Openstack Platform@16.2 Security Vulnerabilities and Issues — Openstack Platform@16.2 CVE List

Lucene search

RedhatOpenstack Platform16.2

16 matches found

CVE•added 2023/10/10 2:15 p.m.•4413 views

CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

7.5CVSS8AI score0.94434EPSS

CVE•added 2023/12/18 4:15 p.m.•3811 views

CVE-2023-48795

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connecti...

5.9CVSS6.7AI score0.67991EPSS

CVE•added 2022/09/06 6:15 p.m.•688 views

CVE-2022-23451

An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, caus...

8.1CVSS7.5AI score0.00079EPSS

CVE•added 2022/03/02 11:15 p.m.•184 views

CVE-2021-3654

A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.

6.1CVSS6.1AI score0.89618EPSS

CVE•added 2023/04/10 10:15 p.m.•138 views

CVE-2023-1668

A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildca...

8.2CVSS7.7AI score0.00076EPSS

CVE•added 2021/05/28 7:15 p.m.•106 views

CVE-2021-20267

A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems on the network, resulting in denial of service or in some cas...

7.1CVSS7.2AI score0.0015EPSS

CVE•added 2022/08/26 4:15 p.m.•98 views

CVE-2021-3563

A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.

7.4CVSS7.2AI score0.00031EPSS

CVE•added 2022/09/01 9:15 p.m.•85 views

CVE-2022-2447

A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected.

6.6CVSS6.4AI score0.00183EPSS

CVE•added 2023/07/25 1:15 p.m.•84 views

CVE-2023-3637

An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant...

6.5CVSS5.1AI score0.00441EPSS

CVE•added 2023/03/06 11:15 p.m.•83 views

CVE-2022-3277

6.5CVSS6AI score0.00441EPSS

CVE•added 2024/08/21 2:15 p.m.•80 views

CVE-2024-8007

A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a man-in-the-mi...

8.1CVSS7.9AI score0.00173EPSS

CVE•added 2023/09/24 1:15 a.m.•73 views

CVE-2023-1625

An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system.

7.4CVSS5.8AI score0.00101EPSS

CVE•added 2023/09/24 1:15 a.m.•65 views

CVE-2023-1636

A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromi...

6CVSS5.4AI score0.00074EPSS

CVE•added 2023/09/24 1:15 a.m.•64 views

CVE-2023-1633

A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials.

6.6CVSS5.4AI score0.00024EPSS

CVE•added 2023/09/15 9:15 p.m.•44 views

CVE-2022-3261

A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages during the OpenStack overcloud update run, leading to a disclosure of sensitive information problem.

7.5CVSS5.2AI score0.00041EPSS

CVE•added 2024/08/02 9:16 p.m.•40 views

CVE-2024-7319

An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and the CVE-2023-1625 fix applied.

5CVSS7.5AI score0.00133EPSS