Openstack Platform Security Vulnerabilities and Issues — Openstack Platform CVE List

Lucene search

RedhatOpenstack Platform

11 matches found

CVE•added 2022/09/06 6:15 p.m.•688 views

CVE-2022-23451

An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, caus...

8.1CVSS7.5AI score0.00103EPSS

CVE•added 2022/03/16 3:15 p.m.•220 views

CVE-2021-20257

An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial...

6.5CVSS6.7AI score0.00034EPSS

CVE•added 2022/03/02 11:15 p.m.•184 views

CVE-2021-3654

A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.

6.1CVSS6.1AI score0.88952EPSS

CVE•added 2022/08/31 4:15 p.m.•164 views

CVE-2022-2132

A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.

8.6CVSS8AI score0.00582EPSS

CVE•added 2022/08/29 3:15 p.m.•160 views

CVE-2022-0718

A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext.

4.9CVSS4.8AI score0.00298EPSS

CVE•added 2022/08/25 8:15 p.m.•155 views

CVE-2021-3979

A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks.

6.5CVSS6.4AI score0.00248EPSS

CVE•added 2022/08/17 9:15 p.m.•138 views

CVE-2020-14394

An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service.

3.2CVSS5.2AI score0.00007EPSS

CVE•added 2022/05/10 9:15 p.m.•128 views

CVE-2022-0866

This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRunAsIdentity field. This field is used by the org....

5.3CVSS5.3AI score0.002EPSS

CVE•added 2022/09/01 9:15 p.m.•108 views

CVE-2022-23452

An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service.

4.9CVSS5AI score0.00066EPSS

CVE•added 2022/08/26 4:15 p.m.•98 views

CVE-2021-3563

A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.

7.4CVSS7.2AI score0.00031EPSS

CVE•added 2022/09/01 9:15 p.m.•86 views

CVE-2022-2447

A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected.

6.6CVSS6.4AI score0.00183EPSS