openstack-ironic-discoverd: potential remote code execution with debug mode enabled

It was discovered that enabling debug mode in openstack-ironic-discoverd also enabled debug mode in the underlying Flask framework. If errors were encountered while Flask was in debug mode, a user experiencing an error might be able to access the debug console effectively, a command shell...

Important: Red Hat Security Advisory: openstack-ironic-discoverd security update

Updated openstack-ironic-discoverd packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

Moderate: Red Hat Security Advisory: openstack-nova secuity and bug fix advisory

Updated OpenStack Compute packages that resolve one security issue and a bug are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for RHEL 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score,...

openstack-nova: network security group changes are not applied to running instances

A vulnerability was discovered in the way OpenStack Compute nova networking handled security group updates; changes were not applied to already running VM instances. A remote attacker could use this flaw to access running VM instances...

openstack-nova: network security group changes are not applied to running instances

A vulnerability was discovered in the way OpenStack Compute nova networking handled security group updates; changes were not applied to already running VM instances. A remote attacker could use this flaw to access running VM instances...

Moderate: Red Hat Security Advisory: openstack-nova security and bug fix advisory

Updated OpenStack Compute packages that resolve various issues are now available for Red Hat Enterprise Linux OpenStack Platform 7.0 for RHEL 7. OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute...

python-rdomanager-oscplugin: NeutronMetadataProxySharedSecret parameter uses default value

It was discovered that Director's NeutronMetadataProxySharedSecret parameter remained specified at the default value of 'unset'. This value is used by OpenStack Networking to sign instance headers; if unchanged, an attacker knowing the shared secret could use this flaw to spoof OpenStack Networki...

openstack-tripleo-heat-templates: Using hardcoded rabbitmq credentials regardless of supplied values

A flaw was found in the director openstack-tripleo-heat-templates where the RabbitMQ credentials defaulted to guest/guest and supplied values in the configuration were not used. As a result, all deployed overclouds used the same credentials guest/guest. A remote non-authenticated attacker could u...

Moderate: Red Hat Security Advisory: Red Hat Enterprise Linux OpenStack Platform 7 director update

Updated packages that fix two security issues and multiple bugs are now available for Red Hat Enterprise Linux OpenStack Platform 7.0 director for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System...

OpenStack Ironic Security Bypass Vulnerability

OpenStack is a cloud platform management project developed by the National Aeronautics and Space Administration and Rackspace, Inc. Ironic is a component that provides bare-metal and virtual machine hypervisor interaction. A security bypass vulnerability exists in OpenStack Ironic. An attacker...

wiki.openstack.org XSS vulnerability

Vulnerable URL: https://wiki.openstack.org/w/thumb.php?f=x%23%3Cbody%09onmousemove=confirm%28%27XSSPOSED%27%29%3E Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 11:07 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa...

SUSE-SU-2015:2220-1 Security update for openstack-nova and openstack-neutron

This update for openstack-nova and openstack-neutron provides various fixes and improvements. openstack-nova: - Fix instance filtering. bsc927625 - Remove error messages from multipath command output before parsing. bsc949529 - Fix live-migration usage of the wrong connector information. - Added...

SUSE-SU-2015:2219-1 Security update for openstack-nova

This update for openstack-nova provides various fixes and improvements: - Fix regression where launched instances in tenants not visible for other users. bsc927625 - Remove error messages from multipath command output before parsing. bsc949529 - Fix live-migration usage of the wrong connector...

OpenStack Swift-on-File任意代码执行漏洞

No description provided by source...

OpenStack Glance安全绕过漏洞

No description provided by source...

OpenStack Swift-on-File Arbitrary Code Execution Vulnerability

OpenStack is an open source project developed by NASA and Rackspace in collaboration to provide software for building and managing public and private clouds. An arbitrary code execution vulnerability exists in OpenStack Swift-on-File, which allows an authenticated remote user to execute arbitrary...

OpenStack Glance Security Bypass Vulnerability

OpenStack is a cloud platform management project developed by the National Aeronautics and Space Administration and Rackspace, Inc. Glance is a project that stores, queries and retrieves virtual machine images. A security bypass vulnerability exists in OpenStack Glance, which can be exploited by ...

CVE-2015-5306

OpenStack Ironic Inspector aka ironic-inspector or ironic-discoverd, when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error...

CVE-2015-5306

OpenStack Ironic Inspector aka ironic-inspector or ironic-discoverd, when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error...

CVE-2015-5242

OpenStack Swift-on-File aka Swiftonfile does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a crafted extended attribute xattrs...