CVE-2024-53916

In OpenStack Neutron before 25.0.1, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. It does not apply the proper policy check for changing network tags. An unprivileged tenant is able to change add and clear tags on network objects that do not belong to the tenant...

CVE-2024-53916

CVE-2024-53916 affects OpenStack Neutron prior to 25.0.1. The root cause is an incorrect ID in neutron/extensions/tagging.py during policy enforcement, causing the policy check for changing network tags to be bypassed. As a result, an unprivileged tenant can add or clear tags on network objects t...

openstack-tripleo-common: RHOSP Director Disables TLS Verification for Registry Mirrors

A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform RHOSP director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a...

Moderate: Red Hat Security Advisory: RHOSP 17.1.4 (openstack-tripleo-common and python-tripleoclient) security update

An update for openstack-tripleo-common and python-tripleoclient is now available for Red Hat OpenStack Platform RHOSP 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Important: Red Hat Security Advisory: RHOSP 17.1.4 (openstack-ironic) security update

An update for openstack-ironic is now available for Red Hat OpenStack Platform RHOSP 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

openstack-ironic: Specially crafted image may allow authenticated users to gain access to potentially sensitive data

A vulnerability was found in OpenStack Ironic. This flaw allows an authenticated user to use a specially crafted image to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data...

rhosp-director: cleartext passwords exposed in logs

An flaw was found in the OpenStack Platform RHOSP director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs...

Moderate: Red Hat Security Advisory: RHOSP 17.1.4 (openstack-tripleo-heat-templates) security update

An update for openstack-tripleo-heat-templates is now available for Red Hat OpenStack Platform RHOSP 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

Moderate: Red Hat Security Advisory: RHOSP 17.1.4 (openstack-tripleo-common and python-tripleoclient) security update

An update for openstack-tripleo-common and python-tripleoclient is now available for Red Hat OpenStack Platform RHOSP 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

ROS-20241121-02

A vulnerability in the Access Rule Handler component of the Openstack cloud services platform involves manipulation of the of input data. Exploitation of the vulnerability could allow an attacker acting remotely to affect the integrity of the system. affect the integrity of the system...

Race Condition

OpenStack is vulnerable to Race Condition. The vulnerability is due to inadequate validation when deleting non-existent access rules, leading to the removal of unrelated existing access rules that lack application credential associations...

GHSA-2PPF-2M6F-6V6F OpenStack improperly deletes access rules

A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials...

OpenStack improperly deletes access rules

A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials...

CVE-2023-6110

A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials...

CVE-2023-6110

A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials...

CVE-2023-6110

A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials...

DEBIAN-CVE-2023-6110

A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials...

catalystcloud-client (=1.0.0), python-esiclient (>=0.2.5 <=1.0.0) +1 more potentially affected by CVE-2023-6110 via python-openstackclient (>=6.0.1 <=6.2.1)

python-openstackclient PYPI version =6.0.1, =0.2.5, =0.2.3, =1.0.0 Source cves: CVE-2023-6110 Source advisory: SNYK:PYTHON-PYTHONOPENSTACKCLIENT-8383399...

CVE-2023-6110 Openstack: deleting a non existing access rule deletes another existing access rule in it's scope

A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials...

CVE-2023-6110 Openstack: deleting a non existing access rule deletes another existing access rule in it's scope

A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials...