RHEL 9 : Red Hat OpenStack Platform 17.1 (python-openstackclient) (RHSA-2024:2737)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2737 advisory. python-openstackclient is a unified command-line client for the OpenStack APIs. It is a thin wrapper to the stock python-client modules that implemen...

RHEL 9 : Red Hat OpenStack Platform 17.1 (etcd) (RHSA-2024:2729)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2729 advisory. A highly-available key value store for shared configuration Security Fixes: golang-fips/openssl: Memory leaks in code encrypting and...

RHEL 9 : openstack-tripleo-heat-templates and tripleo-ansible update (Moderate) (RHSA-2024:2736)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2736 advisory. openstack-tripleo-heat-templates is a collection of OpenStack Orchestration templates and tools codename heat, which can be used to help deploy...

RHEL 9 : Red Hat OpenStack Platform 17.1 (python-gunicorn) (RHSA-2024:2727)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2727 advisory. Gunicorn Green Unicorn is a Python WSGI HTTP server for UNIX Security Fixes: HTTP Request Smuggling due to improper validation of Transfer-Encoding...

RHEL 9 : Red Hat OpenStack Platform 17.1 (collectd-sensubility) (RHSA-2024:2730)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2730 advisory. This project aims to provide the possibility to switch from Sensu-based availability monitoring solution to a monitoring solution based on...

RHEL 9 : Red Hat OpenStack Platform 17.1 (openstack-ansible-core) (RHSA-2024:2733)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2733 advisory. An ansible-core rebuild for OpenStack based on python 3.9. Security Fixes: HTML attribute injection when passing user input as keys to xmlattr filter...

RHEL 9 : Red Hat OpenStack Platform 17.1 (python-paramiko) (RHSA-2024:2735)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2735 advisory. Paramiko a combination of the esperanto words for paranoid and friend is a module for python 2.3 or greater that implements the SSH2 protocol for...

RHEL 9 : Red Hat OpenStack Platform 17.1 (python-glance-store) (RHSA-2024:2732)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2732 advisory. OpenStack image service store library Security Fixes: Glance Store access key logged in DEBUG log level CVE-2024-1141 For more details about the...

RHEL 8 : Red Hat OpenStack Platform 17.1 (python-openstackclient) (RHSA-2024:2769)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2769 advisory. python-openstackclient is a unified command-line client for the OpenStack APIs. It is a thin wrapper to the stock python-client modules that implemen...

RHEL 8 : Red Hat OpenStack Platform 17.1 (python-urllib3) (RHSA-2024:2734)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2734 advisory. Python HTTP module with connection pooling and file POST abilities. Security Fixes: Request body not stripped after redirect from 303 status changes...

CVE-2024-4840

An flaw was found in the OpenStack Platform RHOSP director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs...

Red Hat OpenStack Platform 安全漏洞

Red Hat OpenStack Platform is a cloud computing management platform from Red Hat, an American company. A security vulnerability exists in Red Hat OpenStack Platform that stems from the possibility that plaintext passwords could be stored in log files, potentially exposing sensitive information to...

CVE-2024-4840 Rhosp-director: cleartext passwords exposed in logs

An flaw was found in the OpenStack Platform RHOSP director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs...

CVE-2024-4840 Rhosp-director: cleartext passwords exposed in logs

An flaw was found in the OpenStack Platform RHOSP director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs...

CVE-2024-4840

CVE-2024-4840 affects OpenStack Platform (RHOSP) director components, where plaintext passwords can be stored in log files if logging is enabled. The vulnerability is linked to the RHOSP 17.1.4 security update (RHSA-2024:9978) and related heat-templates components, which provides the patch to add...

PT-2024-33096 · Red Hat · Openstack Platform Director

Name of the Vulnerable Software and Affected Versions: OpenStack Platform RHOSP director affected versions not specified Description: A flaw in the OpenStack Platform director allows plaintext passwords to be stored in log files. This can expose sensitive information to anyone with access to the...

RHEL 6 : openstack-heat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - openstack-heat: Template source URL allows network port scan CVE-2016-9185 Note that Nessus has not tested for this...

RHEL 6 : openstack-glance (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openstack-glance: API v1 copyfrom reveals network details CVE-2017-7200 - A vulnerability was found in...

RHEL 6 : openstack-neutron (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openstack-neutron: MAC source address spoofing vulnerability CVE-2016-5363 - The IPTables firewall in...

CVE-2024-4436

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2022-41723. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning ...