7806 matches found
OpenStack Neutron Security Feature Issue Vulnerability
OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration NASA in collaboration with Rackspace, Inc. in the U.S. Neutron is one of the networking components that provides Network-as-a-Service NaaS, which enables the creating networks between...
Debian DSA-4409-1 : neutron - security update
Erik Olof Gunnar Andersson discovered that incorrect validation of port settings in the iptables security group driver of Neutron, the OpenStack virtual network service, could result in denial of service in a multi tenant setup. C Tenable Network Security, Inc. The descriptive text and package...
openstack-octavia: Private keys written to world-readable log files
In a default Red Hat Openstack Platform Director installation, openstack-octavia creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowing for information exposure...
Moderate: Red Hat Security Advisory: openstack-octavia security update
An update for openstack-octavia is now available for Red Hat OpenStack Platform 14.0 Rocky. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
openstack-ceilometer: ceilometer-agent prints sensitive data from config files through log files
A vulnerability was found in ceilometer where administrative credentials were permanently stored in the log. A user with access to the logs could obtain these credentials and escalate their privileges...
Low: Red Hat Security Advisory: openstack-ceilometer security and bug fix update
An update for openstack-ceilometer is now available for Red Hat OpenStack Platform 14.0 Rocky. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
cloud-init security update
18.2-1.0.1 - add modified version of enable-ec2utils-to-stop-retrying-to-get-ec2-metadata.patch for 18.2: 1. Enable ec2utils.py having a way to stop retrying to get ec2 metadata 2. Apply stop retrying to get ec2 metadata to helper/openstack.py MetadataReader Resolves: Oracle-Bug:41660 Bugzilla...
Information Disclosure
openstack-octavia is vulnerable to information disclosure. Plaintext private keys are written to world-readable log files, which would allow a local user to access the log files and obtain the private keys...
Moderate: Red Hat Bug Fix Advisory: Red Hat OpenStack Platform 13.0 director Bug Fix Advisory
Updated director installer packages that resolve various issues are now available for Red Hat OpenStack Platform 13.0 Queens for RHEL 7. Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service IaaS cloud running on...
openstack-mistral: std.ssh action may disclose presence of arbitrary files
An information-disclosure flaw was discovered in openstack-mistral, where the SSH private key filename of a std.ssh action could be manipulated. The flaw could be exploited to determine the presence of a file path on the host executing the std.ssh action, based on the returned error message...
Low: Red Hat Security Advisory: Red Hat Enterprise Linux OpenStack Platform security update
An update is now available for Red Hat OpenStack Platform 13.0 Queens. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
openstack-octavia: Private keys written to world-readable log files
In a default Red Hat Openstack Platform Director installation, openstack-octavia creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowing for information exposure...
Moderate: Red Hat Security Advisory: openstack-octavia security and bug fix update
An update for openstack-octavia is now available for Red Hat OpenStack Platform 13.0 Queens. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
openstack-ceilometer: ceilometer-agent prints sensitive data from config files through log files
A vulnerability was found in ceilometer where administrative credentials were permanently stored in the log. A user with access to the logs could obtain these credentials and escalate their privileges...
Low: Red Hat Security Advisory: openstack-ceilometer security and bug fix update
An update for openstack-ceilometer is now available for Red Hat OpenStack Platform 13.0 Queens. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
PYSEC-2019-190
An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option for example, VRRP, an...
DEBIAN-CVE-2019-9735
An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option for example, VRRP, an...
Security feature bypass
An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option for example, VRRP, an...
PYSEC-2019-190
An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option for example, VRRP, an...
CVE-2019-9735
An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option for example, VRRP, an...