GHSA-RXRM-XVP4-JQVH OpenStack Keystone Sensitive information disclosure via log files

OpenStack Identity Keystone Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the 1 admintoken and 2 LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file...

GHSA-PXXV-RV32-2QGV OpenStack Nova uses insecure keystone middleware tmpdir by default

keystone/middleware/authtoken.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova...

OpenStack Keystone Sensitive information disclosure via log files

OpenStack Identity Keystone Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the 1 admintoken and 2 LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file...

OpenStack Nova uses insecure keystone middleware tmpdir by default

keystone/middleware/authtoken.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova...

GHSA-R7PJ-RVWG-VXHR OpenStack Image Registry and Delivery Service (Glance) Improper Input Validation vulnerability

The Sheepdog backend in OpenStack Image Registry and Delivery Service Glance 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location...

OpenStack Image Registry and Delivery Service (Glance) Improper Input Validation vulnerability

The Sheepdog backend in OpenStack Image Registry and Delivery Service Glance 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location...

GHSA-72P9-6GC7-Q93R OpenStack Neutron Improper Authentication vulnerability

The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command...

OpenStack Neutron Improper Authentication vulnerability

The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command...

GHSA-5644-2V3H-5W4X OpenStack Nova denial of service through compressed disk images

OpenStack Compute Nova Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service host file system disk consumption via a compressed QCOW2 image. NOTE: this issue is due to an incomplete fix for CVE-2013-2096...

OpenStack Nova denial of service through compressed disk images

OpenStack Compute Nova Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service host file system disk consumption via a compressed QCOW2 image. NOTE: this issue is due to an incomplete fix for CVE-2013-2096...

GHSA-P258-XMH3-72PV OpenStack Compute (Nova) allows remote authenticated users to gain privileges via API requests

The Nova EC2 API security group implementation in OpenStack Compute Nova 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for 1 addrules, 2 removerules, 3 destroy, and other unspecified methods in compute/api.py when using non-default policies, which allows...

GHSA-2W87-5QCJ-J6GX OpenStack Compute (Nova) Denial of service due to improper validation of virtual size of QCOW2 image

OpenStack Compute Nova Folsom, Grizzly, and Havana, when usecowimages is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service host file system disk consumption by transferring an image with a large virtual size that does not contai...

GHSA-W429-XC55-HC48 OpenStack Nova host data leak to vm instance in rescue mode

The instance rescue mode in OpenStack Compute Nova 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and usecowimages is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk with a crafted image...

OpenStack Compute (Nova) Denial of service due to improper validation of virtual size of QCOW2 image

OpenStack Compute Nova Folsom, Grizzly, and Havana, when usecowimages is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service host file system disk consumption by transferring an image with a large virtual size that does not contai...

OpenStack Compute (Nova) allows remote authenticated users to gain privileges via API requests

The Nova EC2 API security group implementation in OpenStack Compute Nova 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for 1 addrules, 2 removerules, 3 destroy, and other unspecified methods in compute/api.py when using non-default policies, which allows...

OpenStack Nova host data leak to vm instance in rescue mode

The instance rescue mode in OpenStack Compute Nova 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and usecowimages is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk with a crafted image...

GHSA-V8FQ-GQ9J-3V7H OpenStack Identity (Keystone) UUID v2 tokens does not expire with revocation events

The V3 API in OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issuedat value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification 1 GET or 2 HEAD request to v3/auth/tokens/...

OpenStack Identity (Keystone) UUID v2 tokens does not expire with revocation events

The V3 API in OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issuedat value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification 1 GET or 2 HEAD request to v3/auth/tokens/...

GHSA-GMVP-5RF9-MXCM OpenStack Identity (Keystone) Multiple vulnerabilities in revocation events

The MySQL token driver in OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token...

OpenStack Identity (Keystone) Multiple vulnerabilities in revocation events

The MySQL token driver in OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token...