Redhat

Openstack Platform

40 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2023-1636

  • EPSS 0.07%
  • Published 24.09.2023 01:15:43
  • Last modified 21.11.2024 07:39:35

A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and oth...

7.5

CVE-2022-3596

  • EPSS 0.29%
  • Published 20.09.2023 20:15:11
  • Last modified 21.11.2024 07:19:50

An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including ...

7.5

CVE-2022-3261

  • EPSS 0.04%
  • Published 15.09.2023 21:15:08
  • Last modified 21.11.2024 07:19:10

A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages during the OpenStack overcloud update run, leading to a disclosure of sensitive information problem.

7.5

CVE-2023-1108

  • EPSS 2.56%
  • Published 14.09.2023 15:15:08
  • Last modified 21.11.2024 07:38:28

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

6.5

CVE-2023-3637

  • EPSS 0.21%
  • Published 25.07.2023 13:15:10
  • Last modified 21.11.2024 08:17:43

An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota....

7.5

CVE-2023-3354

  • EPSS 0.07%
  • Published 11.07.2023 17:15:13
  • Last modified 21.11.2024 08:17:05

A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection hap...

8.2

CVE-2023-1668

  • EPSS 0.09%
  • Published 10.04.2023 22:15:09
  • Last modified 23.04.2025 17:16:28

A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath f...

6.5

CVE-2022-3277

  • EPSS 0.6%
  • Published 06.03.2023 23:15:10
  • Last modified 07.03.2025 16:15:35

An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota....

5.9

CVE-2022-3100

  • EPSS 0.03%
  • Published 18.01.2023 17:15:10
  • Last modified 03.04.2025 20:15:17

A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API.

8.1

CVE-2022-23451

  • EPSS 0.12%
  • Published 06.09.2022 18:15:10
  • Last modified 21.11.2024 06:48:34

An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the...