CVE-2023-6725

An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information...

CVE-2023-6725

An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information...

CVE-2023-6725

An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information...

CVE-2023-6725

An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information...

CVE-2023-6725 Tripleo-ansible: bind keys are world readable

An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information...

CVE-2023-6725

CVE-2023-6725 affects Red Hat OpenStack Platform 17.1 components tripleo-ansible and openstack-tripleo-heat-templates, with a root cause of bind keys being world readable. This could expose private configuration data (e.g., BIND keys) to an attacker with access to the host/container. Remediation ...

CVE-2023-6725 Tripleo-ansible: bind keys are world readable

An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information...

CVE-2023-6725

An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information...

OpenStack Designate Security Vulnerability

OpenStack is a cloud platform management program of the National Aeronautics and Space Administration NASA in the U.S. Designate is one of the components used to provide DNSaaS DNS-as-a-Service services for OpenStack. A security vulnerability exists in OpenStack Designate that stems from an acces...

Moderate: Red Hat Security Advisory: Service Telemetry Framework 1.5.4 security update

An update is now available for Service Telemetry Framework 1.5.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

USN-6668-1 python-openstackclient vulnerability

It was discovered that when python-openstackclient attempted to delete a non-existing access rule, it would delete another existing access rule instead, contrary to expectations...

CVE-2023-3976

A flaw was found in /etc/sudoers in Red Hat OpenStack. As a result of this misconfiguration in the sudoers file, the application is allowed to run restricted commands with root privileges. This issue could allow a local authenticated attacker to gain elevated privileges on the system. This flaw i...

UBUNTU-CVE-2023-6110

A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials...

USN-6630-1: Glance_store vulnerability

It was discovered that Glancestore incorrectly handled logging when the DEBUG log level is enabled. A local attacker could use this issue to obtain accesskey values...

CVE-2023-6110

A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials...

PT-2024-8621 · Openstack +4 · Openstack +4

Name of the Vulnerable Software and Affected Versions: OpenStack affected versions not specified Description: A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in its scope, it deletes other existing access rules which are not associated with any application...

OpenStack Security Vulnerabilities

OpenStack is a cloud platform management program of the National Aeronautics and Space Administration NASA. OpenStack has a security vulnerability that stems from the fact that when a user tries to remove an access rule that does not exist in its scope, it removes other existing access rules that...

[SECURITY] [DLA 3713-1] subunit bugfix update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3713-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès January 21, 2024 https://wiki.debian.org/LTS -...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (openstack-tripleo-common) security update

An update for openstack-tripleo-common is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

openstack/kolla: sudo privilege escalation vulnerability

A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla. A misconfiguration in /etc/sudoers within a container can lead to increased privileges...