2322 matches found
OpenStack security vulnerabilities
User authorization vulnerabilities...
USN-1641-1: OpenStack Keystone vulnerabilities
Vijaya Erukala discovered that Keystone did not properly invalidate EC2-style credentials such that if credentials were removed from a tenant, an authenticated and authorized user using those credentials may still be allowed access beyond the account owner's expectations. CVE-2012-5571 It was...
[SECURITY] Fedora 18 Update: python-django-horizon-2012.2-4.fc18
Horizon is a Django application for providing Openstack UI components. It allows performing site administrator viewing account resource usage, configuring users, accounts, quotas, flavors, etc. and end user operations start/stop/delete instances, create/restore snapshots, view instance VNC consol...
[SECURITY] Fedora 18 Update: openstack-glance-2012.2-3.fc18
OpenStack Image Service code-named Glance provides discovery, registratio n, and delivery services for virtual disk images. The Image Service API server provides a standard REST interface for querying information about virtual d isk images stored in a variety of back-end stores, including OpenSta...
CVE-2012-4573
The v1 API in OpenStack Glance Grizzly, Folsom 2012.2, and Essex 2012.1 allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482...
CVE-2012-4573
The v1 API in OpenStack Glance Grizzly, Folsom 2012.2, and Essex 2012.1 allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482...
PYSEC-2012-30
The v2 API in OpenStack Glance Grizzly, Folsom 2012.2, and Essex 2012.1 allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573...
CVE-2012-4573
The v1 API in OpenStack Glance Grizzly, Folsom 2012.2, and Essex 2012.1 allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482...
CVE-2012-4573
The CVE-2012-4573 issue affects the v1 API of OpenStack Glance (Grizzly, Folsom 2012.2, Essex 2012.1), where remote authenticated users could delete arbitrary non‑protected images via an image deletion request. The vulnerability is tied to an incomplete/faulty fix; related advisories confirm ongo...
CVE-2012-5482
The CVE-2012-5482 vulnerability affects OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) where the v2 API allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. Root cause noted as an incomplete fix for CVE-2012-4573. Connected advis...
CVE-2012-5482
The v2 API in OpenStack Glance Grizzly, Folsom 2012.2, and Essex 2012.1 allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573...
CVE-2012-5482
The v2 API in OpenStack Glance Grizzly, Folsom 2012.2, and Essex 2012.1 allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573...
[USN-1626-1] Glance vulnerability
========================================================================== Ubuntu Security Notice USN-1626-1 November 08, 2012 glance vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
USN-1626-1: Glance vulnerability
Gabe Westmaas discovered that Glance did not always properly enforce access controls when deleting images. An authenticated user could delete arbitrary images by using the v1 API under certain circumstances...
[SECURITY] Fedora 17 Update: python-django-horizon-2012.1.3-1.fc17
Horizon is a Django application for providing Openstack UI components. It allows performing site administrator viewing account resource usage, configuring users, accounts, quotas, flavors, etc. and end user operations start/stop/delete instances, create/restore snapshots, view instance VNC consol...
CVE-2012-4406
OpenStack Object Storage swift before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object...
Design/Logic Flaw
OpenStack Object Storage swift before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object...
CVE-2012-4406
OpenStack Object Storage swift before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object...
CVE-2012-4406
OpenStack Object Storage swift before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object...
[SECURITY] Fedora 17 Update: openstack-swift-1.4.8-3.fc17
OpenStack Object Storage swift aggregates commodity servers to work toget her in clusters for reliable, redundant, and large-scale storage of static obje cts. Objects are written to multiple hardware devices in the data center, with t he OpenStack software responsible for ensuring data replicatio...