7820 matches found
SUSE-SU-2020:1066-1 Security update for ardana-ansible, ardana-barbican, ardana-db, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, documentation-suse-openstack-cloud, memcached, openstack-manila, openstack-neutron, openstack-nova, pdns, python-amqp, rubygem-puma, zookeeper
This update for ardana-ansible, ardana-barbican, ardana-db, ardana-monasca, ardana-mq, ardana-neutron, ardana-octavia, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, documentation-suse-openstack-cloud, memcached, openstack-manila, openstack-neutron, openstack-nova, pdns, python-amqp...
CVE-2018-14620
The OpenStack RabbitMQ container image insecurely retrieves the rabbitmqclusterer component over HTTP, without validation, during the build stage. This could potentially allow an attacker to serve malicious code to the image builder and install in the resultant container image...
Multiple Red Hat Products Security Feature Issue Vulnerabilities
Red Hat Ceph Storage and Red Hat OpenShift are both products of Red Hat, Inc. Red Hat Ceph Storage is a scalable, open software-defined storage platform.Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform that supports building, testing, deploying, and running applications....
RHEL 8 : openstack-manila (RHSA-2020:1326)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1326 advisory. OpenStack Shared Filesystem Service Manila provides services to manage network filesystems for use by Virtual Machine instances. Security Fixes: User...
openstack-manila: User with share-network UUID is able to show, create and delete shares
An access flaw was found in openstack-manila, where the API did not validate the user/project on commands. A malicious user having the UUID of a share-network could view, update, delete, or share resources that did not belong to them. Attackers could also create resources on shared networks for...
Moderate: Red Hat Security Advisory: openstack-manila security update
An update for openstack-manila is now available for Red Hat OpenStack Platform 15 Stein. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Authentication Bypass
openstack octavia is vulnerable to authentication bypass. An attacker is able to bypass authentication and gain access to the application due to an incorrect configuration in cmd/agent.py whereby the gunicorn certreqs option is set to True instead of ssl.CERTREQUIRED...
CVE-2018-17954
An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUSE...
CVE-2018-17954
An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUSE...
Input validation
An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUSE...
CVE-2018-17954
CVE-2018-17954 affects SUSE OpenStack Cloud Crowbar and Ardana components. It is an Improper Privilege Management in crowbar, enabling root users on any crowbar-managed node to become root on any other node. Affected versions include: SUSE OpenStack Cloud 7 crowbar-core < 4.0+git.1578392992.fa...
CVE-2018-17954 crowbar provision leaks admin password to all nodes in cleartext
An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUSE...
OpenStack Manila Override Vulnerability
OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration NASA and Rackspace, Inc. in the United States. A security vulnerability exists in OpenStack Manila versions prior to 7.4.1, 8.0.0 through 8.1.1, and 9.0.0 through 9.1.1. An attacker cou...
CVE-2020-9543
OpenStack Manila =8.0.0 =9.0.0 9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks...
CVE-2020-9543
OpenStack Manila =8.0.0 =9.0.0 9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks...
DEBIAN-CVE-2020-9543
OpenStack Manila =8.0.0 =9.0.0 9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks...
Code injection
OpenStack Manila =8.0.0 =9.0.0 9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks...
PYSEC-2020-63
OpenStack Manila =8.0.0 =9.0.0 9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks...
PYSEC-2020-63
OpenStack Manila =8.0.0 =9.0.0 9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks...
GHSA-XF8C-3CGX-FCWM Improper Access Control in novajoin
A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens...