7 matches found
CVE-2022-47951
CVE-2022-47951 affects OpenStack components (Cinder, Glance, Nova): by supplying a specially crafted VMDK flat image referencing a backing file path, an authenticated user could cause the server to return the contents of that backing file, enabling unauthorized data access. Affected ranges: Cinde...
CVE-2011-4076
OpenStack Nova before 2012.1 is affected: if a user possesses an EC2_ACCESS_KEY (like a username), they may derive the EC2_SECRET_KEY (password). Exposing the EC2_ACCESS_KEY over HTTP or via tools that enable MITM over HTTPS could allow an attacker to obtain the secret key; brute-forcing EC2_ACCE...
CVE-2016-2140
CVE-2016-2140 concerns OpenStack Nova’s libvirt driver. When using raw storage with use_cow_images = false, crafted qcow2 headers could allow a remote authenticated user to read arbitrary files on the host via an ephemeral or root disk. The issue affects OpenStack Compute (Nova) releases prior to...
CVE-2015-7713
CVE-2015-7713 affects OpenStack Nova. The vulnerability arises when security group changes are not correctly applied to already-running instances, allowing remote attackers to bypass intended network restrictions. Affected releases: OpenStack Nova before 2014.2.4 (juno) and before 2015.1.x before...
CVE-2015-0259
CVE-2015-0259 affects OpenStack Compute (Nova) prior to specific revisions (OpenStack Nova before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3) where the websocket origin is not validated. This enables remote attackers to hijack a user’s authenticated session for console access via ...
CVE-2015-8749
CVE-2015-8749 affects OpenStack Nova (Compute) when using the Xen backend. The function volume_utils._parse_volume_info can cause the StorageError message to include the connection_info dictionary, potentially exposing sensitive password information via logs or other vectors. Affected versions: O...
CVE-2013-0326
Technical details about CVE-2013-0326 are not publicly available in the provided connected documents. Monitor for updates.