4 matches found
CVE-2025-3931
A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks,...
RHEL 8 : openstack-selinux (RHSA-2020:4381)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:4381 advisory. The openstack-selinux package is a collection of SELinux policies for running OpenStack on Red Hat Enterprise Linux. Security Fixes: policy flaw allo...
Improper Use Of Flawed Policy
openstack-selinux is using flawed policy. policy flaw allows dbus messaging...
openstack-selinux: policy flaw allows dbus messaging
An improper authorization flaw was discovered in openstack-selinux's applied policy where it does not prevent a non-root user in a container from privilege escalation. A non-root attacker in one or more Red Hat OpenStack RHOSP containers could send messages to the dbus. With access to the dbus, t...