CVE-2013-0266 Puppetlabs-cinder: packstack: openstack: puppetlabs-cinder: information disclosure of openstack administrative passwords due to world-readable configuration files.

A flaw was found in the puppetlabs-cinder module, as used in PackStack. This vulnerability is due to incorrect file permissions, specifically world-readable permissions, on the cinder.conf and api-paste.ini configuration files. A local user can exploit this by reading these files, which leads to...

PT-2013-2200

Name of the Vulnerable Software and Affected Versions puppetlabs-cinder module affected versions not specified Description The issue concerns the puppetlabs-cinder module, which is used in PackStack. It allows local users to read OpenStack administrative passwords due to world-readable permission...

bindings: Internal entity expansion in Python XML libraries inflicts DoS vulnerabilities

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute Nova Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service resource consumption and crash via an XML...

Moderate: Red Hat Security Advisory: openstack-keystone security, bug fix, and enhancement update

Updated openstack-keystone packages that fix multiple security issues, various bugs, and add enhancements are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base...

bindings: External entity expansion in Python XML libraries inflicts potential security flaws and DoS vulnerabilities

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External...

packstack: puppetlabs-cinder / manifests / base.pp weak file permissions

manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the 1 cinder.conf and 2 api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files...

Moderate: Red Hat Security Advisory: openstack-packstack security and bug fix update

An updated openstack-packstack package that fixes two security issues and several bugs is now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

Fedora 18 : openstack-keystone-2012.2.3-3.fc18 (2013-2916)

security updates: - ensure user and tenant are enabled CVE-2013-0282 - disable XML entity parsing CVE-2013-1664, CVE-2013-1665 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean...

Fedora Update for openstack-keystone FEDORA-2013-2916

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Update for openstack-keystone FEDORA-2013-2916

Check for the Version of openstack-keystone OpenVAS Vulnerability Test Fedora Update for openstack-keystone FEDORA-2013-2916 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

[SECURITY] Fedora 18 Update: openstack-keystone-2012.2.3-3.fc18

Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. This package contains the Keystone daemon...

OpenStack Nova 安全绕过漏洞(CVE-2013-0335)

BUGTRAQ ID: 58189 CVECAN ID: CVE-2013-0335 OpenStack Compute Nova是用Python编写的云计算构造控制器，属于laaS系统的一部分。 OpenStack nova VNC代理可连接到错误的VM，攻击者可利用此漏洞绕过某些安全限制并执行未授权操作。 0 openstack Nova 厂商补丁： openstack --------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://lists.openstack.org/pipermail/openstack-announce/...

CVE-2013-0335

OpenStack Compute Nova Grizzly, Folsom 2012.2, and Essex 2012.1 allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port...

CVE-2013-0212

store/swift.py in OpenStack Glance Essex 2012.1, Folsom 2012.2 before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive...

CVE-2013-0212

store/swift.py in OpenStack Glance Essex 2012.1, Folsom 2012.2 before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive...

Code injection

store/swift.py in OpenStack Glance Essex 2012.1, Folsom 2012.2 before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive...

CVE-2013-0212

store/swift.py in OpenStack Glance Essex 2012.1, Folsom 2012.2 before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive...

PYSEC-2013-37

store/swift.py in OpenStack Glance Essex 2012.1, Folsom 2012.2 before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive...

CVE-2013-0212

The CVE-2013-0212 issue affects OpenStack Glance (Essex/Folsom/Grizzly) in Swift single-tenant mode, where store/swift.py logs the Swift endpoint user name and password in cleartext in error messages when the endpoint is misconfigured or unusable. This allows a remote authenticated user to read s...

CVE-2013-0212

store/swift.py in OpenStack Glance Essex 2012.1, Folsom 2012.2 before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive...