UBUNTU-CVE-2013-6433

The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file...

PT-2014-3447 · Red Hat +1 · Yum +2

Name of the Vulnerable Software and Affected Versions: OpenStack Heat Templates heat-templates as used in Red Hat Enterprise Linux OpenStack Platform version 4.0 Description: The issue allows man-in-the-middle attackers to prevent updates via unspecified vectors, as OpenStack Heat Templates uses ...

CVE-2013-6433

The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file...

Fedora Update for openstack-neutron FEDORA-2014-6520

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2014-3448 · Red Hat +1 · Yum +2

Name of the Vulnerable Software and Affected Versions: OpenStack Heat Templates heat-templates as used in Red Hat Enterprise Linux OpenStack Platform version 4.0 Description: The issue allows man-in-the-middle attackers to prevent updates via unspecified vectors by disabling SSL protection for...

Moderate: Red Hat Security Advisory: openstack-nova security, bug fix, and enhancement update

Updated openstack-nova packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring...

openstack-nova: Nova host data leak to vm instance in rescue mode

The instance rescue mode in OpenStack Compute Nova 2013.2 before 2013.2.3 and Icehouse before 2014.1, when using libvirt to spawn images and usecowimages is set to false, allows remote authenticated users to read certain compute host files by overwriting an instance disk with a crafted image...

Low: Red Hat Security Advisory: openstack-heat-templates security update

An updated openstack-heat-templates package that fixes three security issues is now available Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Low security impact. Common Vulnerability Scoring System CVSS base scores, which give...

openstack-heat-templates: use of HTTP to download signing keys/code

OpenStack Heat Templates heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, uses an HTTP connection to download 1 packages and 2 signing keys from Yum repositories, which allows man-in-the-middle attackers to prevent updates via unspecified vectors...

openstack-heat-templates: setting gpgcheck=0 for signed packages

OpenStack Heat Templates heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets gpgcheck to 0 for certain templates, which disables GPG signature checking on downloaded packages and allows man-in-the-middle attackers to install arbitrary packages via unspecified vectors...

Moderate: Red Hat Security Advisory: openstack-keystone security and bug fix update

Updated openstack-keystone packages that fix one security issue and various bugs are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base scor...

openstack-horizon: XSS in Horizon orchestration dashboard when using a malicious template

Cross-site scripting XSS vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard aka Horizon 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to inject arbitrary web script or HTML via the description field of a Heat template...

Low: Red Hat Security Advisory: python-django-horizon security update

Updated python-django-horizon packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

foreman-installer: insecure defaults

The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid...

Moderate: Red Hat Security Advisory: openstack-foreman-installer security, bug fix, and enhancement update

An updated openstack-foreman-installer package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common...

openstack-neutron: insufficient authorization checks when creating ports

The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command...

Moderate: Red Hat Security Advisory: openstack-neutron security, bug fix, and enhancement update

Updated openstack-neutron packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability...

openstack-quantum/openstack-neutron: rootwrap sudo config allows potential privilege escalation

No description is available for this CVE...

[SECURITY] Fedora 20 Update: openstack-neutron-2013.2.3-7.fc20

Neutron is a virtual network service for Openstack. Just like OpenStack Nova provides an API to dynamically request and configure virtual servers, Neutron provides an API to dynamically request and configure virtual networks. These networks connect "interfaces" from other OpenStack services e.g.,...

CVE-2014-3801

OpenStack Orchestration API Heat 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL via the resource-type-list...