PT-2024-24616 · Openstack +2 · Openstack Cinder +4

Name of the Vulnerable Software and Affected Versions: OpenStack Cinder versions through 24.0.0 OpenStack Glance versions before 28.0.2 OpenStack Nova versions before 29.0.3 Description: An issue was discovered in OpenStack, allowing arbitrary file access via custom QCOW2 external data. By...

RHEL 9 : Red Hat OpenStack Platform 17.1.3 (RHSA-2024:4272)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4272 advisory. Cinder is the replacement of nova-volume in Folsom and beyond, use d for block storage. OpenStack Image Service code-named Glance provides...

RHEL 8 : Red Hat OpenStack Platform 17.1.3 (openstack-nova) (RHSA-2024:4274)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4274 advisory. OpenStack Compute codename Nova is open source software designed to provision and manage large networks of virtual machines,creating a redundant and...

RHEL 8 : Red Hat OpenStack Platform 16.2.6 (RHSA-2024:4273)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4273 advisory. Cinder is the replacement of nova-volume in Folsom and beyond, use d for block storage. OpenStack Image Service code-named Glance provides...

OpenStack Security Vulnerabilities

OpenStack is a cloud platform management program of the National Aeronautics and Space Administration NASA. A security vulnerability exists in OpenStack, which stems from an input validation flaw that could allow an attacker to deliver a malicious image by uploading or creating and modifying an...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 security update

An update for python-yaql, openstack-tripleo-heat-templates, and openstack-tripleo-common is now available for Red Hat OpenStack Platform 16.2 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, whi...

YAQL: OpenStack Murano Component Information Leakage

A flaw was found in the Murano component of OpenStack. This vulnerability allows ordinary users capable of importing and deploying app packages to access sensitive information within OpenStack services. Specifically, through this exploit, unauthorized users can obtain Murano service account...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (python-gunicorn) security update

An update for python-gunicorn is now available for Red Hat OpenStack Platform 16.2 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 8 : Red Hat OpenStack Platform 16.2 (RHSA-2024:4053)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4053 advisory. Affected components: python-yaql: a library that contains a large set of commonly used functions openstack-tripleo-heat-templates: Heat templates for...

RHEL 6 : openstack-glance (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openstack-glance: API v1 copyfrom reveals network details CVE-2017-7200 - A vulnerability was found in...

RHEL 6 : openstack-nova (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openstack-nova/glance/cinder: Malicious image may exhaust resources CVE-2015-5162 - Rejected reason: DO N...

RHEL 7 : openstack-keystone (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - openstack-keystone: Improper check of tampered revocated PKI/PKIZ token CVE-2015-7546 Note that Nessus has not test...

RHEL 6 : openstack-keystone (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - openstack-keystone: Improper check of tampered revocated PKI/PKIZ token CVE-2015-7546 Note that Nessus has not test...

RHEL 6 : openstack-neutron (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openstack-neutron: ICMPv6 source address spoofing vulnerability CVE-2015-8914 - openstack-neutron: MAC...

RHEL 6 : openstack-trove (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - openstack-trove: multiple insecure /tmp file usage issues CVE-2015-3156 Note that Nessus has not tested for this...

RHEL 6 : openstack-heat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - openstack-heat: Template source URL allows network port scan CVE-2016-9185 Note that Nessus has not tested for this...

RHEL 6 : openstack-swift-plugin-swift3 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - openstack-swift-plugin3: replay attack - date/date header unvalidated CVE-2015-8466 Note that Nessus has not tested...

The vulnerability of the YAQL component in the interface for managing service configurations in the OpenStack Murano cloud platform, related to the lack of protection for service data, allows a attacker to disclose the protected information.

The vulnerability of the YAQL component in the interface for managing service configurations in the OpenStack Murano cloud platform is related to the lack of protection for operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose the protected...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 director Operator container images security update

Updated container images are now available for director Operator for Red Hat OpenStack Platform 16.2 Train for RHEL 8.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 director Operator container images security update

Updated container images are now available for director Operator for Red Hat OpenStack Platform 17.1 Wallaby for RHEL 9.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...