CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2023/03/23 12:0 a.m.•16 views

CVE-2022-3146

5.3AI score0.00018EPSS

Cvelist•added 2023/03/23 12:0 a.m.•17 views

CVE-2022-3101

5.3AI score0.00018EPSS

Vulnrichment•added 2023/03/23 12:0 a.m.•6 views

CVE-2022-3101

5.1AI score0.00018EPSS

CVE•added 2023/03/23 12:0 a.m.•98 views

CVE-2022-3101

The CVE-2022-3101 entry affects tripleo-ansible, where an insecure default configuration leaves a sensitive file with insufficient permissions. This enables a local attacker to brute-force the relevant directory to discover the file, leading to disclosure of important OpenStack deployment configu...

5.5CVSS4.9AI score0.00018EPSS

Exploits0References1Affected Software3

CVE•added 2023/03/23 12:0 a.m.•104 views

CVE-2022-3146

CVE-2022-3146 is described in public advisories as a vulnerability in Red Hat OpenStack Platform (tripleo-ansible) where an insecure default configuration leaves a sensitive file with insufficient permissions. This can allow a local attacker to brute-force the relevant directory and discover the ...

5.5CVSS4.9AI score0.00018EPSS

Exploits0References1Affected Software3

Positive Technologies•added 2023/03/23 12:0 a.m.•2 views

PT-2023-13026 · Unknown · Tripleo-Ansible

Name of the Vulnerable Software and Affected Versions: tripleo-ansible affected versions not specified Description: A flaw in the default configuration of tripleo-ansible allows a local attacker to potentially disclose important configuration details from an OpenStack deployment through brute for...

5.5CVSS5.3AI score0.00018EPSS

Exploits0References4

SUSE CVE•added 2023/03/22 4:9 a.m.•1 views

SUSE CVE-2022-47951

An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, a...

8.8CVSS8.6AI score0.00615EPSS

OSV•added 2023/03/21 12:25 p.m.•5 views

SUSE-SU-2023:0844-1 Security update for openstack-cinder, openstack-glance, openstack-neutron-gbp, openstack-nova, python-oslo.utils

This update for openstack-cinder, openstack-glance, openstack-neutron-gbp, openstack-nova, python-oslo.utils contains the following fixes: Security fixes included on this update: openstack-cinder, openstack-glance, openstack-nova: - CVE-2022-47951: Fixed file access control through custom VMDK fl...

5.7CVSS5.9AI score0.00615EPSS

Exploits1References3

RedHat Linux•added 2023/03/15 7:59 p.m.•109 views

Important: Red Hat Security Advisory: Red Hat OpenStack Platform (openstack-nova) security update

An update for openstack-nova is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

5.7CVSS6.7AI score0.00615EPSS

RedHat Linux•added 2023/03/15 7:58 p.m.•37 views

Important: Red Hat Security Advisory: Red Hat OpenStack Platform (python-werkzeug) security update

An update for python-werkzeug is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

7.5CVSS6.8AI score0.00366EPSS

Exploits0References2

RedHat Linux•added 2023/03/15 7:58 p.m.•42 views

Important: Red Hat Security Advisory: Synopsis: Red Hat OpenStack Platform (openstack-cinder) security update

An update for openstack-cinder is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

5.7CVSS6.8AI score0.00615EPSS

RedHat Linux•added 2023/03/15 7:58 p.m.•1 views

openstack: Arbitrary file access through custom VMDK flat descriptor

A flaw was found in OpenStack-nova, Openstack-glance, and Openstack-cinder. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized...

5.7CVSS7.3AI score0.00615EPSS

RedHat Linux•added 2023/03/15 7:58 p.m.•3 views

openstack: Arbitrary file access through custom VMDK flat descriptor

5.7CVSS7.3AI score0.00615EPSS

RedHat Linux•added 2023/03/15 7:58 p.m.•31 views

Important: Red Hat Security Advisory: Synopsis: Red Hat OpenStack Platform (openstack-glance) security update

An update for openstack-glance is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

5.7CVSS6.8AI score0.00615EPSS

RedHat Linux•added 2023/03/15 7:58 p.m.•31 views

Important: Red Hat Security Advisory: Red Hat OpenStack Platform (openstack-swift) security update

An update for openstack-swift is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

6.5CVSS6.7AI score0.00247EPSS

RedHat Linux•added 2023/03/15 7:58 p.m.•3 views

openstack-swift: Arbitrary file access through custom S3 XML entities

A flaw was found in Swift's S3 XML parser. By supplying specially crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This issue impacts both s3api...

6.5CVSS5.8AI score0.00247EPSS