YAQL: OpenStack Murano Component Information Leakage

A flaw was found in the Murano component of OpenStack. This vulnerability allows ordinary users capable of importing and deploying app packages to access sensitive information within OpenStack services. Specifically, through this exploit, unauthorized users can obtain Murano service account...

RHEL 8 : Red Hat OpenStack Platform 17.1 (openstack-tripleo-heat-templates and python-yaql) (RHSA-2024:1930)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1930 advisory. Heat templates for TripleO YAQL library has a out of the box large set of commonly used functions. Security Fixes: OpenStack Murano Component...

CVE-2024-28717

An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component...

PT-2024-22537 · Openstack · Openstack Storlets

Name of the Vulnerable Software and Affected Versions: OpenStack Storlets version yoga-eom Description: The issue allows a remote attacker to execute arbitrary code via the gateway.py component. Recommendations: For OpenStack Storlets version yoga-eom, at the moment, there is no information about...

OpenStack Storlets 安全漏洞

OpenStack Storlets is an Openstack Swift extension to OpenStack open source. A security vulnerability exists in OpenStack Storlets. A remote attacker can exploit this vulnerability to execute arbitrary code via the gateway.py component...

CVE-2024-28717

CVE-2024-28717 affects OpenStack Storlets (yoga-eom) with a remote code execution risk through the gateway.py component. The connected documents consistently describe arbitrary code execution via gateway.py, but do not provide concrete vendor/version details beyond OpenStack Storlets yoga-eom, no...

CVE-2024-28717

An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component...

RHEL 6 : openstack-keystone (RHSA-2013:0994)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:0994 advisory. The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token,...

RHEL 6 : openstack-keystone (RHSA-2013:1285)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:1285 advisory. The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token,...

RHEL 6 : openstack-cinder (RHSA-2013:1198)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:1198 advisory. The openstack-cinder packages provide OpenStack Volume Cinder, which provides services to manage and access block storage volumes for use by...

CVE-2024-31463

A vulnerability was found in Ironic-image. This issue occurs when setting IRONICREVERSEPROXYSETUP to 'true', which may allow unauthenticated local access to the Ironic API private port without authentication. Mitigation Below are two mitigations for this vulnerability: 1. Switch to using unix...

CVE-2024-31463

Ironic-image is an OpenStack Ironic deployment packaged and configured by Metal3. When the reverse proxy mode is enabled by the IRONICREVERSEPROXYSETUP variable set to true, 1 HTTP basic credentials are validated on the HTTPD side in a separate container, not in the Ironic service itself and 2...

CVE-2024-31463 Ironic-image allows unauthenticated local access to Ironic API

Ironic-image is an OpenStack Ironic deployment packaged and configured by Metal3. When the reverse proxy mode is enabled by the IRONICREVERSEPROXYSETUP variable set to true, 1 HTTP basic credentials are validated on the HTTPD side in a separate container, not in the Ironic service itself and 2...

CVE-2024-31463 Ironic-image allows unauthenticated local access to Ironic API

Ironic-image is an OpenStack Ironic deployment packaged and configured by Metal3. When the reverse proxy mode is enabled by the IRONICREVERSEPROXYSETUP variable set to true, 1 HTTP basic credentials are validated on the HTTPD side in a separate container, not in the Ironic service itself and 2...

CVE-2024-31463

The CVE-2024-31463 entry concerns Ironic-image in reverse proxy mode. When IRONIC_REVERSE_PROXY_SETUP is true, HTTP basic creds are validated in the HTTPD container and Ironic listens on a private port (6388) on localhost, enabling unauthenticated access to the Ironic API for pods/local users on ...

CVE-2024-31463 Ironic-image allows unauthenticated local access to Ironic API

Ironic-image is an OpenStack Ironic deployment packaged and configured by Metal3. When the reverse proxy mode is enabled by the IRONICREVERSEPROXYSETUP variable set to true, 1 HTTP basic credentials are validated on the HTTPD side in a separate container, not in the Ironic service itself and 2...

SUSE CVE-2024-28718

An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the certmanager.py. component...

OpenStack magnum vulnerable to time-of-check to time-of-use (TOCTOU) attack

An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the certmanager.py. component...

GHSA-JX7X-9R98-H5XR OpenStack magnum vulnerable to time-of-check to time-of-use (TOCTOU) attack

An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the certmanager.py. component...

CVE-2024-28718

An issue in OpenStack magnum yoga-eom version allows a remote attacker to execute arbitrary code via the certmanager.py. component...