Information Disclosure

openstack-nova is vulnerable to information disclosure attacks. The vulnerability exists as an issue was discovered in exceptionwrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may...

Information Disclosure

openstack-heat is vulnerable to information disclosure. An information-leak vulnerability was found in the OpenStack Orchestration heat service. Launching a new stack with a local URL resulted in a detailed error message, allowing an authenticated user to conduct network discovery and reveal the...

Information Disclosure

openstack-heat is vulnerable to information disclosure attacks. The vulnerability exists as an access-control flaw was found in the OpenStack Orchestration heat service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could...

Remote Code Execution (RCE)

python-rdomanager-oscplugin is vulnerable to remote code execution RCE attacks. The vulnerability exists as a design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default by director listening on...

Denial Of Service (DoS)

OpenStack Compute nova is vulnerable to denial of service DoS attack. It is possible because it does not restrict qemu-ing calls to consume as much as 4 GB of RAM on the compute host by uploading a malicious image, leading to out-of-memory errors and negatively affect other running tenant instanc...

Authorization Bypass

openstack-neutron is vulnerable to authorization bypass. Neutron functionality includes internal firewall management between networks. Due to the relaxed nature of particular rules, it is possible for machines on the same layer 2 networks to forge non-IP traffic, such as ARP and DHCP requests and...

Information Disclosure

openstack-ironic is vulnerable to information disclosure. An authentication vulnerability was found in openstack-ironic. A client with network access to the ironic-api service could bypass OpenStack Identity authentication, and retrieve all information about any node registered with OpenStack Bar...

Cross-site Scripting (XSS)

python-django-horizon is vulnerable to cross-site scripting XSS. A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a...

Arbitrary File Read

openstack-nova is vulnerable to arbitrary file read attacks. The vulnerability exists as the libvirt driver in OpenStack Compute Nova before 2015.1.4 kilo and 12.0.x before 12.0.3 liberty, when using raw storage and usecowimages is set to false, allows remote authenticated users to read arbitrary...

Authorization Bypass

openstack-glance is vulnerable to authorization bypass. An authorization vulnerability allowed image-status manipulation using locations. By removing the last location of an image, an authenticated user could change the status from 'active' to 'queue'. A malicious tenant could exploit this flaw t...

Denial Of Service (DoS)

openstack-heat is vulnerable to denial of service DoS attacks. The vulnerability exists as the template-validate command in OpenStack Orchestration API Heat before 2015.1.3 kilo and 5.0.x before 5.0.1 liberty allows remote authenticated users to cause a denial of service memory consumption or...

Denial Of Service (DoS)

openstack-swift is vulnerable to denial of service. A memory-leak issue was found in OpenStack Object Storage swift, in the client-to-proxy connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption...

Arbitrary File Read

openstack-nova is vulnerable to arbitrary file read. A flaw was discovered in the OpenStack Compute nova snapshot feature when using the libvirt driver. A compute user could overwrite an attached instance disk with a malicious header specifying a backing file, and then request a snapshot, causing...

Authorization Bypass

openstack-nova is vulnerable to authorization bypass. A vulnerability was discovered in the way OpenStack Compute nova networking handled security group updates; changes were not applied to already running VM instances. A remote attacker could use this flaw to access running VM instances...

Spoofing Metadata Requests

tripleo-heat-templates is vulnerable to spoofing of metadata requests. It is due to having the bad default setting of a blank value for the NeutronMetadataProxySharedSecret parameter when it is deployed from the command line interface. Not setting the value to this parameter means Neutron does no...

Arbitrary Code Execution

openstack-ironic-discoverd is vulnerable to arbitrary code execution. It was discovered that enabling debug mode in openstack-ironic-discoverd also enables debug mode in the underlying Flask framework. If errors are encountered while Flask is in debug mode, a user experiencing an error may be abl...

Anti-Spoofing Controls Bypass

openstack-neutron is vulnerable to anti-spoofing controls bypass. Authenticated users using the ML2 plugin or the security groups AMQP API are able to set the deviceowner field to an arbitrary value starting with network: on networks they do not own. Setting the affected field before the security...

Authorization Bypass

openstack-glance is vulnerable to authorization bypass. A flaw was discovered in the OpenStack Image service where a tenant could manipulate the status of their images by submitting an HTTP PUT request together with an 'x-image-meta-status' header. A malicious tenant could exploit this flaw to...

Information Disclosure

openstack-swift is vulnerable to information disclosure attacks. The vulnerability exists as OpenStack Object Storage Swift before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container...

Authorization Bypass

gluster-swift is vulnerable to authorization bypass. A flaw was found in the metadata constraints in Red Hat Gluster Storage's OpenStack Object Storage swiftonfile. By adding metadata in several separate calls, a malicious user could bypass the maxmetacount constraint, and store more metadata tha...