CVE-2022-3261

CVE-2022-3261 affects OpenStack; multiple components log plaintext passwords to /var/log/messages during the OpenStack overcloud update, causing disclosure of sensitive information. The available sources describe the issue and its impact but do not specify affected versions, fixes, or mitigations...

CVE-2022-3261 Plain-text passwords saved in /var/log/messages

A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages during the OpenStack overcloud update run, leading to a disclosure of sensitive information problem...

PT-2023-13087 · Openstack · Openstack

Name of the Vulnerable Software and Affected Versions: OpenStack affected versions not specified Description: A flaw was found in OpenStack, where multiple components show plain-text passwords in /var/log/messages during the OpenStack overcloud update run, leading to a disclosure of sensitive...

CVE-2022-38060

A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla. A misconfiguration in /etc/sudoers within a container can lead to increased privileges. Mitigation /etc/sudoers within the container should use the securepath option to prevent the PATH environment variable...

CVE-2023-40585

ironic-image is a container image to run OpenStack Ironic as part of Metal³. Prior to version capm3-v1.4.3, if Ironic is not deployed with TLS and it does not have API and Conductor split into separate services, access to the API is not protected by any authentication. Ironic API is also listenin...

Authentication flaw

ironic-image is a container image to run OpenStack Ironic as part of Metal³. Prior to version capm3-v1.4.3, if Ironic is not deployed with TLS and it does not have API and Conductor split into separate services, access to the API is not protected by any authentication. Ironic API is also listenin...

CVE-2023-40585 Unauthenticated access to Ironic API

ironic-image is a container image to run OpenStack Ironic as part of Metal³. Prior to version capm3-v1.4.3, if Ironic is not deployed with TLS and it does not have API and Conductor split into separate services, access to the API is not protected by any authentication. Ironic API is also listenin...

CVE-2023-40585 Unauthenticated access to Ironic API

ironic-image is a container image to run OpenStack Ironic as part of Metal³. Prior to version capm3-v1.4.3, if Ironic is not deployed with TLS and it does not have API and Conductor split into separate services, access to the API is not protected by any authentication. Ironic API is also listenin...

Moderate: Red Hat Security Advisory: Release of containers for OSP 16.2.z (Train) director Operator

Red Hat OpenStack Platform RHOSP 16.2.z Train director Operator containers are now available. Release of Red Hat OpenStack Platform RHOSP 16.2.z Train provides these changes:...

OpenStack Horizon 输入验证错误漏洞

OpenStack Horizon is a Django-based project for OpenStack designed to provide complete OpenStack dashboards and an extensible framework for building new dashboards from reusable components. A security vulnerability exists in OpenStack Horizon versions 19.4.0 through 20.1.4 that stems from a...

Ubuntu: Security Advisory (USN-6293-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6293-1: OpenStack Heat vulnerability

It was discovered that OpenStack Heat incorrectly handled certain hidden parameter values. A remote authenticated user could possibly use this issue to obtain sensitive data...

USN-6293-1 heat vulnerability

It was discovered that OpenStack Heat incorrectly handled certain hidden parameter values. A remote authenticated user could possibly use this issue to obtain sensitive data...

Moderate: Red Hat Security Advisory: Release of containers for Red Hat OpenStack Platform 17.1 director Operator

Red Hat OpenStack Platform 17.1 Wallaby director Operator containers are now available. Release of Red Hat OpenStack Platform 17.1 Wallaby director Operator containers provides these changes: Security Fixes: github.com/Masterminds/vcs: Command Injection via argument injection CVE-2022-21235 For...

Ubuntu 22.04 LTS : OpenStack Heat vulnerability (USN-6293-1)

The remote Ubuntu 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6293-1 advisory. It was discovered that OpenStack Heat incorrectly handled certain hidden parameter values. A remote authenticated user could possibly use this issue to obtain...

Keystone 安全漏洞

Keystone is a powerful OpenStack open source CMS designed to help you build and scale faster than any other Cms or application framework. Keystone has a security vulnerability that stems from adminMeta GraphQL queries being publicly accessible when ui.isAccessAllowed is set to undefined...

SUSE: Security Advisory (SUSE-SU-2023:3232-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2023:3174-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2023:3030-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2022-38060

A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges...