RHEL 7 : redhat-access-plugin (RHSA-2015:0840)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2015:0840 advisory. The Red Hat Support plug-in for Red Hat OpenStack is a Technology Preview feature which offers seamless integrated access to Red Hat subscription...

dashboard: log file arbitrary file retrieval

It was found that the local log-viewing function of the redhat-access-plugin for OpenStack Dashboard horizon did not sanitize user input. An authenticated user could use this flaw to read an arbitrary file with the permissions of the web server...

dashboard: log file arbitrary file retrieval

It was found that the local log-viewing function of the redhat-access-plugin for OpenStack Dashboard horizon did not sanitize user input. An authenticated user could use this flaw to read an arbitrary file with the permissions of the web server...

ipa and slapi-nis security and bug fix update

ipa 4.1.0-18.0.1.el71.3 - Replace login-screen-logo.png 20362818 - Drop subscription-manager requires for OL7 - Drop redhat-access-plugin-ipa requires for OL7 - Blank out header-logo.png product-name.png 4.1.0-18.3 - ipa-python ipalib.errors.LDAPError: failed to decode certificate:...

Red Hat redhat-access-plugin for OpenStack Dashboard Arbitrary File Read Vulnerability

Red Hat redhat-access-plugin for OpenStack Dashboard horizon is a technology preview plugin from Red Hat, Inc. that provides seamless, integrated access to Red Hat's subscription services from the Red Hat OpenStack Management Portal. A security vulnerability exists in the 'log-viewing' function i...

ipa security, bug fix, and enhancement update

4.1.0-18.0.1 - Replace login-screen-logo.png 20362818 - Drop subscription-manager requires for OL7 - Drop redhat-access-plugin-ipa requires for OL7 - Blank out header-logo.png product-name.png 4.1.0-18 - Fix ipa-pwd-extop global configuration caching 1187342 - group-detach does not add correct...

CVE-2015-0271

CVE-2015-0271 affects Red Hat OpenStack Horizon’s redhat-access-plugin (pre-6.0.3). The vulnerability arises from an unsanitized input in the log-viewing function, allowing an authenticated attacker to read arbitrary files via a crafted path. Impact is reading sensitive files with the web server’...

dashboard: log file arbitrary file retrieval

It was found that the local log-viewing function of the redhat-access-plugin for OpenStack Dashboard horizon did not sanitize user input. An authenticated user could use this flaw to read an arbitrary file with the permissions of the web server...