Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openstack vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-12690
An issue exists in OpenStack Keystone prior to 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the ...
Openstack Keystone 16.0.0
Openstack Keystone
8.8
CVSSv3
CVE-2020-12691
An issue exists in OpenStack Keystone prior to 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as an...
Openstack Keystone 16.0.0
Openstack Keystone
Canonical Ubuntu Linux 18.04
8.8
CVSSv3
CVE-2019-3683
The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access...
Suse Openstack Cloud 8.0
Suse Keystone-json-assignment
Hp Helion Openstack 8.0
8.8
CVSSv3
CVE-2019-19687
OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforce_scope is false. Users with a role on a project are able to view any other user...
Openstack Keystone 15.0.0
Openstack Keystone 16.0.0
8.8
CVSSv3
CVE-2018-10899
A flaw was found in Jolokia versions from 1.2 to prior to 1.6.1. Affected versions are vulnerable to a system-wide CSRF. This holds true for properly configured instances with strict checking for origin and referrer headers. This could result in a Remote Code Execution attack.
Jolokia Jolokia
Redhat Openstack 13
8.8
CVSSv3
CVE-2019-10138
A flaw exists in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens.
Python Novajoin
8.8
CVSSv3
CVE-2018-1000603
A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and previous versions in BootSource.java, InstancesToRun.java, JCloudsCleanupThread.java, JCloudsCloud.java, JCloudsComputer.java, JCloudsPreCreationThread.java, JCloudsRetentionStrate...
Jenkins Openstack Cloud
8.8
CVSSv3
CVE-2017-8131
The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some mes...
Huawei Fusionsphere Openstack V100r006c00
Huawei Fusionsphere Openstack V100r006c10
8.8
CVSSv3
CVE-2017-8135
The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some mes...
Huawei Fusionsphere Openstack V100r006c00
Huawei Fusionsphere Openstack V100r006c10
8.8
CVSSv3
CVE-2017-8194
The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Due to improper authentication on one port, an authenticated, remote attacker may exploit the vulnerability to execute more operations by send a crafted rest message.
Huawei Fusionsphere Openstack V100r006c00spc102\\(nfv\\)
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »