CVE-2017-7214

An issue was discovered in exceptionwrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens...

CVE-2017-5936

OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions...

PT-2016-6206 · Openstack · Openstack Ironic

Name of the Vulnerable Software and Affected Versions: OpenStack Ironic versions prior to 4.2.5 Liberty OpenStack Ironic versions 5.x prior to 5.1.2 Mitaka Description: The issue allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC...

CVE-2016-4911

The Fernet Token Provider in OpenStack Identity Keystone 9.0.x before 9.0.1 mitaka allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token...

PYSEC-2016-38

The Fernet Token Provider in OpenStack Identity Keystone 9.0.x before 9.0.1 mitaka allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token...

CVE-2016-4911

The CVE-2016-4911 entry affects OpenStack Identity (Keystone) in the Fernet Token Provider (9.0.x prior to 9.0.1, Mitaka). The root cause is a token rescoping flaw that allows remote authenticated users to bypass access restrictions and potentially prevent revocation of a token chain. This could ...