Privilege Escalation

openstack-neutron is vulnerable to privilege escalation attacks. The vulnerability exists as the default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted...

Improper Token Invalidation

The openstack-keystone packages is vulnerable to improper token invalidation. It is possible because it does not revoke the tokens issued to a tenant upon disabling the tenant, leaving the tenant to access the resources supposed to be restricted...

Bypass Access Restriction

The openstack-glance package is vulnerable to access restriction bypass. When Glance downloadimage policy is enforced for cached system images, it allows an authenticated user to guess the image by its UUID and download that image,against the downloadimage policy. It only affects the setups makin...

Denial Of Service (DoS)

openstack-nova is vulnerable to denial of service DoS attacks. The vulnerability exists as the XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute Nova Essex and Folsom; Cinder Folsom; Django; and possibly other products all...

Authentication Bypass

openstack-keystone is vulnerable to authentication bypass. Remote authenticated users are able to retain access via an expired token due to the token driver storing timestamps with incorrect precision, which causes timestamp expiration time comparisons for tokens to fail...

Authorization Bypass

openstack-keystone is vulnerable to authorization bypass attacks. The vulnerability exists as the 1 mamcache and 2 KVS token backends in OpenStack Identity Keystone Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remot...

Authorization Bypass

openstack-nova is vulnerable to authorization bypass attacks. The vulnerability exists as the XenAPI backend in OpenStack Compute Nova Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups 1 when resizing an image or 2 during live migration, which allows remote attacke...

Denial Of Service (DoS)

openstack-neutron is vulnerable to denial of service. There was no enforced quota on the amount of allowed address pairs, allowing a remote authenticated attacker to deplete system resources by creating a large number of allowed address pairs...

Privilege Escalation

openstack-nova is vulnerable to privilege escalation. The RBAC policies were not enforced for addrules, removerules, destroy and other unspecified methods in compute/api.py when using non-default policies. A remote attacker is able to escalate privileges beyond the user group they belong to via t...

Open Redirect

python-django-horizon is vulnerable to open redirect attacks. The vulnerability exists as an open redirect vulnerability in views/authforms.py in OpenStack Dashboard Horizon Essex 2012.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the...

Authorization Bypass

openstack-keystone is vulnerable to authorization bypass attacks. The vulnerability exists as OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex 2012.1, allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's...

Authorization Bypass

openstack-keystone is vulnerable to authorization bypass attacks. The vulnerability exists as OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the 1 user, 2 tenant, or 3 domain is enabled when using EC2-style authentication, which allows...

Token Leakage

OpenStack Telemetry ceilometer is vulnerable to token leakage. It does not escape authentication token used in REST requests XAUTHTOKEN, allowing a malicious user having read access to massage queue to gain access to the token and to escalate the privileges...

Information Disclosure

openstack-nova is vulnerable to information disclosure attacks. The vulnerability exists as OpenStack Compute Nova before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:ispublic property, which allows remote authenticated users to obtain sensitive information...

Information Disclosure

openstack-cinder is vulnerable to information disclosure attacks. The vulnerability exists as the clearvolume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive...

Denial Of Service (DoS)

openstack-swift is vulnerable to denial of service DoS attacks. The vulnerabiltiy exists as OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service "superfluous" tombstone consumption and Swift cluster slowdown via a DELETE request with ...

Information Disclosure

openstack-swift is vulnerable to information disclosure attacks. The vulnerability exists as the TempURL middleware in OpenStack Object Storage Swift 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing...

Information Disclosure

openstack-nova is vulnerable to information disclosure attacks. The vulnerability exists as an interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive...

Privilege Escalation

openstack-keystone is vulnerable to privilege escalation attacks. The vulnerability exists as OpenStack Identity Keystone before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by...

Information Disclosure

openstack-glance is vulnerable to information disclosure attacks. The vulnerability exists as OpenStack Image Registry and Delivery Service Glance 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING...