14 matches found
EUVD-2012-0070
Malware in sbrugna...
EUVD-2013-6240
Malware in sbrugna...
SUSE CVE-2012-0030
Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified projectid URI parameter...
SUSE CVE-2022-3100
A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API...
MAL-2022-5101 Malicious code in openstack-api-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 31090ff688f4cfd0017eacf09e0f12f4f4e674cce06594cddfb2c91ffd21272d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in openstack-api-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 31090ff688f4cfd0017eacf09e0f12f4f4e674cce06594cddfb2c91ffd21272d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Moderate: Red Hat Security Advisory: openstack-cinder, openstack-glance, and openstack-nova security update
An update for openstack-nova, openstack-cinder, openstack-glance, and python-oslo-concurrency is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 Kilo for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scorin...
Ubuntu: Security Advisory (USN-1497-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DEBIAN-CVE-2012-0030
Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified projectid URI parameter...
CVE-2012-0030
Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified projectid URI parameter...
Authentication flaw
Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified projectid URI parameter...
CVE-2012-0030
Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified projectid URI parameter...
CVE-2012-0030
CVE-2012-0030 affects Nova 2011.3 and Essex when using the OpenStack API, allowing remote authenticated users to bypass tenant access restrictions via a modified project_id in an OSAPI request. Root cause: insufficient validation of project_id in OSAPI calls. A fix is available in OpenStack Nova ...
Ubuntu 11.10 : nova vulnerability (USN-1326-1)
Nachi Ueno, Rohit Karajgi, and Venkatesan Ravikumar discovered that when Nova is configured to use the OpenStack API, it would not correctly enforce access controls on certain incoming requests. A remote authenticated attacker could exploit this to change resources of arbitrary tenants. Note that...