CVE-2019-10138

A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens...

CVE-2019-10138

The CVE-2019-10138 issue affects the python-novajoin plugin used by Red Hat OpenStack Platform (all versions up to 1.1.1). The root cause is insufficient access control in the novajoin API, enabling any keystone-authenticated user to generate FreeIPA tokens. This leads to unauthorized token gener...

OpenStack Neutron Denial of Service Vulnerability (CNVD-2019-22777)

OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration NASA in collaboration with Rackspace, Inc. in the U.S. Neutron is one of the networking components that provides Network-as-a-Service NaaS, which enables the creating networks between...

openstack-ironic-inspector: SQL Injection vulnerability when receiving introspection data

A SQL-injection vulnerability was found in openstack-ironic-inspector's nodecache.findnode. This function makes a SQL query using unfiltered data from a server reporting inspection results by a POST to the /v1/continue endpoint. Because the API is unauthenticated, the flaw could be exploited by a...

Important: Red Hat Security Advisory: openstack-ironic-inspector security update

An update for openstack-ironic-inspector is now available for Red Hat OpenStack Platform 13.0 Queens. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

Moderate: Red Hat Security Advisory: openstack-tripleo-common security and bug fix update

An update for openstack-tripleo-common is now available for Red Hat OpenStack Platform 13.0 Queens. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

openstack-tripleo-common: Allows running new amphorae based on arbitrary images

An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested t...

Moderate: Red Hat Security Advisory: python-novajoin security and bug fix update

An update for python-novajoin is now available for Red Hat OpenStack Platform 13.0 Queens. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

python-novajoin: novajoin API lacks access control

A flaw was discovered in the python-novajoin plugin for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens...

openstack-ironic-inspector: SQL Injection vulnerability when receiving introspection data

A SQL-injection vulnerability was found in openstack-ironic-inspector's nodecache.findnode. This function makes a SQL query using unfiltered data from a server reporting inspection results by a POST to the /v1/continue endpoint. Because the API is unauthenticated, the flaw could be exploited by a...

Important: Red Hat Security Advisory: openstack-ironic-inspector security update

An update for openstack-ironic-inspector is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

python-novajoin Access Control Error Vulnerability

python-novajoin is a Python package that provides a dynamic vendordata plugin for the OpenStack nova metadata service, which is primarily used to manage host instantiation in IPA servers. An access control error vulnerability exists in python-novajoin. The vulnerability stems from a network syste...

libxslt CVE-2019-13117 Information Disclosure Vulnerability

Description libxslt is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. libxslt 1.1.33 is vulnerable; other versions may also be affected. Technologies Affected Oracle JDKLinux Production Release...

SQL Injection

openstack-ironic-inspector is vulnerable to SQL Injection attacks. An attacker could exploit a flaw in the openstack-ironic-inspector's nodecache.findnode function to pass malicious data via a network on which ironic-inspector is listening which leads to denial of service conditions...

Injection vulnerability that affects ironic-discoverd

OpenStack Ironic Inspector aka ironic-inspector or ironic-discoverd, when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error...

GHSA-X64G-WJMW-W328 Injection vulnerability that affects ironic-discoverd

OpenStack Ironic Inspector aka ironic-inspector or ironic-discoverd, when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error...

Moderate: Red Hat Security Advisory: openstack-tripleo-common security and bug fix update

An update for openstack-tripleo-common is now available for Red Hat OpenStack Platform 14.0 Rocky. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

openstack-ironic-inspector: SQL Injection vulnerability when receiving introspection data

A SQL-injection vulnerability was found in openstack-ironic-inspector's nodecache.findnode. This function makes a SQL query using unfiltered data from a server reporting inspection results by a POST to the /v1/continue endpoint. Because the API is unauthenticated, the flaw could be exploited by a...

Ubuntu 16.04 LTS : OpenStack Neutron vulnerability (USN-4036-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4036-1 advisory. Erik Olof Gunnar Andersson discovered that OpenStack Neutron incorrectly handled certain security group rules in the iptables firewall module. An authenticated...

Ubuntu: Security Advisory (USN-4036-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...