PT-2016-6206 · Openstack · Openstack Ironic

Name of the Vulnerable Software and Affected Versions: OpenStack Ironic versions prior to 4.2.5 Liberty OpenStack Ironic versions 5.x prior to 5.1.2 Mitaka Description: The issue allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC...

UBUNTU-CVE-2016-4428

Cross-site scripting XSS vulnerability in OpenStack Dashboard Horizon 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form...

Debian DSA-3617-1 : horizon - security update

Two cross-site scripting vulnerabilities have been found in Horizon, a web application to control an OpenStack cloud. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3617. The text itself ...

[SECURITY] [DSA 3617-1] horizon security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3617-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 06, 2016 https://www.debian.org/security/faq -...

Debian Security Advisory DSA 3617-1 (horizon - security update)

Two cross-site scripting vulnerabilities have been found in Horizon, a web application to control an OpenStack cloud. OpenVAS Vulnerability Test $Id: deb3617.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated from advisory DSA 3617-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone...

PT-2016-5954 · Openstack +1 · Openstack Dashboard +1

Name of the Vulnerable Software and Affected Versions: OpenStack Dashboard Horizon versions 8.0.1 and earlier OpenStack Dashboard Horizon versions 9.0.0 through 9.0.1 Description: A cross-site scripting XSS issue allows remote authenticated users to inject arbitrary web script or HTML by injectin...

DSA-3617-1 horizon - security update

Bulletin has no description...

openstack-ironic: Ironic Node information including credentials exposed to unauthenticated users

An authentication vulnerability was found in openstack-ironic. A client with network access to the ironic-api service could bypass OpenStack Identity authentication, and retrieve all information about any node registered with OpenStack Bare Metal. If an unprivileged attacker knew or was able to...

Moderate: Red Hat Security Advisory: openstack-ironic security update

An update for openstack-ironic is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 Kilo for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

openstack-ironic: Ironic Node information including credentials exposed to unauthenticated users

An authentication vulnerability was found in openstack-ironic. A client with network access to the ironic-api service could bypass OpenStack Identity authentication, and retrieve all information about any node registered with OpenStack Bare Metal. If an unprivileged attacker knew or was able to...

Moderate: Red Hat Security Advisory: openstack-ironic security update

An update for openstack-ironic is now available for Red Hat OpenStack Platform 8.0 Liberty. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

[SECURITY] Fedora 23 Update: python-django-horizon-2015.1.4-1.fc23

Horizon is a Django application for providing Openstack UI components. It allows performing site administrator viewing account resource usage, configuring users, accounts, quotas, flavors, etc. and end user operations start/stop/delete instances, create/restore snapshots, view instance VNC consol...

CVE-2016-4474

The image build process for the overcloud images in Red Hat OpenStack Platform 8.0 Liberty director and Red Hat Enterprise Linux OpenStack Platform 7.0 Kilo director aka overcloud-full use a default root password of ROOTPW, which allows attackers to gain access via unspecified vectors...

CVE-2016-4474

The image build process for the overcloud images in Red Hat OpenStack Platform 8.0 Liberty director and Red Hat Enterprise Linux OpenStack Platform 7.0 Kilo director aka overcloud-full use a default root password of ROOTPW, which allows attackers to gain access via unspecified vectors...

CVE-2016-4474

CVE-2016-4474 affects Red Hat OpenStack Platform 8.0 (Liberty) director and Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) overcloud-full images. The image build process uses a default root password (ROOTPW/rootpw), enabling potential remote root access via unspecified vectors. Red Hat ad...

Arbitrary Code Execution Vulnerability in Multiple Openstack Products

OpenStack is a cloud platform management project developed by the National Aeronautics and Space Administration and Rackspace.Openstack Murano is an application catalog management project.Murano-muranoclient is a client library for building Murano APIs. Openstack Murano is an application catalog...

CVE-2016-4972

A flaw was discovered in openstack-murano processing. Using extended YAML tags in Murano-application YAML files, an attacker could perform remote code execution...

Openstack-infra puppet-gerrit module cross-site scripting vulnerability

OpenStack is a cloud platform management project developed by the National Aeronautics and Space Administration and Rackspace, Inc. Openstack-infra is the infrastructure used in it. puppet-gerrit is one of the components used to install gerrit and manage the OpenStack infrastructure. A cross-site...

CVE-2016-4985

An authentication vulnerability was found in openstack-ironic. A client with network access to the ironic-api service could bypass OpenStack Identity authentication, and retrieve all information about any node registered with OpenStack Bare Metal. If an unprivileged attacker knew or was able to...

OpenStack Ironic Authentication Bypass Vulnerability

OpenStack is a cloud platform management project developed by the National Aeronautics and Space Administration and Rackspace, Inc. Ironic is a component that provides bare-metal and virtual machine hypervisor interaction. A security vulnerability exists in Ironic. An attacker can exploit the...