PYSEC-2019-192

A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens...

CVE-2019-10138

The CVE-2019-10138 issue affects the python-novajoin plugin used by Red Hat OpenStack Platform (all versions up to 1.1.1). The root cause is insufficient access control in the novajoin API, enabling any keystone-authenticated user to generate FreeIPA tokens. This leads to unauthorized token gener...

openstack-tripleo-common: Allows running new amphorae based on arbitrary images

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested t...

python-novajoin: novajoin API lacks access control

A flaw was discovered in the python-novajoin plugin for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens...

libxslt CVE-2019-13117 Information Disclosure Vulnerability

Description libxslt is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. libxslt 1.1.33 is vulnerable; other versions may also be affected. Technologies Affected Oracle JDKLinux Production Release...

PYSEC-2019-194

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested t...

Denial Of Service (DoS)

Red Hat Enterprise Linux OpenStack Platform provides the facilities for building a private or public infrastructure-as-a-service IaaS cloud running on commonly available physical hardware. This update addresses the following issues: This package rebases mariadb-galera to 5.5.42, fixing an issue...

CVE-2018-16856

In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowi...

CVE-2018-16856

In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowi...

PYSEC-2019-193

In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowi...

Low: Red Hat Security Advisory: Red Hat Enterprise Linux OpenStack Platform security update

An update is now available for Red Hat OpenStack Platform 13.0 Queens. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Remote Code Execution (RCE)

python-rdomanager-oscplugin is vulnerable to remote code execution RCE attacks. The vulnerability exists as a design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default by director listening on...

CVE-2018-16856

In a default Red Hat Openstack Platform Director installation, openstack-octavia creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowing for information exposure...

Moderate: Red Hat Security Advisory: Red Hat Enterprise Linux OpenStack Platform security update

An update is now available for Red Hat OpenStack Platform 12.0 Pike. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Moderate: Red Hat Security Advisory: Red Hat Enterprise Linux OpenStack Platform security update

An update is now available for Red Hat OpenStack Platform 13.0 Queens. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 12.0 director security and bug fix update

An update for memcached is now available for Red Hat OpenStack Platform 12.0 Pike. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2017-2637

A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default by director listening on 0.0.0.0 all interfaces with no-authentication or encryption. Anyone able to make a TCP connection to any comput...

Moderate: Red Hat Bug Fix Advisory: Red Hat OpenStack Platform 9 director Bug Fix Advisory

Updated packages that resolve various issues are now available for Red Hat OpenStack Platform 9.0 director for RHEL 7. Red Hat OpenStack Platform director provides the facilities for deploying and monitoring a private or public infrastructure-as-a-service IaaS cloud based on Red Hat OpenStack...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 10 Security, Bug Fix, and Enhancement Advisory

An update is now available for Red Hat OpenStack Platform 10.0 Newton for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2016-9590

CVE-2016-9590 affects puppet-swift (used by Red Hat OpenStack Platform director to install Object Storage). Root cause: during installation the Puppet script deploys the service and incorrectly removes and then recreates proxy-server.conf with world-readable permissions, enabling information disc...