USN-6067-1 neutron vulnerabilities

David Sinquin discovered that OpenStack Neutron incorrectly handled the default Open vSwitch firewall rules. An attacker could possibly use this issue to impersonate the IPv6 addresses of other systems on the network. This issue only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. CVE-2021-20267...

USN-6066-1 heat vulnerability

It was discovered that OpenStack Heat incorrectly handled certain hidden parameter values. A remote authenticated user could possibly use this issue to obtain sensitive data...

USN-6066-1: OpenStack Heat vulnerability

It was discovered that OpenStack Heat incorrectly handled certain hidden parameter values. A remote authenticated user could possibly use this issue to obtain sensitive data...

OpenStack 安全漏洞

OpenStack is a cloud platform management program of the National Aeronautics and Space Administration NASA. A security vulnerability exists in OpenStack cinder that stems from a lack of consistency between Cinder and Nova...

PT-2023-2882 · Openstack +3 · Openstack +3

Name of the Vulnerable Software and Affected Versions: OpenStack affected versions not specified Description: A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit thi...

SUSE: Security Advisory (SUSE-SU-2023:1914-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2023:1824-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2023:1837-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2023:2069-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Information Disclosure

openstack-heat is vulnerable to Information Disclosure. The vulnerability exists because the getenvironment function of service.py does not mask hidden parameter values, which allows an attacker to get sensitive data through the get stack environment API even when the encryptparametersandproperti...

Low: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (openstack-nova) security update

An update for openstack-nova is now available for Red Hat OpenStack Platform 16.2 Train. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

SUSE CVE-2023-1633

A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials...

SUSE CVE-2023-1636

A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is...

SUSE: Security Advisory (SUSE-SU-2023:1941-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-1636

A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is...

CVE-2023-1633

A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials...

SUSE-SU-2023:1949-1 Security update for openstack-cinder, openstack-nova, python-oslo.utils

This update for openstack-cinder, openstack-nova, python-oslo.utils contains the following fixes: Security fixes included on this update: openstack-cinder, openstack-nova: - CVE-2022-47951: Fixed file access control through custom VMDK flat descriptor. bsc1207321 Non-security changes included on...

barbican 安全漏洞

barbican is an OpenStack key management service, API server. A security vulnerability exists in barbican that stems from a container isolation flaw in Red Hat OpenStack that allows an attacker to have limited authentication and access to the Barbican container, potentially allowing access to othe...

barbican 安全漏洞

barbican is an OpenStack key management service, API server. A security vulnerability exists in barbican that stems from the barbican configuration file being set to globally readable in Red Hat OpenStack, which poses a security risk because it allows an attacker with limited access to the file t...

MGASA-2023-0139 Updated ceph packages fix security vulnerability

Openstack manilla owning a Ceph File system "share", enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system...