DEBIAN-CVE-2017-7200

An SSRF issue was discovered in OpenStack Glance before Newton. The 'copyfrom' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to...

UBUNTU-CVE-2017-7200

An SSRF issue was discovered in OpenStack Glance before Newton. The 'copyfrom' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to...

CVE-2017-7200

An SSRF issue was discovered in OpenStack Glance before Newton. The 'copyfrom' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to...

CVE-2017-7200

An SSRF issue was discovered in OpenStack Glance before Newton. The 'copyfrom' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to...

CVE-2017-7200

An SSRF issue was discovered in OpenStack Glance before Newton. The 'copyfrom' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to...

CVE-2017-7200

OpenStack Glance before Newton is affected by CVE-2017-7200: an SSRF via the copy_from feature in API v1 lets an attacker create images with a URL like http://localhost:22, enabling masked network port scans and potential internal network enumeration originating from the Glance service. The vulne...

CVE-2017-7200

An SSRF issue was discovered in OpenStack Glance before Newton. The 'copyfrom' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to...

python-oslo-middleware: CatchErrors leaks sensitive values into error logs

An information-disclosure flaw was found in oslo.middleware. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs for example, keystone tokens...

Moderate: Red Hat Security Advisory: python-oslo-middleware security update

An update for python-oslo-middleware is now available for Red Hat OpenStack Platform 9.0 Mitaka. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

puppet-swift: installs config file with world readable permissions

An information-disclosure flaw was discovered in Red Hat OpenStack Platform director's installation of Object Storage swift. During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions...

Moderate: Red Hat Security Advisory: openstack-puppet-modules security update

An update for openstack-puppet-modules is now available for Red Hat OpenStack Platform 9.0 Mitaka. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

Moderate: Red Hat Security Advisory: openstack-puppet-modules security update

An update for openstack-puppet-modules is now available for Red Hat OpenStack Platform 8.0 Liberty. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

Moderate: Red Hat Security Advisory: python-oslo-middleware security update

An update for python-oslo-middleware is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

python-oslo-middleware: CatchErrors leaks sensitive values into error logs

An information-disclosure flaw was found in oslo.middleware. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs for example, keystone tokens...

OpenStack Mistral Local Information Disclosure Vulnerability

OpenStack Mistral is a workflow service that provides flexible task scheduling so that we can run processes according to a specified schedule rather than immediately. OpenStack Mistral suffers from a local information disclosure vulnerability. An attacker can exploit this vulnerability to obtain...

OpenStack Heat Information Disclosure Vulnerability (CNVD-2017-02251)

OpenStack is a cloud platform management program. heat is one of the business process platforms used to help users configure OpenStack-based cloud systems. OpenStack Heat has a security vulnerability that allows a local attacker to exploit the vulnerability to gain access to sensitive information...

OpenStack tripleo-common insecure file permissions vulnerability

OpenStack tripleo-common is a Python library for common code for the TripleO CLI and TripleO UI. OpenStack tripleo-common is vulnerable to an insecure file permission vulnerability. A local attacker can exploit this vulnerability to cause directory traversal and gain root access to the shadowed...

OpenStack Nova-LXD Security Bypass Vulnerability

Nova is the compute organization controller in the OpenStack cloud. All activities that support the lifecycle of instances in an OpenStack cloud are handled by Nova. A security bypass vulnerability exists in OpenStack Nova-LXD, which can be exploited by an attacker to bypass security restrictions...

Moderate: Red Hat Security Advisory: openstack-cinder, openstack-glance, and openstack-nova security update

An update for openstack-nova, openstack-cinder, openstack-glance, and python-oslo-concurrency is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 Kilo for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scorin...

openstack-nova/glance/cinder: Malicious image may exhaust resources

A resource vulnerability in the OpenStack Compute nova, Block Storage cinder, and Image glance services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host...