Lucene search
K

92 matches found

Cvelist
Cvelist
added 2019/10/08 5:14 p.m.26 views

CVE-2019-17134

Amphora Images in OpenStack Octavia =0.10.0 =3.0.0 =4.0.0 4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the...

9.4AI score0.02296EPSS
Exploits0References12
UbuntuCve
UbuntuCve
added 2019/10/08 12:0 a.m.18 views

CVE-2019-17134

Amphora Images in OpenStack Octavia =0.10.0 =3.0.0 =4.0.0 4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the...

9.1CVSS6.8AI score0.02296EPSS
Exploits0References2
OSV
OSV
added 2019/07/17 9:41 a.m.5 views

SUSE-SU-2019:1862-1 Security update for ardana and crowbar

This update for ardana and crowbar fixes the following issues: - Restrict rootwrap directories for cinder bsc1132542 - Change Cinder default log level from DEBUG to INFO SCRD-7132 - Remove configuration from migration bsc1126391 - Configurable innodb flush options SCRD-7496 - Secure designate's...

9.8CVSS6.9AI score0.2549EPSS
Exploits0References41
RedHat Linux
RedHat Linux
added 2019/07/10 2:2 p.m.5 views

openstack-tripleo-common: Allows running new amphorae based on arbitrary images

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested t...

8CVSS5.9AI score0.01421EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2019/07/02 8:2 p.m.6 views

openstack-tripleo-common: Allows running new amphorae based on arbitrary images

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested t...

8CVSS5.9AI score0.01421EPSS
Exploits0References6
Veracode
Veracode
added 2019/06/07 5:18 a.m.20 views

Incorrect Access Control

openstack-tripleo-common is vulnerable to Incorrect Access Control. This is due to the library not setting the Amphora image owner id. An attacker thus can create an image with the same tag amphora-image and share it with the service project to cause Octavia to pick up the compromised image...

8CVSS7.6AI score0.01421EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2019/06/03 7:29 p.m.40 views

CVE-2019-3895

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested t...

8CVSS7.8AI score0.01421EPSS
Exploits0References3
NVD
NVD
added 2019/06/03 7:29 p.m.53 views

CVE-2019-3895

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested t...

8CVSS6.5AI score0.01421EPSS
Exploits0References3
PyPA
PyPA
added 2019/06/03 7:29 p.m.7 views

PYSEC-2019-194

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested t...

8CVSS7AI score0.01421EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2019/06/03 7:29 p.m.20 views

CVE-2019-3895

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested t...

8CVSS6.5AI score0.01421EPSS
Exploits0References3
Prion
Prion
added 2019/06/03 7:29 p.m.14 views

Design/Logic Flaw

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested t...

6.8CVSS7.7AI score0.01421EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2019/06/03 7:29 p.m.4 views

UBUNTU-CVE-2019-3895

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested t...

8CVSS5.9AI score0.01421EPSS
Exploits0References4
OSV
OSV
added 2019/06/03 7:29 p.m.60 views

PYSEC-2019-194

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested t...

8CVSS3.2AI score0.01421EPSS
Exploits0References4
Cvelist
Cvelist
added 2019/06/03 6:4 p.m.54 views

CVE-2019-3895

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested t...

5.5CVSS7.7AI score0.01421EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2019/06/03 6:4 p.m.34 views

CVE-2019-3895

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested t...

8CVSS5.8AI score0.01421EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2019/05/27 11:50 p.m.18 views

CVE-2019-3895

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested t...

8CVSS2.8AI score0.01421EPSS
Exploits0References5
OSV
OSV
added 2019/05/06 12:39 p.m.6 views

SUSE-RU-2019:1161-1 Recommended update for ardana-ansible, ardana-cobbler, ardana-db, ardana-heat, ardana-manila, ardana-neutron, ardana-nova, ardana-octavia, ardana-osconfig, ardana-service, ardana-ses, ardana-swift, ardana-tempest, crowbar, crowbar-core, crowbar-ha, crowbar-openstack, documentation-suse-openstack-cloud, galera-python-clustercheck, openstack-dashboard, openstack-ec2-api, openstack-heat, openstack-heat-templates, openstack-horizon-plugin-ironic-ui, openstack-horizon-plugin-magnum-ui, openstack-horizon-plugin-sahara-ui, openstack-ironic, openstack-keystone, openstack-magnum, openstack-manila, openstack-monasca-api, openstack-monasca-notification, openstack-monasca-persister, openstack-murano, openstack-neutron, openstack-neutron-fwaas, openstack-nova, openstack-octavia, openstack-sahara, openstack-swift, openstack-tempest, python-cinderclient, python-cryptography, python-monasca-common, python-networking-hyperv, python-os-brick, python-venvjail, venv-openstack-aodh, venv-openstack-barbican, venv-openstack-ceilometer, venv-openstack-cinder, venv-openstack-designate, venv-openstack-freezer, venv-openstack-glance, venv-openstack-heat, venv-openstack-horizon, venv-openstack-ironic, venv-openstack-keystone, venv-openstack-magnum, venv-openstack-manila, venv-openstack-monasca, venv-openstack-monasca-ceilometer, venv-openstack-murano, venv-openstack-nova, venv-openstack-octavia, venv-openstack-sahara, venv-openstack-swift, venv-openstack-trove

This update for ardana-ansible, ardana-cobbler, ardana-db, ardana-heat, ardana-manila, ardana-neutron, ardana-nova, ardana-octavia, ardana-osconfig, ardana-service, ardana-ses, ardana-swift, ardana-tempest, crowbar, crowbar-core, crowbar-ha, crowbar-openstack, documentation-suse-openstack-cloud,...

8.1CVSS6AI score0.04075EPSS
Exploits0References56
UbuntuCve
UbuntuCve
added 2019/03/26 6:29 p.m.22 views

CVE-2018-16856

In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowi...

7.5CVSS6.8AI score0.00878EPSS
Exploits0References2
PyPA
PyPA
added 2019/03/26 6:29 p.m.7 views

PYSEC-2019-193

In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowi...

7.5CVSS6.7AI score0.00878EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2019/03/26 6:29 p.m.9 views

CVE-2018-16856

In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowi...

7.5CVSS5.8AI score0.00878EPSS
Exploits0References1
Rows per page
Query Builder