CVE-2022-47951

An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, a...

Design/Logic Flaw

An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, a...

CVE-2022-47951

An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, a...

CVE-2022-47951

An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, a...

CVE-2022-47951

CVE-2022-47951 affects OpenStack components (Cinder, Glance, Nova): by supplying a specially crafted VMDK flat image referencing a backing file path, an authenticated user could cause the server to return the contents of that backing file, enabling unauthorized data access. Affected ranges: Cinde...

CVE-2022-47951

An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, a...

Debian DSA-5327-1 : swift - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5327 advisory. Sebastien Meriot discovered that the S3 API of Swift, a distributed virtual object store, was susceptible to information disclosure. For the stable distribution bullseye,...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 17.0 (python-scciclient) security update

An update for python-scciclient is now available for Red Hat OpenStack Platform 17.0 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

openstack-neutron: unrestricted creation of security groups

An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significa...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 17.0 (openstack-neutron) security update

An update for openstack-neutron is now available for Red Hat OpenStack Platform 17.0 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 17.0 (python-XStatic-Angular) security update

An update for python-XStatic-Angular is now available for Red Hat OpenStack Platform 17.0 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

CVE-2022-47951

A flaw was found in OpenStack-nova, Openstack-glance, and Openstack-cinder. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized...

Denial Of Service (DoS)

openstack-neutron is vulnerable to Denial of Service DoS attacks. A remote authenticated user is able to cause uncontrolled resource consumption via submitting a significant number of requests, resulting in denial of service conditions...

Debian dla-3281 : python-swift - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3281 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-3281-1 [email protected] https://www.debian.org/lts/security/...

OpenStack 路径遍历漏洞

OpenStack is a cloud platform management program of the National Aeronautics and Space Administration NASA. A security vulnerability exists in OpenStack Cinder, glance, and nova, which stems from the fact that by providing a specially created VMDK flat image that references the path to a specific...

RHEL 8 : Red Hat OpenStack Platform 16.2.4 (erlang) (RHSA-2022:8857)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:8857 advisory. Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault...

RHEL 8 : Red Hat OpenStack Platform 16.1.9 (rabbitmq-server) (RHSA-2022:8867)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:8867 advisory. RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and scalable...

RHEL 8 : Red Hat OpenStack Platform 16.1.9 (numpy) (RHSA-2022:8861)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:8861 advisory. A fast multidimensional array facility for Python Security Fixes: NULL pointer dereference in numpy.sort in the PyArrayDescrNew due to missing...

RHEL 8 : Red Hat OpenStack Platform 16.1.9 (python-oslo-utils) (RHSA-2022:8873)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:8873 advisory. The OpenStack Oslo Utility library. Security Fixes: incorrect password masking in debug output CVE-2022-0718 For more details about the security...

RHEL 8 : Red Hat OpenStack Platform 16.1.9 (openstack-neutron) (RHSA-2022:8870)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:8870 advisory. OpenStack Networking neutron is a virtual network service for OpenStack. Just as OpenStack Compute nova provides an API to dynamically request and...