CVE-2022-3596

CVE-2022-3596 affects OpenStack Platform’s undercloud (instack-undercloud) and is caused by an information disclosure where the rsync daemon can leak data to the undercloud. This unauthenticated, remote-access flaw may allow attackers to inspect sensitive data, including administrator credentials...

CVE-2022-3596 Instack-undercloud: rsync leaks information to undercloud

An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials...

CVE-2022-3261

A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages during the OpenStack overcloud update run, leading to a disclosure of sensitive information problem...

CVE-2022-3261

A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages during the OpenStack overcloud update run, leading to a disclosure of sensitive information problem...

CVE-2022-3261

A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages during the OpenStack overcloud update run, leading to a disclosure of sensitive information problem...

Design/Logic Flaw

A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages during the OpenStack overcloud update run, leading to a disclosure of sensitive information problem...

CVE-2022-3261

A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages during the OpenStack overcloud update run, leading to a disclosure of sensitive information problem...

UBUNTU-CVE-2022-3261

A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages during the OpenStack overcloud update run, leading to a disclosure of sensitive information problem...

CVE-2022-3261 Plain-text passwords saved in /var/log/messages

A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages during the OpenStack overcloud update run, leading to a disclosure of sensitive information problem...

CVE-2022-3261

CVE-2022-3261 affects OpenStack; multiple components log plaintext passwords to /var/log/messages during the OpenStack overcloud update, causing disclosure of sensitive information. The available sources describe the issue and its impact but do not specify affected versions, fixes, or mitigations...

CVE-2022-3261 Plain-text passwords saved in /var/log/messages

A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages during the OpenStack overcloud update run, leading to a disclosure of sensitive information problem...

PT-2023-13087 · Openstack · Openstack

Name of the Vulnerable Software and Affected Versions: OpenStack affected versions not specified Description: A flaw was found in OpenStack, where multiple components show plain-text passwords in /var/log/messages during the OpenStack overcloud update run, leading to a disclosure of sensitive...

CVE-2022-38060

A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla. A misconfiguration in /etc/sudoers within a container can lead to increased privileges. Mitigation /etc/sudoers within the container should use the securepath option to prevent the PATH environment variable...

CVE-2023-40585

ironic-image is a container image to run OpenStack Ironic as part of Metal³. Prior to version capm3-v1.4.3, if Ironic is not deployed with TLS and it does not have API and Conductor split into separate services, access to the API is not protected by any authentication. Ironic API is also listenin...

Authentication flaw

ironic-image is a container image to run OpenStack Ironic as part of Metal³. Prior to version capm3-v1.4.3, if Ironic is not deployed with TLS and it does not have API and Conductor split into separate services, access to the API is not protected by any authentication. Ironic API is also listenin...

CVE-2023-40585 Unauthenticated access to Ironic API

ironic-image is a container image to run OpenStack Ironic as part of Metal³. Prior to version capm3-v1.4.3, if Ironic is not deployed with TLS and it does not have API and Conductor split into separate services, access to the API is not protected by any authentication. Ironic API is also listenin...

CVE-2023-40585 Unauthenticated access to Ironic API

ironic-image is a container image to run OpenStack Ironic as part of Metal³. Prior to version capm3-v1.4.3, if Ironic is not deployed with TLS and it does not have API and Conductor split into separate services, access to the API is not protected by any authentication. Ironic API is also listenin...

Moderate: Red Hat Security Advisory: Release of containers for OSP 16.2.z (Train) director Operator

Red Hat OpenStack Platform RHOSP 16.2.z Train director Operator containers are now available. Release of Red Hat OpenStack Platform RHOSP 16.2.z Train provides these changes:...

OpenStack Horizon 输入验证错误漏洞

OpenStack Horizon is a Django-based project for OpenStack designed to provide complete OpenStack dashboards and an extensible framework for building new dashboards from reusable components. A security vulnerability exists in OpenStack Horizon versions 19.4.0 through 20.1.4 that stems from a...

Ubuntu: Security Advisory (USN-6293-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...