31 matches found
EUVD-2022-3123
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2017-12440
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs...
RHSA-2018:0315 Red Hat Security Advisory: openstack-aodh security update
Bulletin has no description...
RHSA-2017:3227 Red Hat Security Advisory: openstack-aodh security update
Bulletin has no description...
RHEL 7 : openstack-aodh (RHSA-2017:3227)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:3227 advisory. openstack-aodh provides the ability to trigger actions based on defined rules against metric or event data collected by OpenStack Telemetry ceilomete...
RHEL 7 : openstack-aodh (RHSA-2018:0315)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:0315 advisory. openstack-aodh provides the ability to trigger actions based on defined rules against metric or event data collected by OpenStack Telemetry ceilomete...
SUSE CVE-2017-12440
Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with knowledge of trust ID...
Openstack Aodh can be used to launder Keystone trusts
Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with knowledge of trust ID...
GHSA-86CV-9GPX-6HWJ Openstack Aodh can be used to launder Keystone trusts
Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with knowledge of trust ID...
Authorisation Bypass
aodh is vulnerable to authorization bypass. When an alarm action with trust+http: scheme is created, it fails to verify that a user providing the trust ID is the trustor or has the same permission as the trustor. In addition, it also fails to verify that the trust is for the same project as the...
openstack-aodh: Aodh can be used to launder Keystone trusts
A verification flaw was found in openstack-aodh. As part of an HTTP alarm action, a user could pass in a trust ID. However, the trust could be from anyone because it was not verified. Because the trust was then used by openstack-aodh to obtain a keystone token for the alarm action, a malicious us...
Moderate: Red Hat Security Advisory: openstack-aodh security update
An update for openstack-aodh is now available for Red Hat OpenStack Platform 11.0 Ocata. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
openstack-aodh: Aodh can be used to launder Keystone trusts
A verification flaw was found in openstack-aodh. As part of an HTTP alarm action, a user could pass in a trust ID. However, the trust could be from anyone because it was not verified. Because the trust was then used by openstack-aodh to obtain a keystone token for the alarm action, a malicious us...
SUSE-SU-2017:2627-1 Security update for openstack-aodh
This update for openstack-aodh fixes the following security issues: - CVE-2017-12440: Aodh did not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allowed remote authenticated users with knowledge of trust IDs where Aodh is the trustee to obta...
Authorisation Bypass
aodh is vulnerable to authorization bypass. When an alarm action with trust+http: scheme is created, it fails to verify that a user providing the trust ID is the trustor or has the same permission as the trustor. In addition, it also fails to verify that the trust is for the same project as the...
OpenStack Security Bypass Vulnerabilities
OpenStack is a cloud platform management project developed by the National Aeronautics and Space Administration in collaboration with Rackspace, U.S.A. Openstack Ocata and Newton are both different versions of it. aodh is one of the Aodh is one of the alerting function modules. Openstack Ocata an...
Debian DSA-3953-1 : aodh - security update
Zane Bitter from Red Hat discovered a vulnerability in Aodh, the alarm engine for OpenStack. Aodh does not verify that the user creating the alarm is the trustor or has the same rights as the trustor, nor that the trust is for the same project as the alarm. The bug allows that an authenticated us...
[SECURITY] [DSA 3953-1] aodh security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3953-1 [email protected] https://www.debian.org/security/ Luciano Bello August 23, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3953-1] aodh security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3953-1 [email protected] https://www.debian.org/security/ Luciano Bello August 23, 2017 https://www.debian.org/security/faq -...
DSA-3953-1 aodh - security update
Bulletin has no description...