Openstack Security Vulnerabilities and Issues — Page 2 of Openstack CVE List

Lucene search

RedhatOpenstack

57 matches found

CVE•added 2018/04/26 5:29 p.m.•60 views

CVE-2016-9590

puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage (swift). During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf ...

6.5CVSS6.3AI score0.00174EPSS

CVE•added 2018/08/22 5:29 p.m.•54 views

CVE-2017-2627

A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. The sudoers file as installed with OSP's openstack-tripleo-common package is much too permissive. It contains several lines for the mistral user that have wildcards that allow directory traversal wi...

8.2CVSS8.2AI score0.00074EPSS

CVE•added 2018/07/30 5:29 p.m.•53 views

CVE-2018-10898

A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials.

8.8CVSS8.5AI score0.00177EPSS

CVE•added 2018/07/27 6:29 p.m.•52 views

CVE-2017-2621

An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.

5.9CVSS5.2AI score0.00072EPSS

CVE•added 2018/07/26 2:29 p.m.•51 views

CVE-2017-7543

A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-c...

5.9CVSS5.4AI score0.00441EPSS

CVE•added 2018/09/10 7:29 p.m.•50 views

CVE-2018-14620

The OpenStack RabbitMQ container image insecurely retrieves the rabbitmq_clusterer component over HTTP during the build stage. This could potentially allow an attacker to serve malicious code to the image builder and install in the resultant container image. Version of openstack-rabbitmq-container ...

9.8CVSS9.4AI score0.00136EPSS

CVE•added 2018/04/24 1:29 a.m.•46 views

CVE-2016-9599

puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gain access to unauthorized resources.

7.5CVSS7.5AI score0.00189EPSS

Total number of security vulnerabilities57