Redhat

Openstack

214 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2023-6110

  • EPSS 0.17%
  • Veröffentlicht 17.11.2024 11:15:06
  • Zuletzt bearbeitet 05.12.2024 21:15:07

A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials.

4.8

CVE-2024-43168

  • EPSS 0.05%
  • Veröffentlicht 12.08.2024 13:38:36
  • Zuletzt bearbeitet 21.10.2024 12:15:04

DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there ...

2.8

CVE-2024-43167

  • EPSS 0.03%
  • Veröffentlicht 12.08.2024 13:38:35
  • Zuletzt bearbeitet 21.11.2024 09:35:06

DISPUTE NOTE: this issue does not pose a security risk as it (according to analysis by the original software developer, NLnet Labs) falls within the expected functionality and security controls of the application. Red Hat has made a claim that there ...

7.5

CVE-2024-4437

  • EPSS 0.08%
  • Veröffentlicht 08.05.2024 09:15:09
  • Zuletzt bearbeitet 21.11.2024 09:42:49

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided...

6.5

CVE-2023-2088

  • EPSS 0.11%
  • Veröffentlicht 12.05.2023 21:15:09
  • Zuletzt bearbeitet 24.01.2025 16:15:31

A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. ...

5.5

CVE-2022-3146

  • EPSS 0.01%
  • Veröffentlicht 23.03.2023 21:15:19
  • Zuletzt bearbeitet 21.11.2024 07:18:55

A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover th...

5.5

CVE-2022-3101

  • EPSS 0.01%
  • Veröffentlicht 23.03.2023 21:15:18
  • Zuletzt bearbeitet 21.11.2024 07:18:49

A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover th...

2.8

CVE-2022-4134

  • EPSS 0.09%
  • Veröffentlicht 06.03.2023 23:15:11
  • Zuletzt bearbeitet 06.03.2025 20:15:37

A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images.

5.9

CVE-2022-3100

  • EPSS 0.03%
  • Veröffentlicht 18.01.2023 17:15:10
  • Zuletzt bearbeitet 03.04.2025 20:15:17

A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API.

8.8

CVE-2022-38065

Exploit
  • EPSS 0.11%
  • Veröffentlicht 21.12.2022 11:15:10
  • Zuletzt bearbeitet 21.11.2024 07:15:42

A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly permissive functionality within tools leveraging this library within a container can lead increased privileges.