CVE-2012-5474

The file /etc/openstack-dashboard/localsettings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release python-django-horizon package before 2012.1.1 is world readable and exposes the secret key value...

CVE-2012-5476

OpenStack RHOS Essex Preview (2012.2) dashboard package contains a vulnerability where /etc/quantum/quantum.conf is world readable, exposing the admin password and token value. Affected component: OpenStack dashboard configuration on RHOS Essex Preview 2012.2. Root cause: file permissions misconf...

CVE-2012-5476

Within the RHOS Essex Preview 2012.2 of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value...

CVE-2012-5476

Within the RHOS Essex Preview 2012.2 of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value...

openstack-keystone: Credentials API allows non-admin to list and retrieve all users credentials

A disclosure vulnerability was found in openstack-keystone's credentials API. Users with a project role are able to list any credentials with the /v3/credentials API when enforcescope is false. Information for time-based one time passwords TOTP may also be disclosed. Deployments running keystone...

Important: Red Hat Security Advisory: openstack-keystone security update

An update for openstack-keystone is now available for Red Hat OpenStack Platform 15 Stein. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2019-19687

A disclosure vulnerability was found in openstack-keystone's credentials API. Users with a project role are able to list any credentials with the /v3/credentials API when enforcescope is false. Information for time-based one time passwords TOTP may also be disclosed. Deployments running keystone...

CVE-2013-1793

openstack-utils openstack-db has insecure password creation...

Default credentials

openstack-utils openstack-db has insecure password creation...

CVE-2013-1793

openstack-utils openstack-db has insecure password creation...

CVE-2013-1793

CVE-2013-1793 concerns openstack-utils and openstack-db with insecure password creation. The available connected documents confirm the affected components but do not provide remediation details. NVD metrics indicate a Network attack vector with no authentication required, and a high impact on con...

Information Disclosure

openstack keystone is vulnerable to information disclosure. Any authenticated user is able to list the credentials of any user using the /v3/credentials API when enforcescope is set to false. The leaked credentials include sign-on information for Time-based OTP...

OpenStack Nova Information Disclosure Vulnerability (CNVD-2019-44961)

OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration and Rackspace, Inc. in the U.S. OpenStack Nova is one of the cloud computing construct controllers written in Python. It is part of the IaaS system. An information disclosure...

Security Bulletin: PowerVC is impacted by an OpenStack Neutron vulnerability related to security group rules (CVE-2019-10876)

Summary OpenStack Neutron is vulnerable to a denial of service, caused by a flaw in the neutron-openvswitch-agent. By creating two security groups with separate/overlapping port ranges, a remote authenticated attacker could exploit this vulnerability to prevent Neutron from being able to configur...

Security Bulletin: PowerVC is impacted by an OpenStack Neutron denial of service vulnerability (CVE-2018-14635)

Summary Openstack Neutron is vulnerable to a denial of service, caused by improper validation of user-supplied input. By using specially-crafted content, a remote authenticated attacker could exploit this vulnerability to cause the application to crash. Vulnerability Details CVEID: CVE-2018-14635...

CVE-2019-19687

OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforcescope is false. Users with a role on a project are able to view any other users' credentials,...

CVE-2019-19687

OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforcescope is false. Users with a role on a project are able to view any other users' credentials,...

CVE-2019-19687

OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforcescope is false. Users with a role on a project are able to view any other users' credentials,...

Design/Logic Flaw

OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforcescope is false. Users with a role on a project are able to view any other users' credentials,...

PYSEC-2019-29

OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforcescope is false. Users with a role on a project are able to view any other users' credentials,...