59 matches found
RHEL 8 : python-paunch and openstack-tripleo-heat-templates (RHSA-2020:3406)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:3406 advisory. Library and utility to launch and manage containers using YAML based configuration data. openstack-tripleo-heat-templates is a collection of OpenStac...
Important: Red Hat Security Advisory: openstack-tripleo-heat-templates security update
An update for openstack-tripleo-heat-templates is now available for Red Hat OpenStack Platform 16.1 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Directory traversal
A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. The sudoers file as installed with OSP's openstack-tripleo-common package is much too permissive. It contains several lines for the mistral user that have wildcards that allow directory traversal...
CVE-2017-2627
A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. The sudoers file as installed with OSP's openstack-tripleo-common package is much too permissive. It contains several lines for the mistral user that have wildcards that allow directory traversal...
CVE-2017-2627
A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. The sudoers file as installed with OSP's openstack-tripleo-common package is much too permissive. It contains several lines for the mistral user that have wildcards that allow directory traversal...
CVE-2017-2627
CVE-2017-2627 affects openstack-tripleo-common as shipped with Red Hat OpenStack Enterprise 10 and 11. The sudoers configuration for the mistral user contains wildcards enabling directory traversal, and it grants passwordless root access to the validations user. These issues create local privileg...
UBUNTU-CVE-2018-10898
A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials...
CVE-2018-10898
A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials...
PYSEC-2018-102
A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials...
openstack-tripleo-heat-templates: Ceph client keyring is world-readable when deployed by director
A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack...
Moderate: Red Hat Security Advisory: openstack-tripleo-common and openstack-tripleo-heat-templates update
An update for openstack-tripleo-common and openstack-tripleo-heat-templates is now available for Red Hat OpenStack Platform 12.0 Pike. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...
CVE-2016-2102
HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network...
CVE-2016-2102
HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network...
Design/Logic Flaw
HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network...
CVE-2016-2102
HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network...
CVE-2016-2102
HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network...
OpenStack tripleo-common insecure file permissions vulnerability
OpenStack tripleo-common is a Python library for common code for the TripleO CLI and TripleO UI. OpenStack tripleo-common is vulnerable to an insecure file permission vulnerability. A local attacker can exploit this vulnerability to cause directory traversal and gain root access to the shadowed...
CVE-2017-2627
A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. The sudoers file as installed with OSP's openstack-tripleo-common package is much too permissive. It contains several lines for the mistral user that have wildcards that allow directory traversal...
openstack-tripleo-heat-templates: unsafe pipeline ordering of swift staticweb middleware
A flaw was discovered in the pipeline ordering of OpenStack Object Storage's staticweb middleware in the swiftproxy configuration generated from the openstack-tripleo-heat-templates package OpenStack director. The staticweb middleware was incorrectly configured before the Identity Service, and...