RHEL 6 / 7 : openstack-neutron (RHSA-2015:1909)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:1909 advisory. OpenStack Networking neutron is a pluggable, scalable, and API-driven system that provisions networking services to virtual machines. Its main...

Time-of-check Time-of-use (TOCTOU) Attack

OpenStack Storlets is vulnerable to Time-of-check Time-of-use TOCTOU Attack. The vulnerability is caused due to a lack of strict permission checks and restriction, leading to improper permission settings on file creation. This allows an attacker to gain unauthorized access to or modify sensitive...

RHEL 8 : Red Hat OpenStack Platform 16.2 (etcd) (RHSA-2023:3445)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:3445 advisory. A highly-available key value store for shared configuration Security Fixes: Information discosure via debug function CVE-2021-28235...

RHEL 9 : Red Hat OpenStack Platform 17.1.1 (RHSA-2023:5969)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5969 advisory. The etcd packages provide a highly available key-value store for shared configuration. Security Fixes: golang: net/http, x/net/http2: rapid...

OpenStack Storlets arbitrary code execution vulnerability

An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component...

GHSA-RFM2-F94J-QHJP OpenStack Storlets arbitrary code execution vulnerability

An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component...

CVE-2024-28717

An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (openstack-tripleo-heat-templates and python-yaql) security update

An update for openstack-tripleo-heat-templates and python-yaql is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

YAQL: OpenStack Murano Component Information Leakage

A flaw was found in the Murano component of OpenStack. This vulnerability allows ordinary users capable of importing and deploying app packages to access sensitive information within OpenStack services. Specifically, through this exploit, unauthorized users can obtain Murano service account...

YAQL: OpenStack Murano Component Information Leakage

A flaw was found in the Murano component of OpenStack. This vulnerability allows ordinary users capable of importing and deploying app packages to access sensitive information within OpenStack services. Specifically, through this exploit, unauthorized users can obtain Murano service account...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (python-yaql and openstack-tripleo-heat-templates) security update

An update for python-yaql and openstack-tripleo-heat-templates is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

PT-2024-22537 · Openstack · Openstack Storlets

Name of the Vulnerable Software and Affected Versions: OpenStack Storlets version yoga-eom Description: The issue allows a remote attacker to execute arbitrary code via the gateway.py component. Recommendations: For OpenStack Storlets version yoga-eom, at the moment, there is no information about...

RHEL 8 : Red Hat OpenStack Platform 17.1 (openstack-tripleo-heat-templates and python-yaql) (RHSA-2024:1930)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1930 advisory. Heat templates for TripleO YAQL library has a out of the box large set of commonly used functions. Security Fixes: OpenStack Murano Component...

OpenStack Storlets 安全漏洞

OpenStack Storlets is an Openstack Swift extension to OpenStack open source. A security vulnerability exists in OpenStack Storlets. A remote attacker can exploit this vulnerability to execute arbitrary code via the gateway.py component...

CVE-2024-28717

An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component...

CVE-2024-28717

CVE-2024-28717 affects OpenStack Storlets (yoga-eom) with a remote code execution risk through the gateway.py component. The connected documents consistently describe arbitrary code execution via gateway.py, but do not provide concrete vendor/version details beyond OpenStack Storlets yoga-eom, no...

CVE-2024-28717

An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component...

RHEL 6 : openstack-keystone (RHSA-2013:1285)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:1285 advisory. The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token,...

RHEL 6 : openstack-cinder (RHSA-2013:1198)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:1198 advisory. The openstack-cinder packages provide OpenStack Volume Cinder, which provides services to manage and access block storage volumes for use by...

RHEL 6 : openstack-keystone (RHSA-2013:0994)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:0994 advisory. The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token,...