Lucene search
Veracode Vulnerability DatabaseVERACODE:12724HistoryJan 15, 2019 - 9:20 a.m.
Authorisation Bypass
2019-01-1509:20:57
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
EPSS
0.005
Percentile
76.3%
aodh is vulnerable to authorization bypass. When an alarm action with trust+http: scheme is created, it fails to verify that a user providing the trust ID is the trustor or has the same permission as the trustor. In addition, it also fails to verify that the trust is for the same project as the alarm.
References
www.debian.org/security/2017/dsa-3953
www.securityfocus.com/bid/100455
access.redhat.com/errata/RHSA-2017:3227
access.redhat.com/errata/RHSA-2018:0315
access.redhat.com/security/updates/classification/#moderate
bugs.launchpad.net/ossn/+bug/1649333
review.openstack.org/#/c/493823/
review.openstack.org/#/c/493824/
review.openstack.org/#/c/493826/
Related
nessus
nessus
RHEL 7 : openstack-aodh (RHSA-2018:0315)
2024-04-27 00:00:00
Debian DSA-3953-1 : aodh - security update
2017-08-24 00:00:00
RHEL 7 : openstack-aodh (RHSA-2017:3227)
2024-04-27 00:00:00
github
github
Openstack Aodh can be used to launder Keystone trusts
2022-05-13 01:42:42
veracode
veracode
Authorisation Bypass
2017-09-08 05:40:41
cvelist
cvelist
CVE-2017-12440
2017-08-18 14:00:00
osv
osv
aodh - security update
2017-08-23 00:00:00
redhatcve
redhatcve
CVE-2017-12440
2017-08-17 14:49:00
cve
cve
CVE-2017-12440
2017-08-18 14:29:00
debian
debian
[SECURITY] [DSA 3953-1] aodh security update
2017-08-23 20:02:57
[SECURITY] [DSA 3953-1] aodh security update
2017-08-23 20:02:57
prion
prion
Code injection
2017-08-18 14:29:00
openvas
openvas
Debian: Security Advisory (DSA-3953-1)
2017-08-22 00:00:00
debiancve
debiancve
CVE-2017-12440
2017-08-18 14:29:00
redhat
redhat
(RHSA-2017:3227) Moderate: openstack-aodh security update
2017-11-15 13:08:36
(RHSA-2018:0315) Moderate: openstack-aodh security update
2018-02-13 16:04:44
nvd
nvd
CVE-2017-12440
2017-08-18 14:29:00
ubuntucve
ubuntucve
CVE-2017-12440
2017-08-18 00:00:00