Cross-site Scripting (XSS)

openstack-swift is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header...

Cross-site Scripting (XSS)

django-horizon is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as the Orchestration/Stack section in the Horizon Orchestration dashboard in OpenStack Dashboard Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2, when used with Heat, allows remote...

Bruteforce Attack

openstack-nova is vulnerable to bruteforce attacks. The vulnerability exists as api/metadata/handler.py in OpenStack Compute Nova before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instanc...

Authorization Bypass

openstack-neutron is vulnerable to authorization bypass. An authenticated user is able to bypass security group restrictions with an invalid CIDR to add a security group rule which would cause the openvswitch-agent process to fail and prevent further rules from being applied...

Denial Of Service (DoS)

openstack-keystone is vulnerable to denial of service DoS attacks. The vulnerability exists as OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service disk consumption via many invalid token...

Privilege Escalation

openstack-keystone is vulnerable to privilege escalation attacks. The vulnerability exists as the LDAP backend in OpenStack Identity Keystone Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain...

Denial Of Service (DoS)

openstack-nova is vulnerable to denial of service DoS attacks. The vulnerability exists as OpenStack Compute Nova Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service host file system disk consumption via a...

Authorization Bypass

openstack-heat is vulnerable to authorization bypass attacks. The vulnerability exists as the cloudformation-compatible API in OpenStack Orchestration API Heat before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance users to...

Privilege Escalation

openstack-keystone is vulnerable to privilege escalation attacks. The vulnerability exists as the ec2tokens API in OpenStack Identity Keystone before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain...

Authentication Bypass

openstack-keystone is vulnerable to authentication bypass attacks. The vulnerability exists as OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password...

Information Disclosure

openStack-glance is vulnerable to information disclosure. When an error occurs during new image creation in single tenant mode, the endpoint logs usernames and passwords in plaintext. An authenticated user would be able to obtain credentials and gain access to the endpoint as an administrator...

Information Disclosure

openstack-nova is vulnerable to information disclosure. When using libvirt and LVM backed instances, the contents of the physical volume PV are not properly wiped before the volume is returned to the system for use again, which could lead to the new instance being able to access confidential file...

Information Disclosure

openstack-keystone is vulnerable to information disclosure attacks. The vulnerability exists as OpenStack Identity Keystone Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the 1 admintoken and 2 LDAP password in plaintext, which allows local users to obtain sensitive by reading the log...

Cross-site Scripting (XSS)

OpenStack Dashboard horizon is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the description field of a Heat template...

Improper Invalidation Of Token

openstack-keystone is vulnerable to access bypass attacks. The vulnerability exists as the memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not inclu...

Information Disclosure

openstack-nova is vulnerable to information disclosure attacks. The vulnerability exists in the instance rescue mode in OpenStack Compute Nova 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and usecowimages is set to false, allows remote authenticated users ...

Information Disclosure

puppet is vulnerable to information disclosure attacks. The vulnerability exists as Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files...

Authorization Bypass

openstack-nova allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port...

Authentication Bypass

openstack-keystone is vulnerable to authentication bypass. This is due to the way PKI tokens are revoked, which allow users with revoked tokens to retain access to resources that should no longer be accessible...

Information Disclosure

openstack-glance is vulnerable to information disclosure. A flaw in the way certain image requests are handled allowed an authenticated user to obtain Glance's OpenStack Swift or Amazon S3 credentials...