OpenStack tripleo-common insecure file permissions vulnerability

OpenStack tripleo-common is a Python library for common code for the TripleO CLI and TripleO UI. OpenStack tripleo-common is vulnerable to an insecure file permission vulnerability. A local attacker can exploit this vulnerability to cause directory traversal and gain root access to the shadowed...

OpenStack Mistral Local Information Disclosure Vulnerability

OpenStack Mistral is a workflow service that provides flexible task scheduling so that we can run processes according to a specified schedule rather than immediately. OpenStack Mistral suffers from a local information disclosure vulnerability. An attacker can exploit this vulnerability to obtain...

OpenStack Nova-LXD Security Bypass Vulnerability

Nova is the compute organization controller in the OpenStack cloud. All activities that support the lifecycle of instances in an OpenStack cloud are handled by Nova. A security bypass vulnerability exists in OpenStack Nova-LXD, which can be exploited by an attacker to bypass security restrictions...

openstack-nova/glance/cinder: Malicious image may exhaust resources

A resource vulnerability in the OpenStack Compute nova, Block Storage cinder, and Image glance services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host...

Moderate: Red Hat Security Advisory: openstack-cinder, openstack-glance, and openstack-nova security update

An update for openstack-nova, openstack-cinder, openstack-glance, and python-oslo-concurrency is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 Kilo for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scorin...

CVE-2017-2621

An access-control flaw was found in the OpenStack Orchestration heat service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information...

CVE-2017-2622

An accessibility flaw was found in the OpenStack Workflow mistral service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information...

CVE-2017-2627

A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. The sudoers file as installed with OSP's openstack-tripleo-common package is much too permissive. It contains several lines for the mistral user that have wildcards that allow directory traversal...

OpenStack oslo.middleware Information Disclosure Vulnerability

OpenStack is a cloud platform management project. openStack oslo.middleware is one of the middleware used in wsgi pipelines to intercept request or response flows. A security vulnerability in OpenStack oslo.middleware allows remote attackers to submit special requests to obtain sensitive...

CVE-2017-5936

OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions...

UBUNTU-CVE-2017-5936

OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions...

CVE-2017-2592

An information-disclosure flaw was found in oslo.middleware. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs for example, keystone tokens...

puppet-swift: installs config file with world readable permissions

An information-disclosure flaw was discovered in Red Hat OpenStack Platform director's installation of Object Storage swift. During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions...

Moderate: Red Hat Security Advisory: puppet-swift security update

An update for puppet-swift is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: Red Hat Security Advisory: openstack-cinder security update

An update for openstack-cinder is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for RHEL 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

openstack-nova/glance/cinder: Malicious image may exhaust resources

A resource vulnerability in the OpenStack Compute nova, Block Storage cinder, and Image glance services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host...

Moderate: Red Hat Security Advisory: openstack-cinder security update

An update for openstack-cinder is now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

openstack-nova/glance/cinder: Malicious image may exhaust resources

A resource vulnerability in the OpenStack Compute nova, Block Storage cinder, and Image glance services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host...

openstack-nova/glance/cinder: Malicious image may exhaust resources

A resource vulnerability in the OpenStack Compute nova, Block Storage cinder, and Image glance services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host...

Moderate: Red Hat Security Advisory: openstack-cinder security update

Updated openstack-cinder packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 6.0 Juno for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which...