Openstack: Security Vulnerabilities
The volume_utils._parse_volume_info function in OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty) includes the connection_info dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading log files or other unspecified vectors.
CVSS Score
5.9
EPSS Score
0.009
Published
2016-01-15
Swift3 before 1.9 allows remote attackers to conduct replay attacks via an Authorization request that lacks a Date header.
CVSS Score
7.4
EPSS Score
0.003
Published
2016-01-13
OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot.
CVSS Score
3.5
EPSS Score
0.002
Published
2016-01-12
OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error.
CVSS Score
6.8
EPSS Score
0.003
Published
2015-11-25
OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.
CVSS Score
5.0
EPSS Score
0.015
Published
2015-10-29
Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: before the security group rules are applied.
CVSS Score
3.5
EPSS Score
0.001
Published
2015-10-27
OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a token that expires during the process. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9623.
CVSS Score
6.8
EPSS Score
0.004
Published
2015-10-26
OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.
CVSS Score
5.5
EPSS Score
0.002
Published
2015-10-26
OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container.
CVSS Score
5.0
EPSS Score
0.011
Published
2015-10-26
OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state.
CVSS Score
6.8
EPSS Score
0.017
Published
2015-10-26