Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (python-openstackclient) security update

An update for python-openstackclient is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (tripleo-ansible and openstack-tripleo-heat-templates) security update

An update for tripleo-ansible and openstack-tripleo-heat-templates is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

tripleo-ansible: bind keys are world readable

An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information...

RHEL 8 : Red Hat OpenStack Platform 17.1 (tripleo-ansible and openstack-tripleo-heat-templates) (RHSA-2024:2770)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2770 advisory. Heat templates for TripleO TripleO Ansible project repository. Contains playbooks for use with TripleO OpenStack deployments. https://opendev.org...

RHEL 9 : openstack-tripleo-heat-templates and tripleo-ansible update (Moderate) (RHSA-2024:2736)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2736 advisory. openstack-tripleo-heat-templates is a collection of OpenStack Orchestration templates and tools codename heat, which can be used to help deploy...

RHEL 9 : Red Hat OpenStack Platform 17.1 (openstack-ansible-core) (RHSA-2024:2733)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2733 advisory. An ansible-core rebuild for OpenStack based on python 3.9. Security Fixes: HTML attribute injection when passing user input as keys to xmlattr filter...

RHEL 8 : Red Hat OpenStack Platform 17.1 (python-urllib3) (RHSA-2024:2734)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2734 advisory. Python HTTP module with connection pooling and file POST abilities. Security Fixes: Request body not stripped after redirect from 303 status changes...

RHEL 9 : Red Hat OpenStack Platform 17.1 (python-paramiko) (RHSA-2024:2735)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2735 advisory. Paramiko a combination of the esperanto words for paranoid and friend is a module for python 2.3 or greater that implements the SSH2 protocol for...

RHEL 9 : Red Hat OpenStack Platform 17.1 (etcd) (RHSA-2024:2729)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2729 advisory. A highly-available key value store for shared configuration Security Fixes: golang-fips/openssl: Memory leaks in code encrypting and...

RHEL 9 : Red Hat OpenStack Platform 17.1 (python-gunicorn) (RHSA-2024:2727)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2727 advisory. Gunicorn Green Unicorn is a Python WSGI HTTP server for UNIX Security Fixes: HTTP Request Smuggling due to improper validation of Transfer-Encoding...

RHEL 9 : Red Hat OpenStack Platform 17.1 (python-openstackclient) (RHSA-2024:2737)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2737 advisory. python-openstackclient is a unified command-line client for the OpenStack APIs. It is a thin wrapper to the stock python-client modules that implemen...

RHEL 9 : Red Hat OpenStack Platform 17.1 (python-django) (RHSA-2024:2731)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2731 advisory. Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as...

RHEL 9 : Red Hat OpenStack Platform 17.1 (python-glance-store) (RHSA-2024:2732)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2732 advisory. OpenStack image service store library Security Fixes: Glance Store access key logged in DEBUG log level CVE-2024-1141 For more details about the...

RHEL 8 : Red Hat OpenStack Platform 17.1 (python-openstackclient) (RHSA-2024:2769)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2769 advisory. python-openstackclient is a unified command-line client for the OpenStack APIs. It is a thin wrapper to the stock python-client modules that implemen...

RHEL 9 : Red Hat OpenStack Platform 17.1 (collectd-sensubility) (RHSA-2024:2730)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2730 advisory. This project aims to provide the possibility to switch from Sensu-based availability monitoring solution to a monitoring solution based on...

CVE-2024-4840

An flaw was found in the OpenStack Platform RHOSP director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs...

Red Hat OpenStack Platform 安全漏洞

Red Hat OpenStack Platform is a cloud computing management platform from Red Hat, an American company. A security vulnerability exists in Red Hat OpenStack Platform that stems from the possibility that plaintext passwords could be stored in log files, potentially exposing sensitive information to...

CVE-2024-4840 Rhosp-director: cleartext passwords exposed in logs

An flaw was found in the OpenStack Platform RHOSP director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs...

CVE-2024-4840 Rhosp-director: cleartext passwords exposed in logs

An flaw was found in the OpenStack Platform RHOSP director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs...

CVE-2024-4840

CVE-2024-4840 affects OpenStack Platform (RHOSP) director components, where plaintext passwords can be stored in log files if logging is enabled. The vulnerability is linked to the RHOSP 17.1.4 security update (RHSA-2024:9978) and related heat-templates components, which provides the patch to add...