CVE-2026-22797

An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The externaloauth2token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged...

CVE-2026-22797

CVE-2026-22797 : OpenStack keystonemiddleware vulnerable to header sanitization flaw in external_oauth2_token middleware. Attackers can forge identity headers (X-Is-Admin-Project, X-Roles, X-User-Id) to escalate privileges or impersonate other users, impacting all deployments using this middlewar...

CVE-2024-41961

Elektra is an opinionated Openstack Dashboard for Operators and Consumers of Openstack Services. A code injection vulnerability was found in the live search functionality of the Ruby on Rails based Elektra web application. An authenticated user can craft a search term containing Ruby code, which...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-yaql (UTSA-2026-000170)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000170 advisory. In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied...

PT-2026-3233

Name of the Vulnerable Software and Affected Versions OpenStack affected versions not specified Description An issue exists in OpenStack’s keystonemiddleware component that could allow for privilege escalation or impersonation. An authenticated attacker may be able to elevate their privileges or...

PT-2026-20315

Name of the Vulnerable Software and Affected Versions OpenStack Nova affected versions not specified Description The software calls qemu-img without format restrictions when resizing images. A malicious QCOW header could potentially convince Nova's flat image backend to execute an unsafe image...

YAOOK Operator 安全漏洞

YAOOK Operator is an automated control component for deploying and managing OpenStack cloud services from YAOOK Germany. A security vulnerability exists in YAOOK Operator, which stems from improperly configured replication security and could lead to the disclosure of database contents...

Authentication Bypass

OpenStack Keystone is vulnerable to Authentication Bypass. The vulnerability is due to improper validation of AWS Signature-based requests in token endpoints, which allows an attacker to gain unauthorized Keystone access using crafted requests...

Ubuntu 22.04 LTS : OpenStack Keystone vulnerabilities (USN-7926-1)

The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7926-1 advisory. Kay discovered that OpenStack Keystone incorrectly handled the ec2tokens and s3tokens APIs. A remote attacker could possibly use this issue to obtain...

RHSA-2025:22969 Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (libwebsockets) security update

Bulletin has no description...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (libwebsockets) security update

An update for libwebsockets is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1.12 director Operator container images

Updated container images are now available for director Operator for Red Hat OpenStack Platform 17.1.12 Wallaby for RHEL 9.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

[SECURITY] Fedora 41 Update: restic-0.18.1-1.fc41

Fast, secure, efficient backup program. restic supports the following backends for storing backups natively: Local directory sftp server via SSH HTTP REST server protocol, rest-server Amazon S3 either from Amazon or using the Minio server OpenStack Swift BackBlaze B2 Microsoft Azure Blob Storage...

[SECURITY] Fedora 42 Update: restic-0.18.1-1.fc42

Fast, secure, efficient backup program. restic supports the following backends for storing backups natively: Local directory sftp server via SSH HTTP REST server protocol, rest-server Amazon S3 either from Amazon or using the Minio server OpenStack Swift BackBlaze B2 Microsoft Azure Blob Storage...

[SECURITY] Fedora 43 Update: restic-0.18.1-1.fc43

Fast, secure, efficient backup program. restic supports the following backends for storing backups natively: Local directory sftp server via SSH HTTP REST server protocol, rest-server Amazon S3 either from Amazon or using the Minio server OpenStack Swift BackBlaze B2 Microsoft Azure Blob Storage...

Debian dla-4391 : python3-mistralclient - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4391 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4391-1 [email protected] https://www.debian.org/lts/security/...

Linux Distros Unpatched Vulnerability : CVE-2021-4472

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of...

SUSE CVE-2021-4472

The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of arbitrary local files content...

EUVD-2021-34723

The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of arbitrary local files content...

OpenStack's Mistral Client has a local file inclusion vulnerability

The mistral-dashboard plugin for openstack has a local file inclusion vulnerability through the 'Create Workbook' feature that may result in disclosure of arbitrary local files content...