openstack-swift: Proxy to server DoS through Large Objects

A memory-leak issue was found in OpenStack Object Storage swift, in the proxy-to-server connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption...

openstack-swift: Information leak via Swift tempurls

A flaw was discovered in the OpenStack Object Storage service swift TempURLs. An attacker in possession of a TempURL key with PUT permissions could gain read access to other objects in the same project tenant...

openstack-swift: Client to proxy DoS through Large Objects

A memory-leak issue was found in OpenStack Object Storage swift, in the client-to-proxy connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption...

Moderate: Red Hat Security Advisory: openstack-swift security update

Updated openstack-swift packages that fix two security issues are now available for Red Hat Gluster Storage 3.1 update 2 in Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which gi...

openstack-swift: Proxy to server DoS through Large Objects

A memory-leak issue was found in OpenStack Object Storage swift, in the proxy-to-server connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption...

openstack-swift: Information leak via Swift tempurls

A flaw was discovered in the OpenStack Object Storage service swift TempURLs. An attacker in possession of a TempURL key with PUT permissions could gain read access to other objects in the same project tenant...

Moderate: Red Hat Security Advisory: openstack-swift security update

Updated openstack-swift packages that fix two security issues are now available for Red Hat Gluster Storage 3.1 update 2 in Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which gi...

openstack-swift: Client to proxy DoS through Large Objects

A memory-leak issue was found in OpenStack Object Storage swift, in the client-to-proxy connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption...

Low: Red Hat Security Advisory: openstack-glance security update

Updated openstack-glance packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 6.0 Juno for RHEL 7. Red Hat Product Security has rated this update as having a Low security impact. Common Vulnerability Scoring System CVSS base scores, which give...

openstack-glance: Glance image status manipulation through locations

An authorization vulnerability in OpenStack Image service was discovered, which allowed image-status manipulation using locations. By removing the last location of an image, an authenticated user could change the status from 'active' to 'queue'. A malicious tenant could exploit this flaw to...

OpenStack Glance Security Bypass Vulnerability

OpenStack is a cloud platform management project. glance is one of the projects that can store, query and retrieve virtual machine images. A security vulnerability exists in OpenStack Glanc that allows an attacker to exploit the vulnerability to bypass security restrictions and perform unauthoriz...

openstack-heat: Vulnerability in Heat template validation leading to DoS

A vulnerability was discovered in the OpenStack Orchestration service heat, where a specially formatted template could be used to trick the heat-engine service into opening a local file. Although the file contents are never disclosed to the end user, an OpenStack-authenticated attacker could use...

Moderate: Red Hat Security Advisory: openstack-heat bug fix and security advisory

Updated openstack-heat packages that fix one security issue and resolve various bugs are now available for Red Hat Enterprise Linux OpenStack Platform 7.0 Kilo for RHEL 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS...

OpenStack Settings

Binary data openstacksettings.nbin...

OpenStack Compliance Checks

Binary data openstackcompliancecheck.nbin...

Multiple OpenStack Products Access Bypass Vulnerabilities

OpenStack Identity Keystone is a project developed by the National Aeronautics and Space Administration and Rackspace in the United States for authentication, providing identity, token, directory and policy services. OpenStack keystonemiddleware formerly known as python-keystoneclient is one of t...

openstack-swift: Proxy to server DoS through Large Objects

A memory-leak issue was found in OpenStack Object Storage swift, in the proxy-to-server connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption...

openstack-swift: Client to proxy DoS through Large Objects

A memory-leak issue was found in OpenStack Object Storage swift, in the client-to-proxy connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption...

Moderate: Red Hat Security Advisory: openstack-swift security update

Updated openstack-swift packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 7.0. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

openstack-swift: Client to proxy DoS through Large Objects

A memory-leak issue was found in OpenStack Object Storage swift, in the client-to-proxy connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption...