Openstack Security Vulnerabilities and Issues — Openstack CVE List

Lucene search

RedhatOpenstack

4 matches found

CVE•added 2014/06/02 3:55 p.m.•51 views

CVE-2014-0040

OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, uses an HTTP connection to download (1) packages and (2) signing keys from Yum repositories, which allows man-in-the-middle attackers to prevent updates via unspecified vectors.

4.3CVSS6.6AI score0.00263EPSS

CVE•added 2014/06/02 3:55 p.m.•49 views

CVE-2014-0041

OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets sslverify to false for certain Yum repositories, which disables SSL protection and allows man-in-the-middle attackers to prevent updates via unspecified vectors.

4.3CVSS6.6AI score0.00263EPSS

CVE•added 2014/06/02 3:55 p.m.•45 views

CVE-2013-6470

The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid.

5CVSS7.3AI score0.0028EPSS

CVE•added 2014/06/02 3:55 p.m.•42 views

CVE-2014-0042

OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets gpgcheck to 0 for certain templates, which disables GPG signature checking on downloaded packages and allows man-in-the-middle attackers to install arbitrary packages via unspecified vectors.

4.3CVSS6.8AI score0.00263EPSS