Linux Distros Unpatched Vulnerability : CVE-2017-12440

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs...

GHSA-86CV-9GPX-6HWJ Openstack Aodh can be used to launder Keystone trusts

Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with knowledge of trust ID...

Authorisation Bypass

aodh is vulnerable to authorization bypass. When an alarm action with trust+http: scheme is created, it fails to verify that a user providing the trust ID is the trustor or has the same permission as the trustor. In addition, it also fails to verify that the trust is for the same project as the...

OpenStack Security Bypass Vulnerabilities

OpenStack is a cloud platform management project developed by the National Aeronautics and Space Administration in collaboration with Rackspace, U.S.A. Openstack Ocata and Newton are both different versions of it. aodh is one of the Aodh is one of the alerting function modules. Openstack Ocata an...