92 matches found
RHSA-2019:0567 Red Hat Security Advisory: openstack-octavia security and bug fix update
Bulletin has no description...
Moderate: Red Hat Security Advisory: openstack-tripleo-heat-templates and tripleo-ansible update
An update for openstack-tripleo-heat-templates and tripleo-ansible is now available for Red Hat OpenStack Platform 17.1 for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
RHEL 7 : openstack-octavia (RHSA-2019:3743)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:3743 advisory. The OpenStack Load Balancing service openstack-octavia provides a Load Balancing-as-a-Service LBaaS version 2 implementation for Red Hat OpenStack...
RHEL 7 : openstack-octavia (RHSA-2019:0593)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:0593 advisory. The OpenStack Load Balancing service openstack-octavia provides a Load Balancing-as-a-Service LBaaS version 2 implementation for Red Hat OpenStack...
RHEL 7 : openstack-octavia (RHSA-2019:3788)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:3788 advisory. The OpenStack Load Balancing service openstack-octavia provides a Load Balancing-as-a-Service LBaaS version 2 implementation for Red Hat OpenStack...
RHEL 7 : openstack-octavia (RHSA-2019:0567)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:0567 advisory. The OpenStack Load Balancing service openstack-octavia provides a Load Balancing-as-a-Service LBaaS version 2 implementation for Red Hat OpenStack...
SUSE CVE-2018-16856
In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowi...
SUSE CVE-2019-17134
Amphora Images in OpenStack Octavia =0.10.0 =3.0.0 =4.0.0 4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the...
RHEL 8 : openstack-octavia (RHSA-2020:0721)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0721 advisory. The OpenStack Load Balancing service openstack-octavia provides a Load Balancing-as-a-Service LBaaS version 2 implementation for Red Hat OpenStack...
a10-octavia (>=1.0.0 <=2.2.0) potentially affected by CVE-2021-3563 via keystone (>=15.0.1 <=18.0.0)
keystone PYPI version =15.0.1, =1.0.0, =2.2.0 Source cves: CVE-2021-3563 Source advisory: OSV:GHSA-CC99-WHM5-MMQ3...
a10-octavia (>=2.0.0 <=2.2.0) potentially affected by CVE-2021-38155 via keystone (=18.0.0)
keystone PYPI version =18.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on keystone and may be impacted: - a10-octavia =2.0.0, =2.2.0 Source cves: CVE-2021-38155 Source advisory: OSV:GHSA-4225-97PR-RR52...
a10-octavia (>=1.0.0 <=1.3.3) potentially affected by CVE-2021-38155 via keystone (=15.0.1)
keystone PYPI version =15.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on keystone and may be impacted: - a10-octavia =1.0.0, =1.3.3 Source cves: CVE-2021-38155 Source advisory: OSV:GHSA-4225-97PR-RR52...
OpenStack Octavia Amphora-Agent not requiring Client-Certificate
Amphora Images in OpenStack Octavia =0.10.0 =3.0.0 =4.0.0 4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the...
GHSA-R4V4-3JJ7-JC29 OpenStack Octavia Amphora-Agent not requiring Client-Certificate
Amphora Images in OpenStack Octavia =0.10.0 =3.0.0 =4.0.0 4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the...
Openstack Octavia Access Control Vulnerability
Description An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if...
GHSA-JJGH-M322-FJX6 Openstack Octavia Access Control Vulnerability
Description An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if...
a10-octavia (>=1.0.0 <=2.2.0) potentially affected by CVE-2012-3542 via keystone (>=15.0.1 <=18.0.0)
keystone PYPI version =15.0.1, =1.0.0, =2.2.0 Source cves: CVE-2012-3542 Source advisory: OSV:GHSA-GF2Q-J2QQ-PJF2...
a10-octavia (>=1.0.0 <=2.2.0) potentially affected by CVE-2012-4413 via keystone (>=15.0.1 <=18.0.0)
keystone PYPI version =15.0.1, =1.0.0, =2.2.0 Source cves: CVE-2012-4413 Source advisory: OSV:GHSA-MRXV-65RV-6HXQ...
GHSA-QCJ3-H27M-MP9X Openstack Octavia allows Insertion of Sensitive Information into Log File
In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowi...
Openstack Octavia allows Insertion of Sensitive Information into Log File
In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowi...