GHSA-P9WQ-MJH8-Q72M OpenStack keystonemiddleware and python-keystoneclient vulnerable to man-in-the-middle attacks

The s3token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct...

OpenStack keystonemiddleware and python-keystoneclient vulnerable to man-in-the-middle attacks

The s3token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct...

GHSA-RHJJ-F6GQ-6GX2 OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in the Orchestration/Stack section in OpenStack Dashboard Horizon 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handl...

OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in the Orchestration/Stack section in OpenStack Dashboard Horizon 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handl...

GHSA-9HCJ-H2QC-689P OpenStack Cinder file disclosure in image convert

OpenStack Cinder before 2014.1.5 icehouse, 2014.2.x before 2014.2.4 juno, and 2015.1.x before 2015.1.1 kilo allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command...

OpenStack Cinder file disclosure in image convert

OpenStack Cinder before 2014.1.5 icehouse, 2014.2.x before 2014.2.4 juno, and 2015.1.x before 2015.1.1 kilo allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command...

GHSA-H737-Q6G6-8WR6 OpenStack Glance Denial of service by creating a large number of images

OpenStack Image Registry and Delivery Service Glance 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service disk consumption by creating a large number of images using the task v2 API and then deleting them before the uploads...

OpenStack Glance Denial of service by creating a large number of images

OpenStack Image Registry and Delivery Service Glance 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service disk consumption by creating a large number of images using the task v2 API and then deleting them before the uploads...

GHSA-4JP4-3C62-R8JV OpenStack Glance Denial of service by creating a large number of images

OpenStack Image Registry and Delivery Service Glance 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service disk consumption by creating a large number of images using the task v2 API and then deleting them, a different...

OpenStack Glance Denial of service by creating a large number of images

OpenStack Image Registry and Delivery Service Glance 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service disk consumption by creating a large number of images using the task v2 API and then deleting them, a different...

GHSA-4PMP-38HF-RMWJ OpenStack Neutron allows remote authenticated users to cause a denial of service

OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service crash or long firewall rule updates by creating a large number of allowed address pairs...

OpenStack Neutron allows remote authenticated users to cause a denial of service

OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service crash or long firewall rule updates by creating a large number of allowed address pairs...

GHSA-479J-JF2P-38PG OpenStack Glance improper validation of the image_size_cap configuration option

OpenStack Image Registry and Delivery Service Glance before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the imagesizecap configuration option, which allows remote authenticated users to cause a denial of service disk consumption by...

OpenStack Glance improper validation of the image_size_cap configuration option

OpenStack Image Registry and Delivery Service Glance before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the imagesizecap configuration option, which allows remote authenticated users to cause a denial of service disk consumption by...

GHSA-J6MR-CM6X-H6JG OpenStack Glance Server-Side Request Forgery (SSRF)

An SSRF issue was discovered in OpenStack Glance before Newton. The 'copyfrom' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to...

OpenStack Glance Server-Side Request Forgery (SSRF)

An SSRF issue was discovered in OpenStack Glance before Newton. The 'copyfrom' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to...

GHSA-WMHW-FVG9-87FC OpenStack Glance Signature Verification Bypass

The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision...

OpenStack Glance Signature Verification Bypass

The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision...

GHSA-97FV-22HC-MRGJ OpenStack Compute (Nova) Improper Access Control

OpenStack Compute nova Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for...

OpenStack Compute (Nova) Improper Access Control

OpenStack Compute nova Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for...