PYSEC-2020-228

An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0. When using openstack-cinder with the Dell EMC ScaleI...

Default credentials

An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0. When using openstack-cinder with the Dell EMC ScaleI...

PYSEC-2020-228

An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0. When using openstack-cinder with the Dell EMC ScaleI...

CVE-2018-16848

A Denial of Service DoS condition is possible in OpenStack Mistral in versions up to and including 7.0.3. Submitting a specially crafted workflow definition YAML file containing nested anchors can lead to resource exhaustion culminating in a denial of service...

CVE-2020-10755

OpenStack Cinder CVE-2020-10755 affects multiple OpenStack Cinder releases prior to specific upgrades (14.1.0 for 14.x, 15.2.0 for 15.x, 16.1.0 for 16.x) when using Dell EMC ScaleIO or VxFlex OS backends. The vulnerability exposes backend credentials in the connection_info of Block Storage v3 Att...

CVE-2020-10755

An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0. When using openstack-cinder with the Dell EMC ScaleI...

CVE-2020-10755

An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0. When using openstack-cinder with the Dell EMC ScaleI...

The vulnerability of the software for general access to openstack-manila files, related to errors in using standard permissions, allows a perpetrator to gain unauthorized access to common files.

The vulnerability of the openstack-manila software for general access to files is related to errors in the use of standard permissions. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to common files, provided that the value of the UUID...

py39-cinder -- insecure-credentials flaw

OpenStack project reports: An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0. When using openstack-cind...

openstack.10931.n7.nabble.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1184617 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

CVE-2020-10755

An insecure-credentials flaw was found in openstack-cinder. When using openstack-cinder with the Dell EMC ScaleIO or VxFlex OS backend storage driver, credentials for the entire backend are exposed in the connectioninfo element in all Block Storage v3 Attachments API calls containing that element...

Huawei Data Communication: Privilege Escalation Vulnerability in Some Huawei Products (huawei-sa-20181010-01-debug)

A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

The vulnerability of the openstack-mistral component is a platform for building cloud-based OpenStack solutions. It allows an attacker to gain unauthorized access to protected information.

The vulnerability of the openstack-mistral component, a platform for building OpenStack cloud solutions, is related to the lack of protection for operational data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

Cross-Site Scripting (XSS)

python-django-horizon is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the groups panel in openstack dashboard...

Moderate: Red Hat Security Advisory: openstack-manila security update

An update for openstack-manila is now available for Red Hat OpenStack Platform 16 Train. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

openstack-manila: User with share-network UUID is able to show, create and delete shares

An access flaw was found in openstack-manila, where the API did not validate the user/project on commands. A malicious user having the UUID of a share-network could view, update, delete, or share resources that did not belong to them. Attackers could also create resources on shared networks for...

RHEL 8 : openstack-manila (RHSA-2020:2165)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2165 advisory. OpenStack Shared Filesystem Service Manila provides services to manage network filesystems for use by Virtual Machine instances. Security Fixes: User...

SUSE SLES12 Security Update : icu (SUSE-SU-2020:1180-1)

This update for icu fixes the following issues : CVE-2020-10531: Fixed integer overflow in UnicodeString:doAppend bsc1166844. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and...

Privilege Escalation

openstack keystone is vulnerable to privilege escalation. A low-privileged user with a limited role is able to authenticate against Keystone using an EC2 credentials to obtain all project roles of a trust/oauth/applicationcredential owner...

Man-in-the-Middle (MitM)

openstack keystone is vulnerable to man-in-the-middle attack. Lack of signature TTL check to verify the timestamp in the AWS Signature V4 token signature allows an attacker to sniff an Authorization header in a man-in-the-middle attack and reuse the header to reissue openstack tokens...