Denial Of Service (DoS)

OpenStack Object Storage swift provides object storage in virtual containers, which allows users to store and retrieve files arbitrary data. The service's distributed architecture supports horizontal scaling; redundancy as failure-proofing is provided through software-based data replication...

Denial Of Service

OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access...

Denial Of Service

OpenStack Image service glance provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more...

Cross-site Scripting (XSS)

OpenStack Dashboard Horizon provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. Two security issues were discovered in the Horizon dashboard and are addressed in this update: A cross-site scripting XSS flaw was found in the Horizo...

Denial Of Service (DoS)

OpenStack Image Service glance provides discovery, registration, and delivery services for disk and server images. It provides the ability to copy or snapshot a server image, and immediately store it away. Stored images can be used as a template to get new servers up and running quickly and more...

Denial Of Service (DoS)

OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances and controlling access...

Authentication Bypass

openstack-keystone is vulnerable to authentication bypass. The vulnerability exists as the V3 API updates the issuedat value for UUID v2 tokens, and allows authenticated users to bypass the token expiration to retain access...

Authentication Bypass

openstack-keystone is vulnerable to authentication bypass. The vulnerability exists as it does not properly revoke tokens when a domain is invalidated...

Denial Of Service (DoS)

Red Hat Enterprise Linux OpenStack Platform provides the facilities for building a private or public infrastructure-as-a-service IaaS cloud running on commonly available physical hardware. This update addresses the following issues: This package rebases mariadb-galera to 5.5.42, fixing an issue...

Denial Of Service (DoS)

Red Hat Enterprise Linux OpenStack Platform provides the facilities for building a private or public infrastructure-as-a-service IaaS cloud running on commonly available physical hardware. This update addresses the following issues: This package rebases mariadb-galera to 5.5.42, fixing an issue...

Denial Of Service (DoS)

Red Hat Enterprise Linux OpenStack Platform provides the facilities for building a private or public infrastructure-as-a-service IaaS cloud running on commonly available physical hardware. This update addresses the following issues: This package rebases mariadb-galera to 5.5.42, fixing an issue...

Denial Of Service (DoS)

Red Hat Enterprise Linux OpenStack Platform provides the facilities for building a private or public infrastructure-as-a-service IaaS cloud running on commonly available physical hardware. Changes to the ceph component: In the previous version, launching of nova instances resulted in nova-compute...

Weak Encryption

Red Hat Enterprise Linux OpenStack Platform provides the facilities for building a private or public infrastructure-as-a-service IaaS cloud running on commonly available physical hardware. Changes to the ceph component: In the previous version, launching of nova instances resulted in nova-compute...

Denial Of Service (DoS)

Red Hat Enterprise Linux OpenStack Platform provides the facilities for building a private or public infrastructure-as-a-service IaaS cloud running on commonly available physical hardware. Changes to the ceph component: In the previous version, launching of nova instances resulted in nova-compute...

Information Disclosure

Red Hat Enterprise Linux OpenStack Platform provides the facilities for building a private or public infrastructure-as-a-service IaaS cloud running on commonly available physical hardware. Changes to the ceph component: In the previous version, launching of nova instances resulted in nova-compute...

Denial Of Service (DoS)

Red Hat Enterprise Linux OpenStack Platform provides the facilities for building a private or public infrastructure-as-a-service IaaS cloud running on commonly available physical hardware. Changes to the ceph component: In the previous version, launching of nova instances resulted in nova-compute...

Information Disclosure

openstack-trove is vulnerable to information disclosure. It was found that the processutils.execute and strutils.maskpassword functions did not correctly sanitize the authentication details from their output before storing them in log files. This could allow an attacker with read access to these...

Privilege Escalation

openstack-keystone is vulnerable to privilege escalation. A flaw was found in the way keystone handled trusts. A trustee could use an out-of-scope project ID to gain unauthorized access to a project if the trustor had the required roles for that requested project...

Cross-site Scripting (XSS)

OpenStack Dashboard horizon provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. A cross-site scripting XSS flaw was found in the way orchestration templates were handled. An owner of such a template could use this flaw to perform...

Cross-site Scripting (XSS)

OpenStack Dashboard horizon provides administrators and users with a graphical interface to access, provision, and automate cloud-based resources. A cross-site scripting XSS flaw was found in the way orchestration templates were handled. An owner of such a template could use this flaw to perform...