openstack-swift: Swift metadata constraints are not correctly enforced

A flaw was found in the metadata constraints in OpenStack Object Storage swift. By adding metadata in several separate calls, a malicious user could bypass the maxmetacount constraint, and store more metadata than allowed by the configuration...

openstack-glance: user storage quota bypass

A storage quota bypass flaw was found in OpenStack Image glance. If an image was deleted while it was being uploaded, it would not count towards a user's quota. A malicious user could use this flaw to deliberately fill the backing store, and cause a denial of service...

Low: Red Hat Security Advisory: openstack-glance security and bug fix update

Updated openstack-glance packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System...

Important: Red Hat Security Advisory: redhat-access-plugin security update

An updated redhat-access-plugin-openstack package that fixes one security issue is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring...

dashboard: log file arbitrary file retrieval

It was found that the local log-viewing function of the redhat-access-plugin for OpenStack Dashboard horizon did not sanitize user input. An authenticated user could use this flaw to read an arbitrary file with the permissions of the web server...

Important: Red Hat Security Advisory: redhat-access-plugin security update

An updated redhat-access-plugin-openstack package that fixes one security issue is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring...

Important: Red Hat Security Advisory: openstack-foreman-installer security update

Updated Red Hat Enterprise Linux OpenStack Platform Installer packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security...

openstack-puppet-modules: pacemaker configured with default password

It was discovered that the puppet manifests, as provided with the openstack-puppet-modules package, would configure the pcsd daemon with a known default password. If this password was not changed and an attacker was able to gain access to pcsd, they could potentially run shell commands as root...

Red Hat openstack-puppet-modules trust management vulnerability

Red Hat openstack-puppet-modules is a Red Hat implementation of Puppet a configuration management tool based on a client/server architecture capable of configuring core OpenStack services. A security vulnerability in the puppet manifests in Red Hat openstack-puppet-modules versions prior to...

CVE-2015-1842

The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors...

Default credentials

The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors...

CVE-2015-1842

The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors...

CVE-2015-1842

CVE-2015-1842 relates to Red Hat OpenStack modules where the puppet manifests in the openstack-puppet-modules package were configured with a known default password for the pcsd daemon (CHANGEME). If this password is not changed and an attacker can access pcsd remotely, they could execute arbitrar...

PT-2015-1274 · Openstack · Openstack Puppet Module

Name of the Vulnerable Software and Affected Versions: openstack-puppet-modules versions prior to 2014.2.13-2 Description: The issue concerns the use of a default password 'CHANGEME' for the pcsd daemon in the openstack-puppet-modules package. This allows remote attackers to execute arbitrary she...

Important: Red Hat Security Advisory: qemu-kvm-rhev security update

Updated qemu-kvm-rhev packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base scor...

openstack-puppet-modules: pacemaker configured with default password

It was discovered that the puppet manifests, as provided with the openstack-puppet-modules package, would configure the pcsd daemon with a known default password. If this password was not changed and an attacker was able to gain access to pcsd, they could potentially run shell commands as root...

Important: Red Hat Security Advisory: openstack-packstack and openstack-puppet-modules security and bug fix update

Updated openstack-packstack and openstack-puppet-modules packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring...

openstack-nova: console Cross-Site WebSocket hijacking

It was discovered that the OpenStack Compute nova console websocket did not correctly verify the origin header. An attacker could use this flaw to conduct a cross-site websocket hijack attack. Note that only Compute setups with VNC or SPICE enabled were affected by this flaw...

Important: Red Hat Security Advisory: openstack-nova security, bug fix, and enhancement update

Updated openstack-nova packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System...

Important: Red Hat Security Advisory: Red Hat Enterprise Linux OpenStack Platform Installer update

Updated Red Hat Enterprise Linux OpenStack Platform Installer packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability...