3 matches found
CVE-2018-16849
CVE-2018-16849 affects OpenStack Mistral. The flaw arises in the std.ssh action where manipulating the SSH private_key_filename (which can be an absolute path) enables an attacker to determine whether arbitrary files exist on the executor filesystem, i.e., a local information-disclosure/file-exis...
CVE-2019-3866
The CVE-2019-3866 entry describes an information-disclosure vulnerability in openstack-mistral where undercloud log files contain clear-text information and were world-readable. This could allow a local attacker to access sensitive user data from logs. The connected documents corroborate that the...
CVE-2018-16848
OpenStack Mistral is affected by CVE-2018-16848. A DoS can be triggered by submitting a specially crafted workflow definition YAML that uses nested anchors, leading to resource exhaustion. Affected versions are up to 7.0.3. The connected documents confirm the DoS impact but do not provide exploit...