7743 matches found
USN-2034-1: OpenStack Keystone vulnerability
Brant Knudson discovered a logic error in the LDAP backend in Keystone where removing a role on a tenant for a user who does not have that role would instead add the role to the user. An authenticated user could use this to gain privileges. Ubuntu is not configured to use the LDAP Keystone backen...
CVE-2013-6384
1 impldb2.py and 2 implmongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to obtain sensitive information the DB2 or MongoDB password by reading the log file...
DEBIAN-CVE-2013-6384
1 impldb2.py and 2 implmongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to obtain sensitive information the DB2 or MongoDB password by reading the log file...
CVE-2013-6384
1 impldb2.py and 2 implmongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to obtain sensitive information the DB2 or MongoDB password by reading the log file...
CVE-2013-6384
1 impldb2.py and 2 implmongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to obtain sensitive information the DB2 or MongoDB password by reading the log file...
Design/Logic Flaw
1 impldb2.py and 2 implmongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to obtain sensitive information the DB2 or MongoDB password by reading the log file...
CVE-2013-6384
1 impldb2.py and 2 implmongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to obtain sensitive information the DB2 or MongoDB password by reading the log file...
CVE-2013-6384
1 impldb2.py and 2 implmongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to obtain sensitive information the DB2 or MongoDB password by reading the log file...
CVE-2013-6384
CVE-2013-6384 affects OpenStack Ceilometer 2013.2 and earlier. When logging level is INFO, impl_db2.py and impl_mongodb.py log the ceilometer.conf connection string, enabling local users to read sensitive information (DB2 or MongoDB password) from the log file. Multiple sources (SUSE, Ubuntu, Deb...
CVE-2013-4354
The API before 2.1 in OpenStack Image Registry and Delivery Service Glance makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image...
DEBIAN-CVE-2013-6858
Multiple cross-site scripting XSS vulnerabilities in OpenStack Dashboard Horizon 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to 1 "Volumes" or 2 "Network Topology" page...
CVE-2013-4354
The API before 2.1 in OpenStack Image Registry and Delivery Service Glance makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image...
CVE-2013-6858
Multiple cross-site scripting XSS vulnerabilities in OpenStack Dashboard Horizon 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to 1 "Volumes" or 2 "Network Topology" page...
DEBIAN-CVE-2013-4354
The API before 2.1 in OpenStack Image Registry and Delivery Service Glance makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image...
CVE-2013-6858
Multiple cross-site scripting XSS vulnerabilities in OpenStack Dashboard Horizon 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to 1 "Volumes" or 2 "Network Topology" page...
Design/Logic Flaw
The API before 2.1 in OpenStack Image Registry and Delivery Service Glance makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image...
CVE-2013-4354
The API before 2.1 in OpenStack Image Registry and Delivery Service Glance makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in OpenStack Dashboard Horizon 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to 1 "Volumes" or 2 "Network Topology" page...
CVE-2013-6858
CVE-2013-6858 affects OpenStack Horizon (OpenStack Dashboard) 2013.2 and earlier. The root cause is improper sanitization of the Instance Name, enabling cross-site scripting (XSS) on the Volumes and Network Topology pages. Multiple advisories (Ubuntu USN-2062-1, Red Hat RHSA-2014:0365, Debian/OSV...
CVE-2013-4354
The API before 2.1 in OpenStack Image Registry and Delivery Service Glance makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image...