7744 matches found
openstack-puppet-modules: pacemaker configured with default password
It was discovered that the puppet manifests, as provided with the openstack-puppet-modules package, would configure the pcsd daemon with a known default password. If this password was not changed and an attacker was able to gain access to pcsd, they could potentially run shell commands as root...
OpenStack Compute websocket request source incorrect checksum validation hijacking vulnerability
OpenStack is a cloud computing platform developed by Rackspace and NASA to help service providers and on-premises organizations implement cloud infrastructures similar to Amazon EC2 and S3. OpenStack Compute and kilo fails to properly calibrate the source of Websocket requests vulnerability allow...
DEBIAN-CVE-2015-0259
OpenStack Compute Nova before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage...
CVE-2015-0259
OpenStack Compute Nova before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage...
CVE-2015-0259
OpenStack Compute Nova before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage...
UBUNTU-CVE-2015-0259
OpenStack Compute Nova before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage...
CVE-2015-0259
OpenStack Compute Nova before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage...
Authentication flaw
OpenStack Compute Nova before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage...
CVE-2015-0259
OpenStack Compute Nova before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage...
CVE-2015-0259
CVE-2015-0259 affects OpenStack Compute (Nova) prior to specific revisions (OpenStack Nova before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3) where the websocket origin is not validated. This enables remote attackers to hijack a user’s authenticated session for console access via ...
CVE-2015-0259
OpenStack Compute Nova before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage...
Phabricator: SSRF vulnerability (access to metadata server on EC2 and OpenStack)
In bug 50537, haquaman reported a SSRF vulnerability in the meme creation section of Phabricator. Ticket T6755 was created and the HackerOne issue was closed as "Won't fix". T6755 states that "attackers can use the machine's ability to access the network, which may allow them to find services and...
Red Hat redhat-access-plugin for OpenStack Dashboard Arbitrary File Read Vulnerability
Red Hat redhat-access-plugin for OpenStack Dashboard horizon is a technology preview plugin from Red Hat, Inc. that provides seamless, integrated access to Red Hat's subscription services from the Red Hat OpenStack Management Portal. A security vulnerability exists in the 'log-viewing' function i...
CVE-2015-0271
The log-viewing function in the Red Hat redhat-access-plugin before 6.0.3 for OpenStack Dashboard horizon allows remote attackers to read arbitrary files via a crafted path...
CVE-2015-0271
The log-viewing function in the Red Hat redhat-access-plugin before 6.0.3 for OpenStack Dashboard horizon allows remote attackers to read arbitrary files via a crafted path...
Path traversal
The log-viewing function in the Red Hat redhat-access-plugin before 6.0.3 for OpenStack Dashboard horizon allows remote attackers to read arbitrary files via a crafted path...
CVE-2015-0271
The log-viewing function in the Red Hat redhat-access-plugin before 6.0.3 for OpenStack Dashboard horizon allows remote attackers to read arbitrary files via a crafted path...
CVE-2015-0271
CVE-2015-0271 affects Red Hat OpenStack Horizon’s redhat-access-plugin (pre-6.0.3). The vulnerability arises from an unsanitized input in the log-viewing function, allowing an authenticated attacker to read arbitrary files via a crafted path. Impact is reading sensitive files with the web server’...
CVE-2015-0271
The log-viewing function in the Red Hat redhat-access-plugin before 6.0.3 for OpenStack Dashboard horizon allows remote attackers to read arbitrary files via a crafted path...
PT-2015-4555 · Red Hat · Redhat-Access-Plugin
Name of the Vulnerable Software and Affected Versions: Red Hat redhat-access-plugin versions prior to 6.0.3 for OpenStack Dashboard horizon Description: The issue allows remote attackers to read arbitrary files via a crafted path in the log-viewing function. Recommendations: For versions prior to...