USN-3446-1: OpenStack Glance vulnerabilities

Hemanth Makkapati discovered that OpenStack Glance incorrectly handled access restrictions. A remote authenticated user could use this issue to change the status of images, contrary to access restrictions. CVE-2015-5251 Mike Fedosin and Alexei Galkin discovered that OpenStack Glance incorrectly...

Exploit for Improper Restriction of XML External Entity Reference in Juniper Contrail

CVE-2017-10616 & CVE-2017-10617 These two vulnerabilities aff...

OpenStack Kilo Designate Denial of Service Vulnerability

OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration NASA and Rackspace, Inc.OpenStack Kilo is a version of OpenStack.Designate is one of the DNSaaS components. A security vulnerability exists in Designate versions 2015.1.0 through...

SUSE-SU-2017:2627-1 Security update for openstack-aodh

This update for openstack-aodh fixes the following security issues: - CVE-2017-12440: Aodh did not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allowed remote authenticated users with knowledge of trust IDs where Aodh is the trustee to obta...

SUSE-SU-2017:2628-1 Security update for openstack-glance

This update for openstack-glance fixes the following issues: - Restrict imagelocation metadata When showmultiplelocations is enabled in Glance, any user can rewrite the metadata information for locations, causing a security breach. bsc1023507...

Red Hat OpenStack Platform Unauthorized Modification Vulnerability

Red Hat OpenStack Platform is a suite of platforms from Red Hat, Inc. that provide the core of next-generation IaaS Infrastructure-as-a-Service for private, public, and hybrid clouds.Pike, Newton, and Oacta are among the various version numbers. instack-undercloud is one of the... tools used to...

Design/Logic Flaw

A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploi...

PYSEC-2017-152

A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploi...

CVE-2017-7549

A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploi...

CVE-2017-7549

A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploi...

CVE-2017-7549

The CVE-2017-7549 issue affects instack-undercloud components in Red Hat OpenStack Platform: 7.2.0 (Pike), 6.1.0 (Oacta), and 5.3.0 (Newton). The root cause is insecure temporary files used by pre-install and security policy scripts, enabling a local user to perform a symbolic-link attack and ove...

CVE-2017-7549

A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploi...

Huawei FusionSphere OpenStack Information Disclosure Vulnerability (CNVD-2017-34443)

Huawei FusionSphere and FusionSphere OpenStack FSO are both Huawei products. The former is a cloud operating system product developed based on the OpenStack framework, and the latter is FusionSphere's cloud platform software in ICT scenarios. Huawei FusionSphere OpenStack suffers from an...

Security Advisory - Information Exposure Vulnerability on FusionSphere OpenStack

There is an information exposure vulnerability on FusionSphere OpenStack. The software uses hard-coded cryptographic key to encrypt messages between certain components, which significantly increases the possibility that encrypted data may be recovered and results in information exposure...

CVE-2017-12155

A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack...

Huawei FusionSphere OpenStack Information Disclosure Vulnerability

Huawei FusionSphere and FusionSphere OpenStack FSO are both Huawei products. The former is a cloud operating system product developed based on the OpenStack framework, and the latter is FusionSphere's cloud platform software in ICT scenarios. Huawei FusionSphere OpenStack suffers from an...

Moderate: Red Hat Security Advisory: instack-undercloud security, bug fix, and enhancement update

An update for instack-undercloud is now available for Red Hat OpenStack Platform 11.0 Ocata. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Security Advisory - Sensitive Information Disclosure Vulnerability on FusionSphere OpenStack

There is a sensitive information disclosure vulnerability on FusionSphere OpenStack. The software stores some sensitive information with insufficient access control. An unauthenticated remote attacker could get sensitive information by accessing certain ports. Vulnerability ID: HWPSIRT-2017-06223...

Huawei FusionSphere Authorization Issues Vulnerability

Huawei FusionSphere, a product of Huawei, is a cloud operating system product developed based on the OpenStack framework. Huawei FusionSphere suffers from an authorization issue vulnerability, which can be exploited by an attacker to execute arbitrary commands, which in turn can query, modify, an...

Huawei FusionSphere SQL Injection Vulnerability

Huawei FusionSphere, a product of Huawei, is a cloud operating system product developed based on the OpenStack framework. Huawei FusionSphere suffers from a SQL injection vulnerability due to the program failing to adequately validate device input. An authenticated remote attacker can exploit thi...