Moderate: Red Hat Security Advisory: python-django security update

An update for python-django is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

python-django: Open redirect and possible XSS attack via user-supplied numeric redirect URLs

A redirect flaw, where the issafeurl function did not correctly sanitize numeric-URL user input, was found in python-django. A remote attacker could exploit this flaw to perform XSS attacks against the OpenStack dashboard...

openstack-keystone: Incorrect role assignment with federated Keystone

An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service keystone. An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles...

Important: Red Hat Security Advisory: openstack-keystone security, bug fix, and enhancement update

An update for openstack-keystone is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

python-django-horizon: XSS in federation mappings UI

A cross-site scripting flaw was discovered in the OpenStack dashboard horizon which allowed remote authenticated administrators to conduct XSS attacks using a crafted federation mapping rule. For this flaw to be exploited, federation mapping must be enabled in the dashboard...

Low: Red Hat Security Advisory: python-django-horizon security, bug fix, and enhancement update

An update for python-django-horizon is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

openstack-mistral: /var/log/mistral/ is world readable

An accessibility flaw was found in the OpenStack Workflow mistral service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information...

Moderate: Red Hat Security Advisory: openstack-mistral security, bug fix, and enhancement update

An update for openstack-mistral is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Authentication flaw

The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change...

CVE-2016-4383

The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change...

CVE-2016-4383

The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change...

CVE-2016-4383

The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change...

UBUNTU-CVE-2016-4383

The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change...

CVE-2016-4383

The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change...

CVE-2016-4383

CVE-2016-4383 affects the OpenStack image service component in HPE Helion OpenStack Glance. The vulnerability lies in the glance-manage database, where deleted image IDs can be reassigned. This can allow remote authenticated users to cause other users to boot into a modified image without notific...

CVE-2016-4383

The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform director security update

An update is now available for Red Hat OpenStack Platform 8.0 Liberty. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform director security update

An update is now available for Red Hat OpenStack Platform 7.0 Kilo. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Moderate: Red Hat Security Advisory: openstack-nova security, bug fix, and enhancement update

An update for openstack-nova is now available for Red Hat OpenStack Platform 9.0 Mitaka. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

openstack-nova: Sensitive information included in legacy notification exception contexts

An information exposure issue was discovered in OpenStack Compute's exceptionwrapper.py. Legacy notification exception contexts appearing in ERROR-level logs could include sensitive information such as account passwords and authorization tokens...