CVE-2022-47950

An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data...

CVE-2022-3100

A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API...

CVE-2022-3100

A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API...

CVE-2022-3100

The CVE-2022-3100 issue affects the openstack-barbican component and enables an access policy bypass via a query string when calling the API. This vulnerability is discussed across multiple sources, with explicit confirmation in the SUSE-SU-2023:0071-1 security update: openstack-barbican Fixes CV...

OpenStack 安全漏洞

OpenStack is a cloud platform management program of the National Aeronautics and Space Administration NASA in the U.S. Swift is one of the storage projects used to store permanent static data. A security vulnerability exists in OpenStack that stems from the fact that by providing a specially...

SUSE-SU-2023:0071-1 Security update for openstack-barbican

This update for openstack-barbican contains the following fix: Security fix included on this update: openstack-barbican: - CVE-2022-3100: Fixed an access policy bypass via query string injection bsc1203873. Update for openstack-barbican: - Add patch for CVE-2022-3100 to address access policy bypa...

SUSE-SU-2023:0070-1 Security update for openstack-barbican, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-neutron, openstack-neutron-gbp

This update for openstack-barbican, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-neutron, openstack-neutron-gbp fixes the following issues: Security fixes included on this update: openstack-barbican: - CVE-2022-3100: Fixed an access policy bypass via query string injection...

SUSE: Security Advisory (SUSE-SU-2023:0061-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cross site scripting

A vulnerability has been found in yanheven console and classified as problematic. Affected by this vulnerability is the function getzonehosts/AvailabilityZonesTable of the file openstackdashboard/dashboards/admin/aggregates/tables.py. The manipulation leads to cross site scripting. The attack can...

OpenStack Horizon 跨站脚本漏洞

OpenStack Horizon is a Django-based project for OpenStack designed to provide complete OpenStack dashboards and an extensible framework for building new dashboards from reusable components. A cross-site scripting vulnerability exists in OpenStack Horizon. An attacker could exploit this...

PT-2023-10140 · Openstack · Openstack Dashboard

Name of the Vulnerable Software and Affected Versions: yanheven console affected versions not specified Description: A vulnerability has been found in the yanheven console, classified as problematic. The issue affects the function get zone hosts/AvailabilityZonesTable of the file openstack...

Fedora 35 : python-virtualbmc (2022-42723b43fe)

The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-42723b43fe advisory. Security fix for CVE-2022-44020 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

Fedora 36 : python-virtualbmc (2022-72b8efd577)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-72b8efd577 advisory. Security fix for CVE-2022-44020 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

CVE-2022-38060

A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges...

CVE-2022-38065

A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly permissive functionality within tools leveraging this library within a container can lead increased privileges...

CVE-2022-38060

A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges...

CVE-2022-38065

A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly permissive functionality within tools leveraging this library within a container can lead increased privileges...

CVE-2022-38060

CVE-2022-38060 describes a privilege-escalation in the sudo functionality of OpenStack Kolla (git master 05194e7618) caused by a misconfiguration in /etc/sudoers inside a container. Connected advisories confirm this vulnerability is addressed by security updates in OpenStack-related components (e...

CVE-2022-38065

The CVE-2022-38065 issue affects the OpenStack oslo.privsep functionality (git master 05194e7618 and earlier). The vulnerability arises from overly permissive privileged operations in tools leveraging this library inside containers, causing privilege escalation. The described impact is High with ...

CVE-2022-38065

A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly permissive functionality within tools leveraging this library within a container can lead increased privileges...