PYSEC-2018-152

An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service keystone. An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles...

DEBIAN-CVE-2017-2673

An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service keystone. An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles...

CVE-2017-2673

An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service keystone. An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles...

CVE-2017-2673

The CVE-2017-2673 entry concerns an authorization-check flaw in OpenStack Keystone federation configurations. An authenticated federated user could request permissions to a project and be unintentionally granted all related roles, including administrative roles, due to inadequate authorization ch...

CVE-2017-2673

An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service keystone. An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles...

GHSA-XCP8-HH74-F6MC oslo.middleware Information Disclosure vulnerability

python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component...

oslo.middleware Information Disclosure vulnerability

python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component...

CloudBees Jenkins Openstack Cloud Plugin Information Disclosure Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is a set of Java-based continuous integration tools from CloudBees, Inc. that are used to monitor order repetitive work.Openstack Cloud Plugin is a plugin for creating Openstack cloud instances using one of the ... CloudBees Jenkins An information...

Moderate: Red Hat Bug Fix Advisory: Red Hat OpenStack Platform 9 director Bug Fix Advisory

Updated packages that resolve various issues are now available for Red Hat OpenStack Platform 9.0 director for RHEL 7. Red Hat OpenStack Platform director provides the facilities for deploying and monitoring a private or public infrastructure-as-a-service IaaS cloud based on Red Hat OpenStack...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 10 Security, Bug Fix, and Enhancement Advisory

An update is now available for Red Hat OpenStack Platform 10.0 Newton for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2018-1000603

A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in BootSource.java, InstancesToRun.java, JCloudsCleanupThread.java, JCloudsCloud.java, JCloudsComputer.java, JCloudsPreCreationThread.java, JCloudsRetentionStrategy.java, JCloudsSlave.java,...

CVE-2018-1000603

A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in BootSource.java, InstancesToRun.java, JCloudsCleanupThread.java, JCloudsCloud.java, JCloudsComputer.java, JCloudsPreCreationThread.java, JCloudsRetentionStrategy.java, JCloudsSlave.java,...

Design/Logic Flaw

A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in BootSource.java, InstancesToRun.java, JCloudsCleanupThread.java, JCloudsCloud.java, JCloudsComputer.java, JCloudsPreCreationThread.java, JCloudsRetentionStrategy.java, JCloudsSlave.java,...

CVE-2018-1000603

A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in BootSource.java, InstancesToRun.java, JCloudsCleanupThread.java, JCloudsCloud.java, JCloudsComputer.java, JCloudsPreCreationThread.java, JCloudsRetentionStrategy.java, JCloudsSlave.java,...

CVE-2018-1000603

Summary (CVE-2018-1000603): Affected product: Jenkins Openstack Cloud Plugin (versions 2.35 and earlier). The vulnerability arises in multiple OpenStack-related classes (e.g., BootSource.java, OpenstackCredentials.java, SlaveOptions.java, etc.) and allows attackers with Overall/Read access to Jen...

Security Bulletin: Malformed ECParameters causes infinite loop (CVE-2015-1788)

Summary IBM Cloud Manager with Openstack is vulnerable to a denial of service which could allow a remote attacker to expoit this vulnerability to cause the application to enter into an infinite loop. Vulnerability Details CVEID: CVE-2015-1788 DESCRIPTION: OpenSSL is vulnerable to a denial of...

Security Bulletin: Nova Filter Scheduler bypass through rebuild action (CVE-2017-16239)

Summary OpenStack Nova could allow a remote authenticated attacker to bypass security restrictions. By rebuilding an instance, an attacker could exploit this vulnerability to achieve Filter Scheduler bypass. Vulnerability Details CVE-ID: CVE-2017-16239 Description: OpenStack Nova could allow a...

Security Bulletin: IBM PowerVC is impacted by OpenStack Compute denial of service vulnerability (CVE-2016-7498)

Summary If an authenticated user deletes an instance while it is in resize state, it will cause the original instance to not be deleted from the compute node it was running on. An attacker can use this to launch a denial of service attack. All Nova setups are affected. Vulnerability Details CVEID...

Security Bulletin: IBM PowerVC is impacted by OpenStack Glance server-side request forgery (CVE-2017-7200)

Summary IBM PowerVC may disclose some sensitive information while creating images with 'copyfrom' feature in the v1 Image Service API. Vulnerability Details CVEID: CVE-2017-7200 DESCRIPTION: OpenStack Glance is vulnerable to server-side request forgery, caused by a flaw in the 'copyfrom' feature ...

Security Bulletin: IBM PowerVC is impacted by python oslo.middleware package information disclosure (CVE-2017-2592)

Summary IBM PowerVC may disclose some sensitive values in an error message. Vulnerability Details CVEID: CVE-2017-2592 DESCRIPTION: The OpenStack python oslo.middleware package could allow a local authenticated attacker to obtain sensitive information by including sensitive data in the CatchError...