Authorization Bypass

openstack-nova is vulnerable to authorization bypass attacks. The vulnerability exists through a race condition in the VMware driver in OpenStack Compute Nova before 2014.1.4 and 2014.2 before 2014.2rc1 allows remote authenticated users to access unintended consoles by spawning an instance that...

Information Disclosure

openstack-heat is vulnerable to information disclosure attacks. The vulnerability exists as OpenStack Orchestration API Heat 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider template URL...

Cross-site Scripting (XSS)

python-django-horizon is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as the Host Aggregates interface in OpenStack Dashboard Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via...

Privilege Escalation

openstack-neutron is vulnerable to privilege escalation attacks. The vulnerability exists as the default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6, allows...

Authorization Bypass

openstack-foreman-installer is vulnerable to authorization bypass attacks. The vulnerability exists as the default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for...

Denial Of Service (DoS)

openstack-glance is vulnerable to denial of service DoS attacks. The vulnerability exists as OpenStack Image Registry and Delivery Service Glance before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the imagesizecap configuration option...

Arbitrary Code Execution

openstack-glance is vulnerable to arbitrary code execution attacks. The vulnerability exists as the Sheepdog backend in OpenStack Image Registry and Delivery Service Glance 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modif...

Privilege Escalation

openstack-neutron is vulnerable to privilege escalation attacks. The vulnerability exists as the default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted...

Improper Token Invalidation

The openstack-keystone packages is vulnerable to improper token invalidation. It is possible because it does not revoke the tokens issued to a tenant upon disabling the tenant, leaving the tenant to access the resources supposed to be restricted...

Bypass Access Restriction

The openstack-glance package is vulnerable to access restriction bypass. When Glance downloadimage policy is enforced for cached system images, it allows an authenticated user to guess the image by its UUID and download that image,against the downloadimage policy. It only affects the setups makin...

Denial Of Service (DoS)

openstack-nova is vulnerable to denial of service DoS attacks. The vulnerability exists as the XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute Nova Essex and Folsom; Cinder Folsom; Django; and possibly other products all...

Authentication Bypass

openstack-keystone is vulnerable to authentication bypass. Remote authenticated users are able to retain access via an expired token due to the token driver storing timestamps with incorrect precision, which causes timestamp expiration time comparisons for tokens to fail...

Authorization Bypass

openstack-keystone is vulnerable to authorization bypass attacks. The vulnerability exists as the 1 mamcache and 2 KVS token backends in OpenStack Identity Keystone Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remot...

Authorization Bypass

openstack-nova is vulnerable to authorization bypass attacks. The vulnerability exists as the XenAPI backend in OpenStack Compute Nova Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups 1 when resizing an image or 2 during live migration, which allows remote attacke...

Denial Of Service (DoS)

openstack-neutron is vulnerable to denial of service. There was no enforced quota on the amount of allowed address pairs, allowing a remote authenticated attacker to deplete system resources by creating a large number of allowed address pairs...

Privilege Escalation

openstack-nova is vulnerable to privilege escalation. The RBAC policies were not enforced for addrules, removerules, destroy and other unspecified methods in compute/api.py when using non-default policies. A remote attacker is able to escalate privileges beyond the user group they belong to via t...

Open Redirect

python-django-horizon is vulnerable to open redirect attacks. The vulnerability exists as an open redirect vulnerability in views/authforms.py in OpenStack Dashboard Horizon Essex 2012.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the...

Authorization Bypass

openstack-keystone is vulnerable to authorization bypass attacks. The vulnerability exists as OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex 2012.1, allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's...

Authorization Bypass

openstack-keystone is vulnerable to authorization bypass attacks. The vulnerability exists as OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the 1 user, 2 tenant, or 3 domain is enabled when using EC2-style authentication, which allows...

Token Leakage

OpenStack Telemetry ceilometer is vulnerable to token leakage. It does not escape authentication token used in REST requests XAUTHTOKEN, allowing a malicious user having read access to massage queue to gain access to the token and to escalate the privileges...