422 matches found
Moderate: Red Hat Security Advisory: ruby193-ruby security update
Updated ruby193-ruby packages that fix one security issue are now available for Red Hat OpenStack 3.0 Grizzly. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...
Foreman (Red Hat OpenStack/Satellite) Code Injection
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit4 'Foreman Red Hat OpenStack/Satellite...
Foreman (Red Hat OpenStack/Satellite) Code Injection Vulnerability
This Metasploit module exploits a code injection vulnerability in the 'create' action of 'bookmarks' controller of Foreman and Red Hat OpenStack/Satellite Foreman 1.2.0-RC1 and earlier. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions...
Foreman (RedHat OpenStack/Satellite) - bookmarks/create Code Injection (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit4 'Foreman Red Hat OpenStack/Satellite...
Foreman (Red Hat OpenStack/Satellite) users/create Mass Assignment
This module exploits a mass assignment vulnerability in the 'create' action of 'users' controller of Foreman and Red Hat OpenStack/Satellite Foreman 1.2.0-RC1 and earlier by creating an arbitrary administrator account. For this exploit to work, your account must have 'createusers' permission e.g....
Moderate: Red Hat Security Advisory: kernel security and bug fix update
Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
Foreman (Red Hat OpenStack/Satellite) bookmarks/create Code Injection
This module exploits a code injection vulnerability in the 'create' action of 'bookmarks' controller of Foreman and Red Hat OpenStack/Satellite Foreman 1.2.0-RC1 and earlier. This module requires Metasploit: https://metasploit.com/download Current source:...
Important: Red Hat Security Advisory: Foreman security and bug fix update
Updated Foreman packages that fix two security issues and multiple bugs are now available for Red Hat OpenStack 3.0 Grizzly Preview. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give...
CVE-2012-6120
Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files...
DEBIAN-CVE-2012-6120
Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files...
CVE-2012-6120
Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files...
Design/Logic Flaw
PackStack 2012.2.3 in Red Hat OpenStack Essex and Folsom can create the answer file in insecure directories such as /tmp or the current working directory, which allows local users to modify deployed systems by changing this file...
CVE-2012-6120
Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files...
Code injection
Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files...
CVE-2012-6120
CVE-2012-6120 concerns Puppet: Red Hat OpenStack Essex/Folsom created /var/log/puppet with world-readable permissions, enabling local users to access Puppet log files. The Debian DLA-29-1 advisory reiterates the same issue for the Debian puppet package. Affected component: Puppet log directory ha...
CVE-2013-1815
CVE-2013-1815 affects PackStack 2012.2.3 in Red Hat OpenStack Essex/Folsom, where the answer file could be created in insecure directories (e.g., /tmp or cwd), enabling local modification of deployed systems. The RHSA-2013:0671 advisory documents the fix: after the update, PackStack creates the a...
CVE-2013-1815 Packstack: red hat openstack: packstack: unauthorized system modification via insecure answer file creation
A flaw was found in PackStack. This vulnerability allows a local user to modify deployed systems by changing the answer file, which is created in insecure directories such as /tmp or the current working directory. This insecure file creation could lead to unauthorized system modifications...
CVE-2012-6120
Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files...
CVE-2012-6120
Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files...
Important: Red Hat Security Advisory: puppet security update
Updated puppet packages that fix several security issues are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...