SUSE CVE-2013-2157

OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password...

SUSE CVE-2013-2256

OpenStack Compute Nova before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:ispublic property, which allows remote authenticated users to obtain sensitive information flavor properties, boot arbitrary flavors, and possibly have other unspecified impacts by...

OpenStack Nova denial of service through compressed disk images

OpenStack Compute Nova Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service host file system disk consumption via a compressed QCOW2 image. NOTE: this issue is due to an incomplete fix for CVE-2013-2096...

OpenStack Compute (Nova) Improper Access Control

OpenStack Compute nova Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for...

OpenStack Identity (Keystone) improper revoking of the authentication token when deleting a user

OpenStack Identity Keystone Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token...

CVE-2015-2687

OpenStack Compute (Nova) vulnerability CVE-2015-2687 affects Icehouse, Juno and Havana. When live migration fails, local users can access VM volumes they normally should not be able to access. The provided connected documents do not specify the underlying root cause, affected component details be...

Nova: insecure directory permissions in snapshots

OpenStack Compute Nova Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots...

nova: Live migration can leak root disk into ephemeral storage

The icreateimagesandbacking aka createimagesandbacking method in libvirt driver in OpenStack Compute Nova Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users vi...

CVE-2013-7130

CVE-2013-7130 affects the OpenStack OpenStack Compute (Nova) libvirt driver when performing KVM live block migration. The i_create_images_and_backing path does not create all expected files, which could let an authenticated attacker obtain the snapshot root disk contents of other users via epheme...

CVE-2013-4463

OpenStack Compute Nova Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service host file system disk consumption via a compressed QCOW2 image. NOTE: this issue is due to an incomplete fix for CVE-2013-2096...

CVE-2013-4463

OpenStack Compute (Nova) in Folsom/Grizzly/Havana does not verify the QCOW2 image’s virtual size, allowing an authenticated local user to cause a denial of service by consuming host disk space with a malicious or oversized image. The issue is noted as an incomplete fix for CVE-2013-2096, and mult...

CVE-2013-4463

OpenStack Compute Nova Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service host file system disk consumption via a compressed QCOW2 image. NOTE: this issue is due to an incomplete fix for CVE-2013-2096...

openstack-keystone: unintentional role granting with Keystone LDAP backend

The LDAP backend in OpenStack Identity Keystone Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges...

CVE-2013-7048

OpenStack Compute Nova Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots...

CVE-2013-7048

CVE-2013-7048 affects OpenStack Nova (Grizzly 2013.1.4, Havana 2013.2.1 and earlier). The libvirt/live-snapshot path permissions were world-writable/world-readable in the temporary directory used for live snapshots, allowing a local attacker with shell access to read and modify snapshots before u...

CVE-2013-7048

OpenStack Compute Nova Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots...

CVE-2013-6419

Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by 1...

CVE-2013-2030

keystone/middleware/authtoken.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova...

CVE-2013-2030

keystone/middleware/authtoken.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova...

CVE-2013-2030

CVE-2013-2030 affects OpenStack Nova (keystone/middleware/auth_token.py) in Folsom, Grizzly, and Havana. It uses an insecure temporary directory to store signing certificates, enabling local users to spoof servers by pre-creating the directory (e.g., /tmp/keystone-signing-nova on Fedora). Several...