UBUNTU-CVE-2017-2622

An accessibility flaw was found in the OpenStack Workflow mistral service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information...

CVE-2017-2622

CVE-2017-2622 affects OpenStack Workflow (mistral). The vulnerability arises from a log directory being world-readable, enabling an information disclosure vulnerability for a malicious local user. Affected component: mistral service within OpenStack; root cause is improper directory permissions e...

CVE-2017-2622

An accessibility flaw was found in the OpenStack Workflow mistral service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information...

CVE-2017-2622

An accessibility flaw was found in the OpenStack Workflow mistral service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information...

PT-2018-7143 · Openstack · Openstack Workflow

Name of the Vulnerable Software and Affected Versions: OpenStack Workflow mistral affected versions not specified Description: An accessibility flaw was found in the OpenStack Workflow mistral service where a service log directory was improperly made world readable. A malicious system user could...

PT-2018-7142 · Openstack · Openstack Orchestration (Heat) Service

Name of the Vulnerable Software and Affected Versions: OpenStack Orchestration heat service versions prior to 8.0.0 OpenStack Orchestration heat service version 6.1.0 OpenStack Orchestration heat service version 7.0.2 Description: An access-control flaw was found in the OpenStack Orchestration he...

CVE-2017-7543

A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0:...

Race condition

A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0:...

CVE-2017-7543

A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0:...

CVE-2017-7543

A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0:...

CVE-2017-7543

CVE-2017-7543 describes a race-condition in OpenStack Neutron that, after a minor overcloud update, resets to 0 both net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables, effectively disabling neutron security groups. This race can be triggered by an update, allowing an atta...

CVE-2017-7543

A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0:...

CVE-2017-7543

A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0:...

Open redirect

A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default by director listening on 0.0.0.0 all interfaces with no-authentication or encryption. Anyone able to make a TCP connection to any comput...

CVE-2017-2637

A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default by director listening on 0.0.0.0 all interfaces with no-authentication or encryption. Anyone able to make a TCP connection to any comput...

CVE-2017-2637

A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default by director listening on 0.0.0.0 all interfaces with no-authentication or encryption. Anyone able to make a TCP connection to any comput...

CVE-2017-2637

A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default by director listening on 0.0.0.0 all interfaces with no-authentication or encryption. Anyone able to make a TCP connection to any comput...

CVE-2017-2637

CVE-2017-2637 describes a design flaw in the Red Hat OpenStack Platform director’s use of TripleO for enabling libvirtd live-migration. Libvirtd is deployed by default and listens on 0.0.0.0 with no authentication or encryption. A remote actor who can reach any compute host IP (including localhos...

PT-2018-8404 · Openstack · Openstack Neutron

Name of the Vulnerable Software and Affected Versions: openstack-neutron versions prior to 7.2.0-12.1 openstack-neutron versions 8.x prior to 8.3.0-11.1 openstack-neutron versions 9.x prior to 9.3.1-2.1 openstack-neutron versions 10.x prior to 10.0.2-1.1 Description: A race-condition flaw was...

Important: Red Hat Security Advisory: openstack-tripleo-heat-templates security update

An update for openstack-tripleo-heat-templates is now available for Red Hat OpenStack Platform 13.0 Queens for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...