RHEL 6 : openstack-swift-plugin-swift3 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - openstack-swift-plugin3: replay attack - date/date header unvalidated CVE-2015-8466 Note that Nessus has not tested...

The vulnerability of the YAQL component in the interface for managing service configurations in the OpenStack Murano cloud platform, related to the lack of protection for service data, allows a attacker to disclose the protected information.

The vulnerability of the YAQL component in the interface for managing service configurations in the OpenStack Murano cloud platform is related to the lack of protection for operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose the protected...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 director Operator container images security update

Updated container images are now available for director Operator for Red Hat OpenStack Platform 16.2 Train for RHEL 8.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 director Operator container images security update

Updated container images are now available for director Operator for Red Hat OpenStack Platform 17.1 Wallaby for RHEL 9.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...

etcd: Incomplete fix for CVE-2023-39325/CVE-2023-44487 in OpenStack Platform

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Ha...

etcd: Incomplete fix for CVE-2021-44716 in OpenStack Platform

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning ...

etcd: Incomplete fix for CVE-2022-41723 in OpenStack Platform

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2022-41723. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning ...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1 (etcd) security update

An update for etcd is now available for Red Hat OpenStack Platform 16.1 Train on Red Hat Enterprise Linux RHEL 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

RHEL 8 : Red Hat OpenStack Platform 16.1 (etcd) (RHSA-2024:3467)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3467 advisory. A highly-available key value store for shared configuration Security Fixes: Incomplete fix for CVE-2023-39325/CVE-2023-44487 in OpenStack...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (etcd) security update

An update for etcd is now available for Red Hat OpenStack Platform 16.2 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

etcd: Incomplete fix for CVE-2021-44716 in OpenStack Platform

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning ...

etcd: Incomplete fix for CVE-2022-41723 in OpenStack Platform

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2022-41723. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning ...

etcd: Incomplete fix for CVE-2023-39325/CVE-2023-44487 in OpenStack Platform

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Ha...

RHEL 8 : Red Hat OpenStack Platform 16.2 (etcd) (RHSA-2024:3352)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3352 advisory. A highly-available key value store for shared configuration Security Fixes: Incomplete fix for CVE-2023-39325/CVE-2023-44487 in OpenStack...

Moderate: Red Hat Security Advisory: openstack-tripleo-heat-templates and tripleo-ansible update

An update for openstack-tripleo-heat-templates and tripleo-ansible is now available for Red Hat OpenStack Platform 17.1 for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

tripleo-ansible: bind keys are world readable

An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (collectd-sensubility) security update

An update for collectd-sensubility is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

etcd: Incomplete fix for CVE-2023-39325/CVE-2023-44487 in OpenStack Platform

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Ha...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (etcd) security update

An update for etcd is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (python-paramiko) security update

An update for python-paramiko is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...