7812 matches found
CVE-2015-5303
The TripleO Heat templates tripleo-heat-templates, when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter...
Default credentials
The TripleO Heat templates tripleo-heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed overclouds by leveraging knowledge of the...
Code injection
The TripleO Heat templates tripleo-heat-templates, when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter...
PYSEC-2016-35
The TripleO Heat templates tripleo-heat-templates, when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter...
CVE-2015-5303
The TripleO Heat templates tripleo-heat-templates, when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter...
PYSEC-2016-35
The TripleO Heat templates tripleo-heat-templates, when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter...
CVE-2015-5329
The TripleO Heat templates tripleo-heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed overclouds by leveraging knowledge of the...
CVE-2015-5303
The CVE-2015-5303 entry concerns TripleO Heat templates (tripleo-heat-templates). When deployed from the CLI, it allows remote attackers to spoof OpenStack Networking metadata requests by exploiting knowledge of the default value of the NeutronMetadataProxySharedSecret parameter. The vulnerabilit...
CVE-2015-5303
The TripleO Heat templates tripleo-heat-templates, when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter...
APITest.IO: SSRF on testing endpoint
Synopsis The form at https://www.apitest.io/request accepts among others the "url" parameter. This feature allows to reach internal services like the OpenStack metadata server or services running on loopback. Identified services http://0x7f.1/ nginx = "If you see this page, the nginx web server i...
SUSE-SU-2016:0739-1 Security update for openstack-trove
This update for openstack-trove fixes the following issues: - Fix multiple insecure /tmp file usage issues bsc929535, CVE-2015-3156...
openstack-heat: Vulnerability in Heat template validation leading to DoS
A vulnerability was discovered in the OpenStack Orchestration service heat, where a specially formatted template could be used to trick the heat-engine service into opening a local file. Although the file contents are never disclosed to the end user, an OpenStack-authenticated attacker could use...
Moderate: Red Hat Security Advisory: openstack-heat bug fix and security advisory
Updated OpenStack Orchestration packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for RHEL 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS...
openstack-heat: Vulnerability in Heat template validation leading to DoS
A vulnerability was discovered in the OpenStack Orchestration service heat, where a specially formatted template could be used to trick the heat-engine service into opening a local file. Although the file contents are never disclosed to the end user, an OpenStack-authenticated attacker could use...
Moderate: Red Hat Security Advisory: openstack-heat bug fix and security advisory
Updated OpenStack Orchestration packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for RHEL 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS...
openstack-heat: Vulnerability in Heat template validation leading to DoS
A vulnerability was discovered in the OpenStack Orchestration service heat, where a specially formatted template could be used to trick the heat-engine service into opening a local file. Although the file contents are never disclosed to the end user, an OpenStack-authenticated attacker could use...
Moderate: Red Hat Security Advisory: openstack-heat security advisory
Updated OpenStack Orchestration packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 6.0 Juno for RHEL 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, whic...
OpenStack Compute Information Disclosure Vulnerability
OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration NASA in collaboration with Rackspace, Inc. in the U.S. OpenStack Compute Nova is one of the cloud computing construct controllers written in the Python language. The OpenStack Compute...
Important: Red Hat Security Advisory: openstack-nova security update
Updated openstack-nova packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 7.0 Kilo for RHEL 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give...
openstack-nova: Host data leak through resize/migration
An information-exposure flaw was found in the OpenStack Compute nova resize and migrate functionality. An authenticated user could write a malicious qcow header to an ephemeral or root disk, referencing a block device as a backing file. With a subsequent resize or migration, file system content o...