Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openstack vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2012-6120
Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files.
Redhat Openstack Essex -
Redhat Openstack Folsom -
NA
CVE-2022-47951
An issue exists in OpenStack Cinder prior to 19.1.2, 20.x prior to 20.0.2, and 21.0.0; Glance prior to 23.0.1, 24.x prior to 24.1.1, and 25.0.0; and Nova prior to 24.1.2, 25.x prior to 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific...
Openstack Nova
Openstack Glance
Openstack Cinder
Debian Debian Linux 10.0
Debian Debian Linux 11.0
2.1
CVSSv2
CVE-2013-2013
The user-password-update command in python-keystoneclient prior to 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the process.
Openstack Python-keystoneclient
Openstack Python-keystoneclient 0.2.2
6
CVSSv2
CVE-2015-7546
The identity service in OpenStack Identity (Keystone) prior to 2015.1.3 (Kilo) and 8.0.x prior to 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) prior to 1.5.4 (Kilo) and Liberty prior to 2.3.3 does not properly invalidate authorization tokens when using ...
Openstack Keystonemiddleware
Openstack Keystone
Oracle Solaris 11.3
4.3
CVSSv2
CVE-2012-3542
OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote malicious users to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier wa...
Openstack Essex 2012.1
Openstack Horizon Folsom-3
6.4
CVSSv2
CVE-2019-15753
In OpenStack os-vif 1.15.x prior to 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of p...
Openstack Os-vif
Openstack Os-vif 1.16.0
4.3
CVSSv2
CVE-2012-2094
Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the gues...
Openstack Horizon Folsom-1
Openstack Horizon 2012.1
6.8
CVSSv2
CVE-2012-2144
Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote malicious users to hijack web sessions via the sessionid cookie.
Openstack Horizon Folsom-1
Openstack Horizon 2012.1
4.3
CVSSv2
CVE-2013-2255
HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.
Openstack Compute 2013.1
Openstack Keystone 2013
Redhat Openstack 3.0
Redhat Openstack 4.0
Debian Debian Linux 10.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
NA
CVE-2022-2447
A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected...
Openstack Keystone -
Redhat Storage 3.0
Redhat Quay 3.0.0
Redhat Openstack Platform 16.1
Redhat Openstack Platform 16.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »