18 14:00:00
redhatcve
redhatcve
CVE-2017-12440
2017-08-17 14:49:00
cve
cve
CVE-2017-12440
2017-08-18 14:29:00
osv
osv
aodh - security update
2017-08-23 00:00:00
ubuntucve
ubuntucve
CVE-2017-12440
2017-08-18 00:00:00
debian
debian
[SECURITY] [DSA 3953-1] aodh security update
2017-08-23 20:02:57
[SECURITY] [DSA 3953-1] aodh security update
2017-08-23 20:02:57
redhat
redhat
(RHSA-2018:0315) Moderate: openstack-aodh security update
2018-02-13 16:04:44
openvas
openvas
Debian: Security Advisory (DSA-3953-1)
2017-08-22 00:00:00
prion
prion
Code injection
2017-08-18 14:29:00
nvd
nvd
CVE-2017-12440
2017-08-18 14:29:00
debiancve
debiancve
CVE-2017-12440
2017-08-18 14:29:00

0.005 Low

EPSS

Percentile

76.4%

JSON
Related for RHSA-2017:3227
nessus3github1veracode2cvelist1redhatcve1cve1osv1ubuntucve1debian2redhat1openvas1prion1nvd1debiancve1