Lucene search
K
OpenstackEssex

15 matches found

CVE
CVE
added 2013/03/08 9:0 p.m.97 views

CVE-2013-0266

CVE-2013-0266 concerns the puppetlabs-cinder PackStack deployment: manifests/base.pp grants world-readable permissions to cinder.conf and api-paste.ini, enabling a local attacker to read OpenStack administrative passwords. Root cause: incorrect file permissions in these configuration files. Affec...

5.5CVSS5.3AI score0.00272EPSS
CVE
CVE
added 2013/03/22 9:0 p.m.94 views

CVE-2013-0335

CVE-2013-0335 affects OpenStack Nova (Grizzly, Folsom 2012.2, Essex 2012.1). The issue allows remote authenticated users to gain access to a VM by reusing the VNC token of a deleted VM bound to the same VNC port. The OpenStack release notes reference VNC Token Validation as a fix in the 2012.2.4 ...

6CVSS6.4AI score0.02146EPSS
CVE
CVE
added 2012/07/31 10:0 a.m.84 views

CVE-2012-3426

OpenStack Keystone before version 2012.1.1 (as used in Folsom before Folsom-1 and Essex) does not properly enforce token expiration, allowing remote authenticated users to bypass authorization by: (1) chaining tokens to create new ones, (2) using a token from a disabled account, or (3) using a to...

4.9CVSS6.1AI score0.02266EPSS
CVE
CVE
added 2012/09/05 11:0 p.m.84 views

CVE-2012-3542

CVE-2012-3542 affects OpenStack Keystone as used in OpenStack Folsom (before folsom-rc1) and Essex (2012.1). The vulnerability arises in the identity service API where a remote attacker can cause an arbitrary user to be added to an arbitrary tenant by updating the user’s default tenant via the ad...

4.3CVSS6.5AI score0.0248EPSS
CVE
CVE
added 2013/02/13 4:0 p.m.83 views

CVE-2013-0208

CVE-2013-0208 affects OpenStack Compute (Nova) boot-from-volume when using nova-volume on Folsom/Essex. The root cause was insufficient validation of the user’s permission to boot an image, allowing an authenticated user to boot from volumes owned by other users via a volume_id in block_device_ma...

6.5CVSS6AI score0.02505EPSS
CVE
CVE
added 2012/07/22 4:0 p.m.79 views

CVE-2012-3361

CVE-2012-3361 affects OpenStack OpenStack Compute (Nova) in Folsom (2012.2), Essex (2012.1), and Diablo (2011.3). The issue is in virt/disk/api.py where remote authenticated users can overwrite arbitrary files via a symlink attack on a file located within an image. The root cause is improper hand...

5.5CVSS6.1AI score0.02582EPSS
CVE
CVE
added 2013/03/22 9:0 p.m.77 views

CVE-2013-1838

CVE-2013-1838 affects OpenStack Nova (Compute) in Grizzly, Folsom (2012.2), and Essex (2012.1). The issue is that quotas for fixed IPs were not properly enforced, enabling remote authenticated users to exhaust resources and potentially block new instance spawns via many addFixedIp calls (DoS). Su...

4CVSS6.2AI score0.02742EPSS
CVE
CVE
added 2012/07/22 4:0 p.m.75 views

CVE-2012-3360

CVE-2012-3360 affects OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1) when used with libvirt-based hypervisors. The vulnerability arises in virt/disk/api.py where a directory traversal via a .. in the path attribute of a file element allows remote authenticated users to write arbitrar...

5.5CVSS6.2AI score0.02997EPSS
CVE
CVE
added 2012/07/17 9:0 p.m.74 views

CVE-2012-3371

The CVE refers to OpenStack Nova (Compute) scheduler vulnerability in Folsom (2012.2) and Essex (2012.1). When scheduler filters DifferentHostFilter or SameHostFilter are enabled, remote authenticated users can trigger a denial of service by sending requests with many repeated IDs in the os:sched...

3.5CVSS6.1AI score0.01846EPSS
CVE
CVE
added 2012/12/18 1:0 a.m.73 views

CVE-2012-5571

OpenStack Keystone is affected by CVE-2012-5571: EC2-style credentials can bypass authorization when a user’s role is removed from a tenant, allowing remote authenticated access. Root cause: improper handling of EC2 tokens tied to removed roles. Impact: unauthorized access to resources. Affected ...

5.4CVSS5.7AI score0.02038EPSS
CVE
CVE
added 2013/03/08 9:0 p.m.73 views

CVE-2013-0261

CVE-2013-0261 concerns PackStack/openstack-packstack. A local attacker can exploit a symlink attack during manifest creation to overwrite arbitrary files in /tmp, potentially affecting files the invoking user can access and, per Red Hat advisory, could lead to denial of service and manipulation o...

8.8CVSS5.4AI score0.00346EPSS
CVE
CVE
added 2012/11/11 11:0 a.m.68 views

CVE-2012-4573

The CVE-2012-4573 issue affects the v1 API of OpenStack Glance (Grizzly, Folsom 2012.2, Essex 2012.1), where remote authenticated users could delete arbitrary non‑protected images via an image deletion request. The vulnerability is tied to an incomplete/faulty fix; related advisories confirm ongo...

5.5CVSS6.2AI score0.03318EPSS
CVE
CVE
added 2012/01/13 6:0 p.m.60 views

CVE-2012-0030

CVE-2012-0030 affects Nova 2011.3 and Essex when using the OpenStack API, allowing remote authenticated users to bypass tenant access restrictions via a modified project_id in an OSAPI request. Root cause: insufficient validation of project_id in OSAPI calls. A fix is available in OpenStack Nova ...

4.9CVSS5.3AI score0.01758EPSS
CVE
CVE
added 2012/06/21 3:0 p.m.58 views

CVE-2012-2654

CVE-2012-2654 affects OpenStack Compute (Nova) EC2 and OS APIs in Folsom, Essex, and Diablo releases. The vulnerability arises from improper protocol validation when creating security groups if the network protocol isn’t specified in lowercase, allowing remote attackers to bypass access restricti...

4.3CVSS6.5AI score0.02626EPSS
CVE
CVE
added 2012/11/11 11:0 a.m.55 views

CVE-2012-5482

The CVE-2012-5482 vulnerability affects OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) where the v2 API allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. Root cause noted as an incomplete fix for CVE-2012-4573. Connected advis...

5.5CVSS6.4AI score0.02722EPSS