OpenStack Security Vulnerabilities

OpenStack is a cloud platform management program of the National Aeronautics and Space Administration NASA. A security vulnerability exists in OpenStack Murano 16.0.0 and prior versions, which stems from the presence of a potential leak of sensitive service account information...

CVE-2024-29156

In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information...

CVE-2024-29156

In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information...

CVE-2024-29156

In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information...

CVE-2023-6725

An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information...

CVE-2023-6725

An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information...

CVE-2023-6725

An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information...

CVE-2023-6725 Tripleo-ansible: bind keys are world readable

An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information...

CVE-2023-6725 Tripleo-ansible: bind keys are world readable

An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information...

CVE-2023-6725

CVE-2023-6725 affects Red Hat OpenStack Platform 17.1 components tripleo-ansible and openstack-tripleo-heat-templates, with a root cause of bind keys being world readable. This could expose private configuration data (e.g., BIND keys) to an attacker with access to the host/container. Remediation ...

CVE-2023-6725

An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information...

CVE-2023-6725

An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information...

OpenStack Designate Security Vulnerability

OpenStack is a cloud platform management program of the National Aeronautics and Space Administration NASA in the U.S. Designate is one of the components used to provide DNSaaS DNS-as-a-Service services for OpenStack. A security vulnerability exists in OpenStack Designate that stems from an acces...

Moderate: Red Hat Security Advisory: Service Telemetry Framework 1.5.4 security update

An update is now available for Service Telemetry Framework 1.5.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

USN-6668-1 python-openstackclient vulnerability

It was discovered that when python-openstackclient attempted to delete a non-existing access rule, it would delete another existing access rule instead, contrary to expectations...

CVE-2023-3976

A flaw was found in /etc/sudoers in Red Hat OpenStack. As a result of this misconfiguration in the sudoers file, the application is allowed to run restricted commands with root privileges. This issue could allow a local authenticated attacker to gain elevated privileges on the system. This flaw i...

UBUNTU-CVE-2023-6110

A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials...

USN-6630-1: Glance_store vulnerability

It was discovered that Glancestore incorrectly handled logging when the DEBUG log level is enabled. A local attacker could use this issue to obtain accesskey values...

CVE-2023-6110

A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials...

OpenStack Security Vulnerabilities

OpenStack is a cloud platform management program of the National Aeronautics and Space Administration NASA. OpenStack has a security vulnerability that stems from the fact that when a user tries to remove an access rule that does not exist in its scope, it removes other existing access rules that...