Vulnerabilites related to openstack - essex
Vulnerability from fkie_nvd
Published
2013-03-22 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openstack | essex | 2012.1 | |
| openstack | folsom | 2012.2 | |
| openstack | grizzly | 2012.2 | |
| canonical | ubuntu_linux | 11.10 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 12.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E76B76AB-D744-4163-8615-7BA18ABB1347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:grizzly:2012.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D5C8DE-FC66-4787-A65B-CA921881DF67",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function."
},
{
"lang": "es",
"value": "OpenStack Compute (Nova) Grizzly, Folsom (versi\u00f3n 2012.2) y Essex (versi\u00f3n 2012.1) no implementan apropiadamente una cuota para direcciones IP fijas, lo que permite a los usuarios autenticados remotos causar una denegaci\u00f3n de servicio (agotamiento de recursos y fallo para crear nuevas instancias) por medio de un gran n\u00famero de llamadas a la funci\u00f3n addFixedIp."
}
],
"evaluatorImpact": "Per http://www.ubuntu.com/usn/usn-1771-1/\r\n\"A security issue affects these releases of Ubuntu and its derivatives:\r\n\r\nUbuntu 12.10\r\nUbuntu 12.04 LTS\r\nUbuntu 11.10\"",
"id": "CVE-2013-1838",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-22T21:55:01.453",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/91303"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0709.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52580"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52728"
},
{
"source": "secalert@redhat.com",
"url": "http://ubuntu.com/usn/usn-1771-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/03/14/18"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/58492"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/nova/+bug/1125468"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=919648"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82877"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.launchpad.net/openstack/msg21892.html"
},
{
"source": "secalert@redhat.com",
"url": "https://review.openstack.org/#/c/24451/"
},
{
"source": "secalert@redhat.com",
"url": "https://review.openstack.org/#/c/24452/"
},
{
"source": "secalert@redhat.com",
"url": "https://review.openstack.org/#/c/24453/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/91303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0709.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52728"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ubuntu.com/usn/usn-1771-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/03/14/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/58492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/nova/+bug/1125468"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=919648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.launchpad.net/openstack/msg21892.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://review.openstack.org/#/c/24451/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://review.openstack.org/#/c/24452/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://review.openstack.org/#/c/24453/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-07-31 10:45
Modified
2025-04-11 00:51
Severity ?
Summary
OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:essex:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F50B9DA6-B071-4B48-A486-54CB3E64AE58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:folsom-1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E72EACB-1FA6-4F1D-A3C8-D255C705AAAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:keystone:2012.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8DACEFF0-BA6A-4184-A1AB-397438034AF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:keystone:2012.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5BD2FC1-7C36-4532-813A-DED5F0BD1FFF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password."
},
{
"lang": "es",
"value": "OpenStack Keystone antes de v2012.1.1, como se usa en OpenStack Folsom antes de Folsom-1 y OpenStack Essex, no implementan apropiadamente la expiraci\u00f3n de los token, lo que permite a usuarios autenticados remotamente evitar restricciones de acceso (1) creando nuevos token a trav\u00e9s de la cadena de token, (2) aprovechando la posesi\u00f3n de un token de una cuenta de usuario deshabilitada o (3) aprovechando la posesi\u00f3n de un token de una cuenta con una contrase\u00f1a cambiada"
}
],
"id": "CVE-2012-3426",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-07-31T10:45:42.670",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626"
},
{
"source": "secalert@redhat.com",
"url": "http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d"
},
{
"source": "secalert@redhat.com",
"url": "http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/50045"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/50494"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/27/4"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1552-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/keystone/+bug/996595"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/keystone/+bug/997194"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/keystone/+bug/998185"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/27/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1552-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/keystone/+bug/996595"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/keystone/+bug/997194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/keystone/+bug/998185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-22 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openstack | essex | 2012.1 | |
| openstack | folsom | 2012.2 | |
| openstack | grizzly | 2012.2 | |
| canonical | ubuntu_linux | 11.10 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 12.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E76B76AB-D744-4163-8615-7BA18ABB1347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:grizzly:2012.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D5C8DE-FC66-4787-A65B-CA921881DF67",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port."
},
{
"lang": "es",
"value": "OpenStack Compute (Nova) Grizzly, Folsom (v2012.2) y Essex (v2012.1) permite a usuarios remotos autenticados acceder a una m\u00e1quina virtual en circunstancias oportunistas utilizando el token VNC para eliminar una m\u00e1quina virtual que se dirig\u00eda al mismo puerto VNC."
}
],
"evaluatorImpact": "Per http://www.ubuntu.com/usn/USN-1771-1/\r\n\"A security issue affects these releases of Ubuntu and its derivatives:\r\n\r\nUbuntu 12.10\r\nUbuntu 12.04 LTS\r\nUbuntu 11.10\"",
"id": "CVE-2013-0335",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-22T21:55:00.880",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0709.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52337"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52728"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/02/26/7"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/90657"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1771-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/nova/+bug/1125378"
},
{
"source": "secalert@redhat.com",
"url": "https://review.openstack.org/#/c/22086/"
},
{
"source": "secalert@redhat.com",
"url": "https://review.openstack.org/#/c/22758"
},
{
"source": "secalert@redhat.com",
"url": "https://review.openstack.org/#/c/22872/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0709.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52728"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/02/26/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/90657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1771-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/nova/+bug/1125378"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://review.openstack.org/#/c/22086/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://review.openstack.org/#/c/22758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://review.openstack.org/#/c/22872/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-07-17 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:compute:2012.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0E9D8029-F7DD-435D-B4F4-D3DABDB7333B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E76B76AB-D744-4163-8615-7BA18ABB1347",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section."
},
{
"lang": "es",
"value": "El planificador Nova en OpenStack Compute (Nova) Folsom (2012.2) y Essex (2012.1), cuando DifferentHostFilter o SameHostFilter est\u00e1n activados, permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (exceso de llamadas de b\u00fasqueda de base de datos y el servidor se bloquea) a trav\u00e9s de una solicitud con muchos identificadores repetidos en el sistema operativo: Secci\u00f3n scheduler_hints."
}
],
"id": "CVE-2012-3371",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-07-17T21:55:02.350",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/07/11/13"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/54388"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1501-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "https://bugs.launchpad.net/nova/+bug/1017795"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.launchpad.net/openstack/msg14452.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/07/11/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/54388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1501-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugs.launchpad.net/nova/+bug/1017795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.launchpad.net/openstack/msg14452.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-11-11 13:00
Modified
2025-04-11 00:51
Severity ?
Summary
The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E76B76AB-D744-4163-8615-7BA18ABB1347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC5343C7-8EBD-49A5-8423-22F88DE0CBD2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482."
},
{
"lang": "es",
"value": "La API v1 en OpenStack Vistazo Grizzly, Folsom (2.012,2) y Essex (2012.1) permite a usuarios autenticados remotamente borrar im\u00e1genes de su elecci\u00f3n no protegidas a trav\u00e9s de una solicitud de eliminaci\u00f3n de im\u00e1genes, una vulnerabilidad diferente a CVE-2012-5482."
}
],
"id": "CVE-2012-4573",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-11-11T13:00:58.883",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/87248"
},
{
"source": "secalert@redhat.com",
"url": "http://packetstormsecurity.com/files/118733/Red-Hat-Security-Advisory-2012-1558-01.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1558.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51174"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51234"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/07/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/56437"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1626-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1626-2"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/glance/+bug/1065187"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79895"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/openstack/glance/commit/6ab0992e5472ae3f9bef0d2ced41030655d9d2bc"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/openstack/glance/commit/90bcdc5a89e350a358cf320a03f5afe99795f6f6"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/openstack/glance/commit/efd7e75b1f419a52c7103c7840e24af8e5deb29d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/87248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/118733/Red-Hat-Security-Advisory-2012-1558-01.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1558.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51234"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/07/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/56437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1626-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1626-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/glance/+bug/1065187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/openstack/glance/commit/6ab0992e5472ae3f9bef0d2ced41030655d9d2bc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/openstack/glance/commit/90bcdc5a89e350a358cf320a03f5afe99795f6f6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/openstack/glance/commit/efd7e75b1f419a52c7103c7840e24af8e5deb29d"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-07-22 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:diablo:2011.3:*:*:*:*:*:*:*",
"matchCriteriaId": "65FA489C-5FDC-4887-9F1F-66177F87DB5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E76B76AB-D744-4163-8615-7BA18ABB1347",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image."
},
{
"lang": "es",
"value": "virt/disk/api.py en OpenStack Compute (Nova) Folsom (2.012,2), Essex (2.012,1) y Diablo (2.011,3) permite a usuarios remotos autenticados sobrescribir archivos arbitrarios a trav\u00e9s de un ataque de enlace simb\u00f3lico un archivo en una imagen."
}
],
"id": "CVE-2012-3361",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-07-22T16:55:48.227",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083969.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49763"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49802"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/54278"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1497-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/nova/+bug/1015531"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.launchpad.net/openstack/msg14089.html"
},
{
"source": "secalert@redhat.com",
"url": "https://review.openstack.org/#/c/9268/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083969.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49763"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/54278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1497-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/nova/+bug/1015531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.launchpad.net/openstack/msg14089.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://review.openstack.org/#/c/9268/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-08 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
(1) installer/basedefs.py and (2) modules/ospluginutils.py in PackStack allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:essex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEEA665A-AE0F-4C48-87F0-83F3EB4E65CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BA13BC-F088-45AA-AD10-B74F89CE5375",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "(1) installer/basedefs.py and (2) modules/ospluginutils.py in PackStack allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp."
},
{
"lang": "es",
"value": "(1) installer/basedefs.py y (2) modules/ospluginutils.py en PackStack permite a los usuarios locales sobreescribir ficheros de su elecci\u00f3n mediante un ataque de enlaces simb\u00f3licos en un archivo temporal con un nombre predecible en /tmp.\r\n"
}
],
"evaluatorImpact": "Per http://rhn.redhat.com/errata/RHSA-2013-0595.html these are the affected products:\r\n\r\nRed Hat OpenStack Essex\r\nRed Hat OpenStack Folsom",
"id": "CVE-2013-0261",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-08T21:55:01.947",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0595.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0595.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908101"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-11-11 13:00
Modified
2025-04-11 00:51
Severity ?
Summary
The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E76B76AB-D744-4163-8615-7BA18ABB1347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC5343C7-8EBD-49A5-8423-22F88DE0CBD2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573."
},
{
"lang": "es",
"value": "v2 API en OpenStack Glance Grizzly, Folsom (2012.2)y Essex (2012.1), permite a usuarios remotos autenticados, borrar im\u00e1genes no protegidas de su elecci\u00f3n a trav\u00e9s de una petici\u00f3n de borrado de imagen. NOTA: Esta vulnerabilidad existe por una soluci\u00f3n incompleta para CVE-2012-4573."
}
],
"id": "CVE-2012-5482",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-11-11T13:00:59.620",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/87248"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51174"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/07/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/08/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/56437"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/glance/+bug/1076506"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80019"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/87248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/07/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/08/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/56437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/glance/+bug/1076506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-08 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:essex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEEA665A-AE0F-4C48-87F0-83F3EB4E65CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BA13BC-F088-45AA-AD10-B74F89CE5375",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files."
},
{
"lang": "es",
"value": "manifests/base.pp en el m\u00f3dulo puppetlabs-cinder, tal como se utiliza en PackStack le da permisos de lectura para todo el mundo a los archovs de configuraci\u00f3n (1) cinder.conf y (2) api-paste.ini, lo que permite a usuarios locales leer contrase\u00f1as de administarci\u00f3n de OpenStack mediante la lectura de dichos archivos.\r\n"
}
],
"id": "CVE-2013-0266",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-08T21:55:01.960",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0595.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908581"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/puppetlabs/puppetlabs-cinder/commit/7da792fbd40c0e6eae1ee093aa00e0b177bd2ebc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0595.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/puppetlabs/puppetlabs-cinder/commit/7da792fbd40c0e6eae1ee093aa00e0b177bd2ebc"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-01-13 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:essex:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F50B9DA6-B071-4B48-A486-54CB3E64AE58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:nova:2011.3:*:*:*:*:*:*:*",
"matchCriteriaId": "91787837-B00F-4C62-BCCD-FAAE65563E78",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter."
},
{
"lang": "es",
"value": "Nova v2011.3 y Essex, cuando usan la API OpenStack, permite a usuarios remotos autenticados eludir las restricciones de acceso mediante una solicitud con un par\u00e1metro URI project_id modificado."
}
],
"id": "CVE-2012-0030",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-01-13T18:55:04.157",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47543"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/51370"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1326-1"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72296"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/openstack/nova/commit/3d4ffb64f1e18117240c26809788528979e3bd15#diff-0"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://lists.launchpad.net/openstack/msg06648.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/51370"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1326-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/openstack/nova/commit/3d4ffb64f1e18117240c26809788528979e3bd15#diff-0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://lists.launchpad.net/openstack/msg06648.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-13 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openstack | essex | - | |
| openstack | folsom | - | |
| canonical | ubuntu_linux | 11.10 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 12.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:essex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEEA665A-AE0F-4C48-87F0-83F3EB4E65CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BA13BC-F088-45AA-AD10-B74F89CE5375",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users\u0027 volumes via a volume id in the block_device_mapping parameter."
},
{
"lang": "es",
"value": "La funci\u00f3n de arranque de volumen en OpenStack Compute (Nova) Folsom y Essex, al utilizar NOVA-vol\u00famenes, permite a usuarios remotos autenticados para arrancar desde vol\u00famenes de otros usuarios a trav\u00e9s de un identificador de volumen en el par\u00e1metro block_device_mapping."
}
],
"evaluatorComment": "Per http://www.ubuntu.com/usn/USN-1709-1/\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\nUbuntu 12.10\r\nUbuntu 12.04 LTS\r\nUbuntu 11.10\r\n",
"id": "CVE-2013-0208",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-13T16:55:01.617",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/89661"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0208.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51963"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51992"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/01/29/9"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/57613"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1709-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/nova/+bug/1069904"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=902629"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81697"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/openstack/nova/commit/243d516cea9d3caa5a8267b12d2f577dcb24193b"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/openstack/nova/commit/317cc0af385536dee43ef2addad50a91357fc1ad"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/89661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0208.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/01/29/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/57613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1709-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/nova/+bug/1069904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=902629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/openstack/nova/commit/243d516cea9d3caa5a8267b12d2f577dcb24193b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/openstack/nova/commit/317cc0af385536dee43ef2addad50a91357fc1ad"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-22 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:glance:v1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E39288B-D80F-493D-BD2A-6A749EBCE0AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E76B76AB-D744-4163-8615-7BA18ABB1347",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:amazon:s3_store:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05BC26BF-62C4-47E9-81B1-C968904F1FF2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:openstack:swift:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE675165-BF5F-4BB3-964F-777CC3DDFF98",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator\u0027s backend credentials via a request for a cached image."
},
{
"lang": "es",
"value": "La API v1 en OpenStack Vistazo Essex (2012.1), Folsom (2012.2) y Grizzly, al utilizar el \u0027single-tenant Swift\u0027 o la tienda S3, informa el campo de ubicaci\u00f3n, lo que permite obtener las credenciales del back-end del operador a usuarios remotos autenticados a trav\u00e9s de una solicitud de una imagen almacenada en cach\u00e9."
}
],
"id": "CVE-2013-1840",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-22T21:55:01.487",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/91304"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0707.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52565"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/03/14/15"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/58490"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1764-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/glance/+bug/1135541"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82878"
},
{
"source": "secalert@redhat.com",
"url": "https://review.openstack.org/#/c/24437/"
},
{
"source": "secalert@redhat.com",
"url": "https://review.openstack.org/#/c/24438/"
},
{
"source": "secalert@redhat.com",
"url": "https://review.openstack.org/#/c/24439/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/91304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0707.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52565"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/03/14/15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/58490"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1764-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/glance/+bug/1135541"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://review.openstack.org/#/c/24437/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://review.openstack.org/#/c/24438/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://review.openstack.org/#/c/24439/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-21 15:55
Modified
2025-04-11 00:51
Severity ?
Summary
The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:compute:2012.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0E9D8029-F7DD-435D-B4F4-D3DABDB7333B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:diablo:2011.3:*:*:*:*:*:*:*",
"matchCriteriaId": "65FA489C-5FDC-4887-9F1F-66177F87DB5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions."
},
{
"lang": "es",
"value": "Las APIs (1) EC2 y (2) OS en OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1) y Diablo (2011.3) no comprueban correctamente el protocolo cuando se crean grupos de seguridad y el protocolo de red no se ha especificado por completo en min\u00fasculas, lo que permite a atacantes remotos eludir restricciones de acceso."
}
],
"id": "CVE-2012-2654",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-06-21T15:55:12.847",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46808"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49439"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1466-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugs.launchpad.net/nova/+bug/985184"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76110"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/openstack/nova/commit/9f9e9da777161426a6f8cb4314b78e09beac2978"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/openstack/nova/commit/ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.launchpad.net/openstack/msg12883.html"
},
{
"source": "secalert@redhat.com",
"url": "https://review.openstack.org/#/c/8239/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1466-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugs.launchpad.net/nova/+bug/985184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/openstack/nova/commit/9f9e9da777161426a6f8cb4314b78e09beac2978"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/openstack/nova/commit/ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.launchpad.net/openstack/msg12883.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://review.openstack.org/#/c/8239/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-12-18 01:55
Modified
2025-04-11 00:51
Severity ?
Summary
OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E76B76AB-D744-4163-8615-7BA18ABB1347",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role."
},
{
"lang": "es",
"value": "OpenStack Keystone Essex (2012.1) and Folsom (2012.2) no controlan correctamente los token EC2 cuando la funci\u00f3n de usuario se ha eliminado de un inquilino, lo que permite a usuarios autenticados remotamente eludir las restricciones previstas al aprovechar un token para la funci\u00f3n de usuario eliminado."
}
],
"id": "CVE-2012-5571",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-12-18T01:55:03.570",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1556.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1557.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51423"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51436"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/5"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/56726"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1641-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugs.launchpad.net/keystone/+bug/1064914"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80333"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713b"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1556.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1557.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/56726"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1641-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugs.launchpad.net/keystone/+bug/1064914"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80333"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-07-22 16:55
Modified
2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E76B76AB-D744-4163-8615-7BA18ABB1347",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en virt/disk/api.py en OpenStack Compute (Nova) Folsom (2.012,2) y Essex (2.012,1), cuando se utiliza durante libvirt basados ??en hipervisores, permite a usuarios remotos autenticados escribir archivos arbitrarios a la imagen de disco a trav\u00e9s de un. . (punto punto) en el atributo de ruta de un elemento de archivo"
}
],
"id": "CVE-2012-3360",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-07-22T16:55:45.853",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49763"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49802"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/54277"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1497-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/nova/+bug/1015531"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.launchpad.net/openstack/msg14089.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49763"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/54277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1497-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/nova/+bug/1015531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.launchpad.net/openstack/msg14089.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-05 23:55
Modified
2025-04-11 00:51
Severity ?
Summary
OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:folsom-3:*:*:*:*:*:*:*",
"matchCriteriaId": "95F66BD8-E885-4C11-B41D-8D3004BF106D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user\u0027s default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540."
},
{
"lang": "es",
"value": "OpenStack Keystone, tal como se utiliza en OpenStack Folsom Folsom antes-rc1 y OpenStack Essex (2012.1), permite a atacantes remotos a\u00f1adir un usuario arbitrario a trav\u00e9s de una solicitud para actualizar el usuario por defecto para la API de administraci\u00f3n. NOTA: este identificador originalmente fue incorrectamente asignado a otro problema, pero el identificador correcto es CVE-2012-3540."
}
],
"id": "CVE-2012-3542",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-05T23:55:02.523",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50467"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50494"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/08/30/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/55326"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1552-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/keystone/+bug/1040626"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/openstack/keystone/commit/5438d3b5a219d7c8fa67e66e538d325a61617155"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/openstack/keystone/commit/c13d0ba606f7b2bdc609a7f388334e5efec3f3aa"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.launchpad.net/openstack/msg16282.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/08/30/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1552-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/keystone/+bug/1040626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/openstack/keystone/commit/5438d3b5a219d7c8fa67e66e538d325a61617155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/openstack/keystone/commit/c13d0ba606f7b2bdc609a7f388334e5efec3f3aa"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.launchpad.net/openstack/msg16282.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2013-1838 (GCVE-0-2013-1838)
Vulnerability from cvelistv5
Published
2013-03-22 21:00
Modified
2024-08-06 15:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:33.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[openstack] 20130314 [OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.launchpad.net/openstack/msg21892.html"
},
{
"name": "58492",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58492"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/nova/+bug/1125468"
},
{
"name": "USN-1771-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1771-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://review.openstack.org/#/c/24453/"
},
{
"name": "52728",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52728"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=919648"
},
{
"name": "52580",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52580"
},
{
"name": "91303",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/91303"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://review.openstack.org/#/c/24452/"
},
{
"name": "nova-fixedips-dos(82877)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82877"
},
{
"name": "RHSA-2013:0709",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0709.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://review.openstack.org/#/c/24451/"
},
{
"name": "[oss-security] 20130314 [OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/14/18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[openstack] 20130314 [OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.launchpad.net/openstack/msg21892.html"
},
{
"name": "58492",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58492"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/nova/+bug/1125468"
},
{
"name": "USN-1771-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1771-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://review.openstack.org/#/c/24453/"
},
{
"name": "52728",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52728"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=919648"
},
{
"name": "52580",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52580"
},
{
"name": "91303",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/91303"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://review.openstack.org/#/c/24452/"
},
{
"name": "nova-fixedips-dos(82877)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82877"
},
{
"name": "RHSA-2013:0709",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0709.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://review.openstack.org/#/c/24451/"
},
{
"name": "[oss-security] 20130314 [OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/14/18"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1838",
"datePublished": "2013-03-22T21:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:13:33.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5571 (GCVE-0-2012-5571)
Vulnerability from cvelistv5
Published
2012-12-18 01:00
Modified
2024-08-06 21:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:15.748Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19"
},
{
"name": "RHSA-2012:1557",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1557.html"
},
{
"name": "RHSA-2012:1556",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1556.html"
},
{
"name": "[oss-security] 20121128 [OSSA 2012-018] EC2-style credentials invalidation issue (CVE-2012-5571)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/5"
},
{
"name": "USN-1641-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1641-1"
},
{
"name": "keystone-tenant-sec-bypass(80333)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80333"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713b"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/keystone/+bug/1064914"
},
{
"name": "[oss-security] 20121128 [OSSA 2012-019] Extension of token validity through token chaining (CVE-2012-5563)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653"
},
{
"name": "51423",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51423"
},
{
"name": "56726",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56726"
},
{
"name": "51436",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51436"
},
{
"name": "FEDORA-2012-19341",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19"
},
{
"name": "RHSA-2012:1557",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1557.html"
},
{
"name": "RHSA-2012:1556",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1556.html"
},
{
"name": "[oss-security] 20121128 [OSSA 2012-018] EC2-style credentials invalidation issue (CVE-2012-5571)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/5"
},
{
"name": "USN-1641-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1641-1"
},
{
"name": "keystone-tenant-sec-bypass(80333)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80333"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713b"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/keystone/+bug/1064914"
},
{
"name": "[oss-security] 20121128 [OSSA 2012-019] Extension of token validity through token chaining (CVE-2012-5563)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653"
},
{
"name": "51423",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51423"
},
{
"name": "56726",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56726"
},
{
"name": "51436",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51436"
},
{
"name": "FEDORA-2012-19341",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5571",
"datePublished": "2012-12-18T01:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:14:15.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0335 (GCVE-0-2013-0335)
Vulnerability from cvelistv5
Published
2013-03-22 21:00
Modified
2024-08-06 14:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:25:09.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "90657",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/90657"
},
{
"name": "52728",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52728"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/nova/+bug/1125378"
},
{
"name": "[oss-security] 20130226 [OSSA-2013-006] VNC proxy can connect to the wrong VM (CVE-2013-0335)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/26/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://review.openstack.org/#/c/22872/"
},
{
"name": "USN-1771-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1771-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://review.openstack.org/#/c/22758"
},
{
"name": "RHSA-2013:0709",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0709.html"
},
{
"name": "52337",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52337"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://review.openstack.org/#/c/22086/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-05T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "90657",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/90657"
},
{
"name": "52728",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52728"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/nova/+bug/1125378"
},
{
"name": "[oss-security] 20130226 [OSSA-2013-006] VNC proxy can connect to the wrong VM (CVE-2013-0335)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/26/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://review.openstack.org/#/c/22872/"
},
{
"name": "USN-1771-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1771-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://review.openstack.org/#/c/22758"
},
{
"name": "RHSA-2013:0709",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0709.html"
},
{
"name": "52337",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52337"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://review.openstack.org/#/c/22086/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0335",
"datePublished": "2013-03-22T21:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:25:09.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0266 (GCVE-0-2013-0266)
Vulnerability from cvelistv5
Published
2013-03-08 21:00
Modified
2024-08-06 14:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908581"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/puppetlabs/puppetlabs-cinder/commit/7da792fbd40c0e6eae1ee093aa00e0b177bd2ebc"
},
{
"name": "RHSA-2013:0595",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0595.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-08T21:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908581"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/puppetlabs/puppetlabs-cinder/commit/7da792fbd40c0e6eae1ee093aa00e0b177bd2ebc"
},
{
"name": "RHSA-2013:0595",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0595.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0266",
"datePublished": "2013-03-08T21:00:00Z",
"dateReserved": "2012-12-06T00:00:00Z",
"dateUpdated": "2024-08-06T14:18:09.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0208 (GCVE-0-2013-0208)
Vulnerability from cvelistv5
Published
2013-02-13 16:00
Modified
2024-08-06 14:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/nova/commit/317cc0af385536dee43ef2addad50a91357fc1ad"
},
{
"name": "RHSA-2013:0208",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0208.html"
},
{
"name": "51992",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51992"
},
{
"name": "51963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51963"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/nova/+bug/1069904"
},
{
"name": "[oss-security] 20130129 [OSSA 2013-001] Boot from volume allows access to random volumes (CVE-2013-0208)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/29/9"
},
{
"name": "57613",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57613"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/nova/commit/243d516cea9d3caa5a8267b12d2f577dcb24193b"
},
{
"name": "USN-1709-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1709-1"
},
{
"name": "89661",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/89661"
},
{
"name": "nova-volume-security-bypass(81697)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81697"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=902629"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users\u0027 volumes via a volume id in the block_device_mapping parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/nova/commit/317cc0af385536dee43ef2addad50a91357fc1ad"
},
{
"name": "RHSA-2013:0208",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0208.html"
},
{
"name": "51992",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51992"
},
{
"name": "51963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51963"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/nova/+bug/1069904"
},
{
"name": "[oss-security] 20130129 [OSSA 2013-001] Boot from volume allows access to random volumes (CVE-2013-0208)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/29/9"
},
{
"name": "57613",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57613"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/nova/commit/243d516cea9d3caa5a8267b12d2f577dcb24193b"
},
{
"name": "USN-1709-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1709-1"
},
{
"name": "89661",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/89661"
},
{
"name": "nova-volume-security-bypass(81697)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81697"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=902629"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0208",
"datePublished": "2013-02-13T16:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3361 (GCVE-0-2012-3361)
Vulnerability from cvelistv5
Published
2012-07-22 16:00
Modified
2024-08-06 20:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "49763",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49763"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://review.openstack.org/#/c/9268/"
},
{
"name": "54278",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54278"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/nova/+bug/1015531"
},
{
"name": "49802",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49802"
},
{
"name": "FEDORA-2012-10418",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083969.html"
},
{
"name": "[openstack] 20120603 [OSSA 2012-008] Arbitrary file injection/corruption through directory traversal issues (CVE-2012-3360, CVE-2012-3361)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.launchpad.net/openstack/msg14089.html"
},
{
"name": "FEDORA-2012-10420",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9"
},
{
"name": "USN-1497-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1497-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-25T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "49763",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49763"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://review.openstack.org/#/c/9268/"
},
{
"name": "54278",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54278"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/nova/+bug/1015531"
},
{
"name": "49802",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49802"
},
{
"name": "FEDORA-2012-10418",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083969.html"
},
{
"name": "[openstack] 20120603 [OSSA 2012-008] Arbitrary file injection/corruption through directory traversal issues (CVE-2012-3360, CVE-2012-3361)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.launchpad.net/openstack/msg14089.html"
},
{
"name": "FEDORA-2012-10420",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9"
},
{
"name": "USN-1497-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1497-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3361",
"datePublished": "2012-07-22T16:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1840 (GCVE-0-2013-1840)
Vulnerability from cvelistv5
Published
2013-03-22 21:00
Modified
2024-08-06 15:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:33.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openstack-glance-api-info-disclosure(82878)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82878"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://review.openstack.org/#/c/24437/"
},
{
"name": "USN-1764-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1764-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://review.openstack.org/#/c/24438/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/glance/+bug/1135541"
},
{
"name": "52565",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52565"
},
{
"name": "RHSA-2013:0707",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0707.html"
},
{
"name": "91304",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/91304"
},
{
"name": "[oss-security] 20130314 [OSSA 2013-007] Backend credentials leak in Glance v1 API (CVE-2013-1840)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/14/15"
},
{
"name": "58490",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58490"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://review.openstack.org/#/c/24439/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator\u0027s backend credentials via a request for a cached image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openstack-glance-api-info-disclosure(82878)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82878"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://review.openstack.org/#/c/24437/"
},
{
"name": "USN-1764-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1764-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://review.openstack.org/#/c/24438/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/glance/+bug/1135541"
},
{
"name": "52565",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52565"
},
{
"name": "RHSA-2013:0707",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0707.html"
},
{
"name": "91304",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/91304"
},
{
"name": "[oss-security] 20130314 [OSSA 2013-007] Backend credentials leak in Glance v1 API (CVE-2013-1840)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/14/15"
},
{
"name": "58490",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58490"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://review.openstack.org/#/c/24439/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1840",
"datePublished": "2013-03-22T21:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:13:33.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3542 (GCVE-0-2012-3542)
Vulnerability from cvelistv5
Published
2012-09-05 23:00
Modified
2024-08-06 20:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:13:50.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "50467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50467"
},
{
"name": "55326",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55326"
},
{
"name": "[openstack] 20120830 [OSSA 2012-013] Keystone, Lack of authorization for adding users to tenants (CVE-2012-3542)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.launchpad.net/openstack/msg16282.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/keystone/commit/c13d0ba606f7b2bdc609a7f388334e5efec3f3aa"
},
{
"name": "[oss-security] 20120830 [OSSA 2012-013] Keystone, Lack of authorization for adding users to tenants (CVE-2012-3542)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/30/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/keystone/commit/5438d3b5a219d7c8fa67e66e538d325a61617155"
},
{
"name": "50494",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50494"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/keystone/+bug/1040626"
},
{
"name": "USN-1552-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1552-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user\u0027s default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-05T23:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "50467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50467"
},
{
"name": "55326",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55326"
},
{
"name": "[openstack] 20120830 [OSSA 2012-013] Keystone, Lack of authorization for adding users to tenants (CVE-2012-3542)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.launchpad.net/openstack/msg16282.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/keystone/commit/c13d0ba606f7b2bdc609a7f388334e5efec3f3aa"
},
{
"name": "[oss-security] 20120830 [OSSA 2012-013] Keystone, Lack of authorization for adding users to tenants (CVE-2012-3542)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/30/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/keystone/commit/5438d3b5a219d7c8fa67e66e538d325a61617155"
},
{
"name": "50494",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50494"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/keystone/+bug/1040626"
},
{
"name": "USN-1552-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1552-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3542",
"datePublished": "2012-09-05T23:00:00Z",
"dateReserved": "2012-06-14T00:00:00Z",
"dateUpdated": "2024-08-06T20:13:50.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0261 (GCVE-0-2013-0261)
Vulnerability from cvelistv5
Published
2013-03-08 21:00
Modified
2024-08-06 14:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
(1) installer/basedefs.py and (2) modules/ospluginutils.py in PackStack allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2013:0595",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0595.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908101"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "(1) installer/basedefs.py and (2) modules/ospluginutils.py in PackStack allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-08T21:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2013:0595",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0595.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908101"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0261",
"datePublished": "2013-03-08T21:00:00Z",
"dateReserved": "2012-12-06T00:00:00Z",
"dateUpdated": "2024-08-06T14:18:09.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5482 (GCVE-0-2012-5482)
Vulnerability from cvelistv5
Published
2012-11-11 11:00
Modified
2024-08-06 21:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "51174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51174"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88"
},
{
"name": "[oss-security] 20121108 Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/08/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/glance/+bug/1076506"
},
{
"name": "56437",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56437"
},
{
"name": "glance-v2api-security-bypass(80019)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80019"
},
{
"name": "FEDORA-2012-17901",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html"
},
{
"name": "[oss-security] 20121107 [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/07/6"
},
{
"name": "[oss-security] 20121109 [OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/5"
},
{
"name": "87248",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/87248"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3"
},
{
"name": "[oss-security] 20121109 Re: Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/1"
},
{
"name": "SUSE-SU-2012:1455",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "51174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51174"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88"
},
{
"name": "[oss-security] 20121108 Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/08/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/glance/+bug/1076506"
},
{
"name": "56437",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56437"
},
{
"name": "glance-v2api-security-bypass(80019)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80019"
},
{
"name": "FEDORA-2012-17901",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html"
},
{
"name": "[oss-security] 20121107 [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/07/6"
},
{
"name": "[oss-security] 20121109 [OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/5"
},
{
"name": "87248",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/87248"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3"
},
{
"name": "[oss-security] 20121109 Re: Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/1"
},
{
"name": "SUSE-SU-2012:1455",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51174",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51174"
},
{
"name": "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88",
"refsource": "CONFIRM",
"url": "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88"
},
{
"name": "[oss-security] 20121108 Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/08/2"
},
{
"name": "https://bugs.launchpad.net/glance/+bug/1076506",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/glance/+bug/1076506"
},
{
"name": "56437",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56437"
},
{
"name": "glance-v2api-security-bypass(80019)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80019"
},
{
"name": "FEDORA-2012-17901",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html"
},
{
"name": "[oss-security] 20121107 [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/07/6"
},
{
"name": "[oss-security] 20121109 [OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/5"
},
{
"name": "87248",
"refsource": "OSVDB",
"url": "http://osvdb.org/87248"
},
{
"name": "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3",
"refsource": "CONFIRM",
"url": "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3"
},
{
"name": "[oss-security] 20121109 Re: Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/1"
},
{
"name": "SUSE-SU-2012:1455",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5482",
"datePublished": "2012-11-11T11:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3371 (GCVE-0-2012-3371)
Vulnerability from cvelistv5
Published
2012-07-17 21:00
Modified
2024-08-06 20:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "54388",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54388"
},
{
"name": "[openstack] 20120711 [OSSA 2012-009] Scheduler denial of service through scheduler_hints (CVE-2012-3371)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.launchpad.net/openstack/msg14452.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/nova/+bug/1017795"
},
{
"name": "[oss-security] 20120711 [OSSA 2012-009] Scheduler denial of service through scheduler_hints (CVE-2012-3371)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/11/13"
},
{
"name": "USN-1501-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1501-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-25T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "54388",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54388"
},
{
"name": "[openstack] 20120711 [OSSA 2012-009] Scheduler denial of service through scheduler_hints (CVE-2012-3371)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.launchpad.net/openstack/msg14452.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/nova/+bug/1017795"
},
{
"name": "[oss-security] 20120711 [OSSA 2012-009] Scheduler denial of service through scheduler_hints (CVE-2012-3371)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/11/13"
},
{
"name": "USN-1501-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1501-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3371",
"datePublished": "2012-07-17T21:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2654 (GCVE-0-2012-2654)
Vulnerability from cvelistv5
Published
2012-06-21 15:00
Modified
2024-08-06 19:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:31.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46808",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46808"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://review.openstack.org/#/c/8239/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/nova/commit/9f9e9da777161426a6f8cb4314b78e09beac2978"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/nova/+bug/985184"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/nova/commit/ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654"
},
{
"name": "USN-1466-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1466-1"
},
{
"name": "[openstack] 20120606 [OSSA 2012-007] Security groups fail to be set correctly (CVE-2012-2654)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.launchpad.net/openstack/msg12883.html"
},
{
"name": "nova-security-group-sec-bypass(76110)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76110"
},
{
"name": "49439",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49439"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "46808",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46808"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://review.openstack.org/#/c/8239/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/nova/commit/9f9e9da777161426a6f8cb4314b78e09beac2978"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/nova/+bug/985184"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/nova/commit/ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654"
},
{
"name": "USN-1466-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1466-1"
},
{
"name": "[openstack] 20120606 [OSSA 2012-007] Security groups fail to be set correctly (CVE-2012-2654)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.launchpad.net/openstack/msg12883.html"
},
{
"name": "nova-security-group-sec-bypass(76110)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76110"
},
{
"name": "49439",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49439"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2654",
"datePublished": "2012-06-21T15:00:00",
"dateReserved": "2012-05-14T00:00:00",
"dateUpdated": "2024-08-06T19:42:31.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3426 (GCVE-0-2012-3426)
Vulnerability from cvelistv5
Published
2012-07-31 10:00
Modified
2024-08-06 20:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/keystone/+bug/998185"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/keystone/+bug/997194"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz"
},
{
"name": "50494",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50494"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/keystone/+bug/996595"
},
{
"name": "[oss-security] 20120727 [OSSA 2012-010] Various Keystone token expiration issues (CVE-2012-3426)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/27/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626"
},
{
"name": "USN-1552-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1552-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d"
},
{
"name": "50045",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50045"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-07T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/keystone/+bug/998185"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/keystone/+bug/997194"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz"
},
{
"name": "50494",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50494"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/keystone/+bug/996595"
},
{
"name": "[oss-security] 20120727 [OSSA 2012-010] Various Keystone token expiration issues (CVE-2012-3426)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/27/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626"
},
{
"name": "USN-1552-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1552-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d"
},
{
"name": "50045",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50045"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3426",
"datePublished": "2012-07-31T10:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0030 (GCVE-0-2012-0030)
Vulnerability from cvelistv5
Published
2012-01-13 18:00
Modified
2024-08-06 18:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:09:17.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "nova-security-bypass(72296)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72296"
},
{
"name": "47543",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47543"
},
{
"name": "USN-1326-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1326-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/nova/commit/3d4ffb64f1e18117240c26809788528979e3bd15#diff-0"
},
{
"name": "[openstack] 20120111 [OSSA 2012-001] Tenant bypass by authenticated users using OpenStack API (CVE-2012-0030)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.launchpad.net/openstack/msg06648.html"
},
{
"name": "51370",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51370"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "nova-security-bypass(72296)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72296"
},
{
"name": "47543",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47543"
},
{
"name": "USN-1326-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1326-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/nova/commit/3d4ffb64f1e18117240c26809788528979e3bd15#diff-0"
},
{
"name": "[openstack] 20120111 [OSSA 2012-001] Tenant bypass by authenticated users using OpenStack API (CVE-2012-0030)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.launchpad.net/openstack/msg06648.html"
},
{
"name": "51370",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51370"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0030",
"datePublished": "2012-01-13T18:00:00",
"dateReserved": "2011-12-07T00:00:00",
"dateUpdated": "2024-08-06T18:09:17.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4573 (GCVE-0-2012-4573)
Vulnerability from cvelistv5
Published
2012-11-11 11:00
Modified
2024-08-06 20:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:54.862Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "51174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51174"
},
{
"name": "51234",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51234"
},
{
"name": "USN-1626-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1626-1"
},
{
"name": "RHSA-2012:1558",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1558.html"
},
{
"name": "56437",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56437"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/glance/commit/90bcdc5a89e350a358cf320a03f5afe99795f6f6"
},
{
"name": "FEDORA-2012-17901",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html"
},
{
"name": "[oss-security] 20121107 [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/07/6"
},
{
"name": "[oss-security] 20121109 [OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/118733/Red-Hat-Security-Advisory-2012-1558-01.html"
},
{
"name": "87248",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/87248"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/glance/commit/6ab0992e5472ae3f9bef0d2ced41030655d9d2bc"
},
{
"name": "USN-1626-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1626-2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/glance/+bug/1065187"
},
{
"name": "SUSE-SU-2012:1455",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/glance/commit/efd7e75b1f419a52c7103c7840e24af8e5deb29d"
},
{
"name": "openstack-glance-sec-bypass(79895)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79895"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "51174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51174"
},
{
"name": "51234",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51234"
},
{
"name": "USN-1626-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1626-1"
},
{
"name": "RHSA-2012:1558",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1558.html"
},
{
"name": "56437",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56437"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/glance/commit/90bcdc5a89e350a358cf320a03f5afe99795f6f6"
},
{
"name": "FEDORA-2012-17901",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html"
},
{
"name": "[oss-security] 20121107 [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/07/6"
},
{
"name": "[oss-security] 20121109 [OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/118733/Red-Hat-Security-Advisory-2012-1558-01.html"
},
{
"name": "87248",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/87248"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/glance/commit/6ab0992e5472ae3f9bef0d2ced41030655d9d2bc"
},
{
"name": "USN-1626-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1626-2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/glance/+bug/1065187"
},
{
"name": "SUSE-SU-2012:1455",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/glance/commit/efd7e75b1f419a52c7103c7840e24af8e5deb29d"
},
{
"name": "openstack-glance-sec-bypass(79895)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79895"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4573",
"datePublished": "2012-11-11T11:00:00",
"dateReserved": "2012-08-21T00:00:00",
"dateUpdated": "2024-08-06T20:42:54.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3360 (GCVE-0-2012-3360)
Vulnerability from cvelistv5
Published
2012-07-22 16:00
Modified
2024-08-06 20:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "54277",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54277"
},
{
"name": "49763",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49763"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/nova/+bug/1015531"
},
{
"name": "49802",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49802"
},
{
"name": "[openstack] 20120603 [OSSA 2012-008] Arbitrary file injection/corruption through directory traversal issues (CVE-2012-3360, CVE-2012-3361)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.launchpad.net/openstack/msg14089.html"
},
{
"name": "FEDORA-2012-10420",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9"
},
{
"name": "USN-1497-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1497-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-07-25T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "54277",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54277"
},
{
"name": "49763",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49763"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/nova/+bug/1015531"
},
{
"name": "49802",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49802"
},
{
"name": "[openstack] 20120603 [OSSA 2012-008] Arbitrary file injection/corruption through directory traversal issues (CVE-2012-3360, CVE-2012-3361)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.launchpad.net/openstack/msg14089.html"
},
{
"name": "FEDORA-2012-10420",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9"
},
{
"name": "USN-1497-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1497-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3360",
"datePublished": "2012-07-22T16:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}