CVE-2021-20238

It was found in OpenShift Container Platform 4 that ignition config, served by the Machine Config Server, can be accessed externally from clusters without authentication. The MCS endpoint port 22623 provides ignition configuration used for bootstrapping Nodes and can include some sensitive data,...

RHEL 8 : Red Hat OpenStack Platform 16.1 (openstack-neutron) (RHSA-2022:0990)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0990 advisory. OpenStack Networking neutron is a virtual network service for OpenStack. Just as OpenStack Compute nova provides an API to dynamically request and...

RHEL 8 : Red Hat OpenStack Platform 16.1 (python-twisted) (RHSA-2022:0982)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0982 advisory. Twisted is a networking engine written in Python, supporting numerous protocols. It contains a web server, numerous chat clients, chat...

RHEL 8 : Red Hat OpenStack Platform 16.1 (openstack-nova) (RHSA-2022:0983)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0983 advisory. OpenStack Compute codename Nova is open source software designed to provision and manage large networks of virtual machines, creating a redundant and...

RHEL 8 : Red Hat OpenStack Platform 16.1 (golang-github-vbatts-tar-split) (RHSA-2022:0988)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0988 advisory. Security Fixes: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet CVE-2021-29923 golang:...

RHEL 8 : Red Hat OpenStack Platform 16.1 (numpy) (RHSA-2022:0987)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0987 advisory. A fast multidimensional array facility for Python Security Fixes: buffer overflow in the PyArrayNewFromDescrint in ctors.c CVE-2021-33430...

RHEL 8 : Red Hat OpenStack Platform 16.1 (golang-qpid-apache) (RHSA-2022:0989)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:0989 advisory. Golang binding library for qpid-proton Security Fixes: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1 (python-twisted) security update

An update for python-twisted is now available for Red Hat OpenStack Platform 16.1 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

openstack-neutron: Routes middleware memory leak for nonexistent controllers

A resource-allocation flaw was found in openstack-neutron. An authenticated attacker could make API requests involving nonexistent controllers causing the API worker to consume increasing amounts of memory. This flaw could be exploited to force API performance degradation or denial of service...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1 (openstack-neutron) security update

An update for openstack-neutron is now available for Red Hat OpenStack Platform 16.1 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1 (golang-github-vbatts-tar-split) security update

An update for golang-github-vbatts-tar-split is now available for Red Hat OpenStack Platform 16.1 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1 (numpy) security update

An update for numpy is now available for Red Hat OpenStack Platform 16.1 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1 (openstack-nova) security update

An update for openstack-nova is now available for Red Hat OpenStack Platform 16.1 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

openstack-nova: novnc allows open redirection

A vulnerability was found in CPython which is used by openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1 (golang-qpid-apache) security update

An update for golang-qpid-apache is now available for Red Hat OpenStack Platform 16.1 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Exposure of Sensitive Information to an Unauthorized Actor in OpenStack tripleo-heat-templates

An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the wwwauthenticateuri parameter which is visible to all end users in configuration files. This would give sensitive...

GHSA-HM3X-JWWF-JPR9 Exposure of Sensitive Information to an Unauthorized Actor in OpenStack tripleo-heat-templates

An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the wwwauthenticateuri parameter which is visible to all end users in configuration files. This would give sensitive...

RHEL 8 : Red Hat OpenStack Platform 16.2 (numpy) (RHSA-2022:1000)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1000 advisory. A fast multidimensional array facility for Python Security Fixes: buffer overflow in the PyArrayNewFromDescrint in ctors.c CVE-2021-33430...

RHEL 8 : Red Hat OpenStack Platform 16.2 (python-oslo-utils) (RHSA-2022:0993)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0993 advisory. The OpenStack Oslo Utility library. Security Fixes: incorrect password masking in debug output CVE-2022-0718 For more details about the security...

RHEL 8 : Red Hat OpenStack Platform 16.2 (python-twisted) (RHSA-2022:0992)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0992 advisory. Twisted is a networking engine written in Python, supporting numerous protocols. It contains a web server, numerous chat clients, chat...