The vulnerability of the Oslo.privsep component in the cloud computing platform Openstack, related to insecure management of privileges, allows a perpetrator to escalate their privileges.

The vulnerability of the Oslo.privsep component in the OpenStack cloud service platform is related to insecure management of privileges. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...

PT-2023-8846

Name of the Vulnerable Software and Affected Versions OpenStack Designate affected versions not specified Description An access-control flaw was found in the OpenStack Designate component where private configuration information, including access keys to BIND, were improperly made world readable. ...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (openstack-barbican) security update

An update for openstack-barbican is now available for Red Hat OpenStack Platform 16.2 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

openstack-barbican: Insecure Barbican configuration file leaking credential

A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials...

Debian dla-3629 : ceph - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3629 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3629-1 [email protected]...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1.1 (director-operator) security update

An update for osp-director-agent-container, osp-director-downloader-container, osp-director-operator-bundle-container, and osp-director-operator-container is now available for Red Hat OpenStack Platform 17.1.1. Red Hat Product Security has rated this update as having a security impact of Importan...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.5 (collectd-libpod-stats) security update

An update for collectd-libpod-stats is now available for Red Hat OpenStack Platform 16.2.5 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.5 (collectd-libpod-stats, etcd) security update

An update for collectd-libpod-stats and etcd is now available for Red Hat OpenStack Platform 16.2.5 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1.9 (collectd-libpod-stats, etcd) security update

An update for collectd-libpod-stats and etcd is now available for Red Hat OpenStack Platform 16.1.9 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1.1 (collectd-libpod-stats) security update

An update for collectd-libpod-stats is now available for Red Hat OpenStack Platform 17.1.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1.1 security update

An update for collectd-libpod-stats, etcd, and python-octavia-tests-tempest is now available for Red Hat OpenStack Platform 17.1.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.5 security update

An update for osp-director-agent-container, osp-director-downloader-container, osp-director-operator-bundle-container, and osp-director-operator-container is now available for Red Hat OpenStack Platform 16.2.5. Red Hat Product Security has rated this update as having a security impact of Importan...

OpenStack Barbican credential leak flaw

A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials...

GHSA-6QQP-4VM3-359V OpenStack Barbican credential leak flaw

A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials...

OpenStack Heat information leak vulnerability

An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system...

GHSA-5836-GRCC-8J89 OpenStack Heat information leak vulnerability

An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system...

GHSA-6RX9-C2RH-3QV4 OpenStack Barbican information disclosure vulnerability

A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is...

OpenStack Barbican information disclosure vulnerability

A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is...

CVE-2023-1633

A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials...

CVE-2023-1625

An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system...