3 matches found
openstack-tripleo-heat-templates: Default ODL deployment uses hard coded administrative credentials
When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials...
Redis CVE-2018-12326 Buffer Overflow Vulnerability
Description Redis is prone to a buffer overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code in the context of a user running the affected application and gain elevated privileges. Failed...
openstack-tripleo-heat-templates: Ceph client keyring is world-readable when deployed by director
A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack...