Redhat

Openstack

212 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2023-6110

  • EPSS 0.17%
  • Veröffentlicht 17.11.2024 11:15:06
  • Zuletzt bearbeitet 05.12.2024 21:15:07

A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials.

7.5

CVE-2024-4437

  • EPSS 0.08%
  • Veröffentlicht 08.05.2024 09:15:09
  • Zuletzt bearbeitet 21.11.2024 09:42:49

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2021-44716. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided...

6.5

CVE-2023-2088

  • EPSS 0.16%
  • Veröffentlicht 12.05.2023 21:15:09
  • Zuletzt bearbeitet 04.11.2025 16:15:52

A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. ...

5.5

CVE-2022-3146

  • EPSS 0.01%
  • Veröffentlicht 23.03.2023 21:15:19
  • Zuletzt bearbeitet 21.11.2024 07:18:55

A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover th...

5.5

CVE-2022-3101

  • EPSS 0.01%
  • Veröffentlicht 23.03.2023 21:15:18
  • Zuletzt bearbeitet 21.11.2024 07:18:49

A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover th...

2.8

CVE-2022-4134

  • EPSS 0.1%
  • Veröffentlicht 06.03.2023 23:15:11
  • Zuletzt bearbeitet 06.03.2025 20:15:37

A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images.

5.9

CVE-2022-3100

  • EPSS 0.03%
  • Veröffentlicht 18.01.2023 17:15:10
  • Zuletzt bearbeitet 03.04.2025 20:15:17

A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API.

8.8

CVE-2022-38065

Exploit
  • EPSS 0.12%
  • Veröffentlicht 21.12.2022 11:15:10
  • Zuletzt bearbeitet 21.11.2024 07:15:42

A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly permissive functionality within tools leveraging this library within a container can lead increased privileges.

6.5

CVE-2022-1655

  • EPSS 0.19%
  • Veröffentlicht 22.07.2022 15:15:08
  • Zuletzt bearbeitet 21.11.2024 06:41:11

An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly...

4.3

CVE-2021-4180

  • EPSS 0.29%
  • Veröffentlicht 23.03.2022 20:15:10
  • Zuletzt bearbeitet 21.11.2024 06:37:04

An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in con...