Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openstack tripleo heat templates vulnerabilities and exploits
(subscribe to this query)
828
VMScore
CVE-2017-15114
When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. As no additional authentication is configured this allows these services to connect to libvirtd (which is equi...
Redhat Openstack Platform 12.0
578
VMScore
CVE-2020-10731
A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabled. This flaw causes sVirt, an important isolation mechanism, to be disabled for all running virtual machines.
Redhat Openstack Platform 16.1
Redhat Openstack Platform 16.0
Redhat Openstack Platform 15.0
1 Article
445
VMScore
CVE-2015-5303
The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote malicious users to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter.
Openstack Tripleo Heat Templates
356
VMScore
CVE-2021-4180
An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would g...
Redhat Openstack 13
Redhat Openstack 16.1
Openstack Tripleo Heat Templates
Redhat Openstack 16.2
NA
CVE-2021-3585
A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager.
Openstack Tripleo Heat Templates
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started