Search criteria
2 vulnerabilities found for SUSE OpenStack Cloud 9 by SUSE
CVE-2018-17954 (GCVE-0-2018-17954)
Vulnerability from cvelistv5 – Published: 2020-04-03 07:05 – Updated: 2024-09-16 20:02
VLAI?
Title
crowbar provision leaks admin password to all nodes in cleartext
Summary
An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUSE OpenStack Cloud 7 crowbar-core versions prior to 4.0+git.1578392992.fabfd186c-9.63.1, crowbar-. SUSE OpenStack Cloud 8 ardana-cinder versions prior to 8.0+git.1579279939.ee7da88-3.39.3, ardana-. SUSE OpenStack Cloud 9 ardana-ansible versions prior to 9.0+git.1581611758.f694f7d-3.16.1, ardana-. SUSE OpenStack Cloud Crowbar 8 crowbar-core versions prior to 5.0+git.1582968668.1a55c77c5-3.35.4, crowbar-. SUSE OpenStack Cloud Crowbar 9 crowbar-core versions prior to 6.0+git.1582892022.cbd70e833-3.19.3, crowbar-.
Severity ?
9.3 (Critical)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| SUSE | SUSE OpenStack Cloud 7 |
Affected:
crowbar-core , < 4.0+git.1578392992.fabfd186c-9.63.1, crowbar-
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
Dirk Mueller of SUSE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.743Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1117080"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SUSE OpenStack Cloud 7",
"vendor": "SUSE",
"versions": [
{
"lessThan": "4.0+git.1578392992.fabfd186c-9.63.1, crowbar-",
"status": "affected",
"version": "crowbar-core",
"versionType": "custom"
}
]
},
{
"product": "SUSE OpenStack Cloud 8",
"vendor": "SUSE",
"versions": [
{
"lessThan": "8.0+git.1579279939.ee7da88-3.39.3, ardana-",
"status": "affected",
"version": "ardana-cinder",
"versionType": "custom"
}
]
},
{
"product": "SUSE OpenStack Cloud 9",
"vendor": "SUSE",
"versions": [
{
"lessThan": "9.0+git.1581611758.f694f7d-3.16.1, ardana-",
"status": "affected",
"version": "ardana-ansible",
"versionType": "custom"
}
]
},
{
"product": "SUSE OpenStack Cloud Crowbar 8",
"vendor": "SUSE",
"versions": [
{
"lessThan": "5.0+git.1582968668.1a55c77c5-3.35.4, crowbar-",
"status": "affected",
"version": "crowbar-core",
"versionType": "custom"
}
]
},
{
"product": "SUSE OpenStack Cloud Crowbar 9",
"vendor": "SUSE",
"versions": [
{
"lessThan": "6.0+git.1582892022.cbd70e833-3.19.3, crowbar-",
"status": "affected",
"version": "crowbar-core",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Dirk Mueller of SUSE"
}
],
"datePublic": "2020-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUSE OpenStack Cloud 7 crowbar-core versions prior to 4.0+git.1578392992.fabfd186c-9.63.1, crowbar-. SUSE OpenStack Cloud 8 ardana-cinder versions prior to 8.0+git.1579279939.ee7da88-3.39.3, ardana-. SUSE OpenStack Cloud 9 ardana-ansible versions prior to 9.0+git.1581611758.f694f7d-3.16.1, ardana-. SUSE OpenStack Cloud Crowbar 8 crowbar-core versions prior to 5.0+git.1582968668.1a55c77c5-3.35.4, crowbar-. SUSE OpenStack Cloud Crowbar 9 crowbar-core versions prior to 6.0+git.1582892022.cbd70e833-3.19.3, crowbar-."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-13T00:00:00",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1117080"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1117080",
"defect": [
"1117080"
],
"discovery": "INTERNAL"
},
"title": "crowbar provision leaks admin password to all nodes in cleartext",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-17954",
"datePublished": "2020-04-03T07:05:13.265182Z",
"dateReserved": "2018-10-03T00:00:00",
"dateUpdated": "2024-09-16T20:02:21.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-17954 (GCVE-0-2018-17954)
Vulnerability from nvd – Published: 2020-04-03 07:05 – Updated: 2024-09-16 20:02
VLAI?
Title
crowbar provision leaks admin password to all nodes in cleartext
Summary
An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUSE OpenStack Cloud 7 crowbar-core versions prior to 4.0+git.1578392992.fabfd186c-9.63.1, crowbar-. SUSE OpenStack Cloud 8 ardana-cinder versions prior to 8.0+git.1579279939.ee7da88-3.39.3, ardana-. SUSE OpenStack Cloud 9 ardana-ansible versions prior to 9.0+git.1581611758.f694f7d-3.16.1, ardana-. SUSE OpenStack Cloud Crowbar 8 crowbar-core versions prior to 5.0+git.1582968668.1a55c77c5-3.35.4, crowbar-. SUSE OpenStack Cloud Crowbar 9 crowbar-core versions prior to 6.0+git.1582892022.cbd70e833-3.19.3, crowbar-.
Severity ?
9.3 (Critical)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| SUSE | SUSE OpenStack Cloud 7 |
Affected:
crowbar-core , < 4.0+git.1578392992.fabfd186c-9.63.1, crowbar-
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
Dirk Mueller of SUSE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:01:14.743Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1117080"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SUSE OpenStack Cloud 7",
"vendor": "SUSE",
"versions": [
{
"lessThan": "4.0+git.1578392992.fabfd186c-9.63.1, crowbar-",
"status": "affected",
"version": "crowbar-core",
"versionType": "custom"
}
]
},
{
"product": "SUSE OpenStack Cloud 8",
"vendor": "SUSE",
"versions": [
{
"lessThan": "8.0+git.1579279939.ee7da88-3.39.3, ardana-",
"status": "affected",
"version": "ardana-cinder",
"versionType": "custom"
}
]
},
{
"product": "SUSE OpenStack Cloud 9",
"vendor": "SUSE",
"versions": [
{
"lessThan": "9.0+git.1581611758.f694f7d-3.16.1, ardana-",
"status": "affected",
"version": "ardana-ansible",
"versionType": "custom"
}
]
},
{
"product": "SUSE OpenStack Cloud Crowbar 8",
"vendor": "SUSE",
"versions": [
{
"lessThan": "5.0+git.1582968668.1a55c77c5-3.35.4, crowbar-",
"status": "affected",
"version": "crowbar-core",
"versionType": "custom"
}
]
},
{
"product": "SUSE OpenStack Cloud Crowbar 9",
"vendor": "SUSE",
"versions": [
{
"lessThan": "6.0+git.1582892022.cbd70e833-3.19.3, crowbar-",
"status": "affected",
"version": "crowbar-core",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Dirk Mueller of SUSE"
}
],
"datePublic": "2020-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUSE OpenStack Cloud 7 crowbar-core versions prior to 4.0+git.1578392992.fabfd186c-9.63.1, crowbar-. SUSE OpenStack Cloud 8 ardana-cinder versions prior to 8.0+git.1579279939.ee7da88-3.39.3, ardana-. SUSE OpenStack Cloud 9 ardana-ansible versions prior to 9.0+git.1581611758.f694f7d-3.16.1, ardana-. SUSE OpenStack Cloud Crowbar 8 crowbar-core versions prior to 5.0+git.1582968668.1a55c77c5-3.35.4, crowbar-. SUSE OpenStack Cloud Crowbar 9 crowbar-core versions prior to 6.0+git.1582892022.cbd70e833-3.19.3, crowbar-."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-13T00:00:00",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1117080"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1117080",
"defect": [
"1117080"
],
"discovery": "INTERNAL"
},
"title": "crowbar provision leaks admin password to all nodes in cleartext",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2018-17954",
"datePublished": "2020-04-03T07:05:13.265182Z",
"dateReserved": "2018-10-03T00:00:00",
"dateUpdated": "2024-09-16T20:02:21.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}