Lucene search
K

73 matches found

Github Security Blog
Github Security Blog
added 2022/05/24 5:11 p.m.63 views

OpenStack Manila Unprivileged users can retrieve, use and manipulate share networks

OpenStack Manila =8.0.0 =9.0.0 9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. Attackers may also create resources, such as shared file systems and groups of shares on such share networks...

8.3CVSS6.6AI score0.01153EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2022/05/13 1:7 a.m.7 views

GHSA-VQ76-5GHR-9P4V Openstack Manila Persistent XSS in Metadata field

Cross-site scripting XSS vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form...

5.4CVSS5AI score0.01266EPSS
Exploits0References11
OSV
OSV
added 2021/08/20 11:3 a.m.6 views

OESA-2021-1317 ceph security update

Ceph is a massively scalable, open-source, distributed storage system that runs on commodity hardware and delivers object, block and file system storage. Security Fixes: A flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway in versions before 14.2.21. The vulnerability is relat...

7.1CVSS6.7AI score0.01627EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2021/06/25 12:0 a.m.50 views

Ubuntu 20.04 LTS : Ceph vulnerabilities (USN-4998-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4998-1 advisory. It was discovered that in some situations Ceph logged passwords from the mgr module in clear text. An attacker could use this to expose sensitive...

7.2CVSS6.9AI score0.02449EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2021/05/06 7:4 p.m.5 views

ceph: User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface...

7.1CVSS7.2AI score0.0031EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2021/02/01 12:0 a.m.34 views

EulerOS 2.0 SP8 : ceph (EulerOS-SA-2021-1136)

According to the versions of the ceph packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Ope...

7.1CVSS7AI score0.01627EPSS
Exploits0References3
Veracode
Veracode
added 2021/01/14 4:52 a.m.26 views

Privilege Escalation

ceph is vulnerable to privilege escalation. The vulnerability exists as user credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila...

7.1CVSS4.4AI score0.0031EPSS
Exploits0References7Affected Software12
RedHat Linux
RedHat Linux
added 2021/01/12 2:58 p.m.2 views

ceph: User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface...

7.1CVSS7.2AI score0.0031EPSS
Exploits0References4
NVD
NVD
added 2020/12/18 9:15 p.m.19 views

CVE-2020-27781

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface...

7.1CVSS7.1AI score0.0031EPSS
Exploits0References4
OSV
OSV
added 2020/12/18 9:15 p.m.32 views

CVE-2020-27781

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface...

7.1CVSS6.6AI score
Exploits0References4
OSV
OSV
added 2020/12/18 9:15 p.m.2 views

DEBIAN-CVE-2020-27781

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface...

7.1CVSS7.5AI score0.0031EPSS
Exploits0References1
OSV
OSV
added 2020/12/18 9:15 p.m.3 views

UBUNTU-CVE-2020-27781

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface...

7.1CVSS7.2AI score0.0031EPSS
Exploits0References4
Cvelist
Cvelist
added 2020/12/18 12:0 a.m.30 views

CVE-2020-27781

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface...

6.9AI score0.0031EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2020/12/18 12:0 a.m.38 views

CVE-2020-27781

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface...

7.1CVSS7.2AI score0.0031EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2020/12/18 12:0 a.m.44 views

CVE-2020-27781

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface...

7.1CVSS7.1AI score0.0031EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2020/12/16 9:35 p.m.29 views

CVE-2020-27781

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface...

7.1CVSS4.4AI score0.0031EPSS
Exploits0References3
CNNVD
CNNVD
added 2020/12/16 12:0 a.m.5 views

OpenStack Security Vulnerabilities

OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration NASA in collaboration with Rackspace in the United States. A security vulnerability exists in OpenStack Manila that stems from the fact that DescriptionUser credentials can be manipulat...

7.1CVSS7.1AI score0.0031EPSS
Exploits0References20
RedHat Linux
RedHat Linux
added 2020/06/24 12:24 p.m.3 views

openstack-manila: User with share-network UUID is able to show, create and delete shares

An access flaw was found in openstack-manila, where the API did not validate the user/project on commands. A malicious user having the UUID of a share-network could view, update, delete, or share resources that did not belong to them. Attackers could also create resources on shared networks for...

8.3CVSS7.3AI score0.01153EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2020/06/24 12:24 p.m.38 views

Moderate: Red Hat Security Advisory: openstack-manila and openstack-manila security update

An update for openstack-manila and openstack-manila is now available for Red Hat OpenStack Platform 13 Queens. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.3CVSS7.2AI score0.01153EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2020/06/24 12:0 a.m.19 views

RHEL 7 : openstack-manila and openstack-manila (RHSA-2020:2729)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2729 advisory. OpenStack Shared Filesystem Service Manila provides services to manage network filesystems for use by Virtual Machine instances. OpenStack Shared...

8.3CVSS7.7AI score0.01153EPSS
Exploits1References6
Rows per page
Query Builder