Vulnerabilites related to openstack - essex
cve-2012-5482
Vulnerability from cvelistv5
Published
2012-11-11 11:00
Modified
2024-08-06 21:05
Severity ?
Summary
The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T21:05:47.269Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "51174",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/51174",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88",
               },
               {
                  name: "[oss-security] 20121108 Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2012/11/08/2",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugs.launchpad.net/glance/+bug/1076506",
               },
               {
                  name: "56437",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/56437",
               },
               {
                  name: "glance-v2api-security-bypass(80019)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80019",
               },
               {
                  name: "FEDORA-2012-17901",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html",
               },
               {
                  name: "[oss-security] 20121107 [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2012/11/07/6",
               },
               {
                  name: "[oss-security] 20121109 [OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2012/11/09/5",
               },
               {
                  name: "87248",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/87248",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3",
               },
               {
                  name: "[oss-security] 20121109 Re: Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2012/11/09/1",
               },
               {
                  name: "SUSE-SU-2012:1455",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2012-11-07T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-08-28T12:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "51174",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/51174",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88",
            },
            {
               name: "[oss-security] 20121108 Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2012/11/08/2",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugs.launchpad.net/glance/+bug/1076506",
            },
            {
               name: "56437",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/56437",
            },
            {
               name: "glance-v2api-security-bypass(80019)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80019",
            },
            {
               name: "FEDORA-2012-17901",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html",
            },
            {
               name: "[oss-security] 20121107 [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2012/11/07/6",
            },
            {
               name: "[oss-security] 20121109 [OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2012/11/09/5",
            },
            {
               name: "87248",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/87248",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3",
            },
            {
               name: "[oss-security] 20121109 Re: Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2012/11/09/1",
            },
            {
               name: "SUSE-SU-2012:1455",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2012-5482",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "51174",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/51174",
                  },
                  {
                     name: "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88",
                     refsource: "CONFIRM",
                     url: "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88",
                  },
                  {
                     name: "[oss-security] 20121108 Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2012/11/08/2",
                  },
                  {
                     name: "https://bugs.launchpad.net/glance/+bug/1076506",
                     refsource: "CONFIRM",
                     url: "https://bugs.launchpad.net/glance/+bug/1076506",
                  },
                  {
                     name: "56437",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/56437",
                  },
                  {
                     name: "glance-v2api-security-bypass(80019)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80019",
                  },
                  {
                     name: "FEDORA-2012-17901",
                     refsource: "FEDORA",
                     url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html",
                  },
                  {
                     name: "[oss-security] 20121107 [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2012/11/07/6",
                  },
                  {
                     name: "[oss-security] 20121109 [OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2012/11/09/5",
                  },
                  {
                     name: "87248",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/87248",
                  },
                  {
                     name: "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3",
                     refsource: "CONFIRM",
                     url: "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3",
                  },
                  {
                     name: "[oss-security] 20121109 Re: Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
                     refsource: "MLIST",
                     url: "http://www.openwall.com/lists/oss-security/2012/11/09/1",
                  },
                  {
                     name: "SUSE-SU-2012:1455",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2012-5482",
      datePublished: "2012-11-11T11:00:00",
      dateReserved: "2012-10-24T00:00:00",
      dateUpdated: "2024-08-06T21:05:47.269Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2012-2654
Vulnerability from cvelistv5
Published
2012-06-21 15:00
Modified
2024-08-06 19:42
Severity ?
Summary
The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T19:42:31.878Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "46808",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/46808",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://review.openstack.org/#/c/8239/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openstack/nova/commit/9f9e9da777161426a6f8cb4314b78e09beac2978",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugs.launchpad.net/nova/+bug/985184",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openstack/nova/commit/ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654",
               },
               {
                  name: "USN-1466-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-1466-1",
               },
               {
                  name: "[openstack] 20120606 [OSSA 2012-007] Security groups fail to be set correctly (CVE-2012-2654)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.launchpad.net/openstack/msg12883.html",
               },
               {
                  name: "nova-security-group-sec-bypass(76110)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/76110",
               },
               {
                  name: "49439",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/49439",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2012-06-06T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-08-28T12:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "46808",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/46808",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://review.openstack.org/#/c/8239/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openstack/nova/commit/9f9e9da777161426a6f8cb4314b78e09beac2978",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugs.launchpad.net/nova/+bug/985184",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openstack/nova/commit/ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654",
            },
            {
               name: "USN-1466-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-1466-1",
            },
            {
               name: "[openstack] 20120606 [OSSA 2012-007] Security groups fail to be set correctly (CVE-2012-2654)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.launchpad.net/openstack/msg12883.html",
            },
            {
               name: "nova-security-group-sec-bypass(76110)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/76110",
            },
            {
               name: "49439",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/49439",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2012-2654",
      datePublished: "2012-06-21T15:00:00",
      dateReserved: "2012-05-14T00:00:00",
      dateUpdated: "2024-08-06T19:42:31.878Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2012-3361
Vulnerability from cvelistv5
Published
2012-07-22 16:00
Modified
2024-08-06 20:05
Severity ?
Summary
virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T20:05:12.062Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "49763",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/49763",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://review.openstack.org/#/c/9268/",
               },
               {
                  name: "54278",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/54278",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugs.launchpad.net/nova/+bug/1015531",
               },
               {
                  name: "49802",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/49802",
               },
               {
                  name: "FEDORA-2012-10418",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083969.html",
               },
               {
                  name: "[openstack] 20120603 [OSSA 2012-008] Arbitrary file injection/corruption through directory traversal issues (CVE-2012-3360, CVE-2012-3361)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.launchpad.net/openstack/msg14089.html",
               },
               {
                  name: "FEDORA-2012-10420",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9",
               },
               {
                  name: "USN-1497-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-1497-1",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2012-06-03T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2012-07-25T09:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "49763",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/49763",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://review.openstack.org/#/c/9268/",
            },
            {
               name: "54278",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/54278",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugs.launchpad.net/nova/+bug/1015531",
            },
            {
               name: "49802",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/49802",
            },
            {
               name: "FEDORA-2012-10418",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083969.html",
            },
            {
               name: "[openstack] 20120603 [OSSA 2012-008] Arbitrary file injection/corruption through directory traversal issues (CVE-2012-3360, CVE-2012-3361)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.launchpad.net/openstack/msg14089.html",
            },
            {
               name: "FEDORA-2012-10420",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9",
            },
            {
               name: "USN-1497-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-1497-1",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2012-3361",
      datePublished: "2012-07-22T16:00:00",
      dateReserved: "2012-06-14T00:00:00",
      dateUpdated: "2024-08-06T20:05:12.062Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2012-5571
Vulnerability from cvelistv5
Published
2012-12-18 01:00
Modified
2024-08-06 21:14
Severity ?
Summary
OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T21:14:15.748Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19",
               },
               {
                  name: "RHSA-2012:1557",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2012-1557.html",
               },
               {
                  name: "RHSA-2012:1556",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2012-1556.html",
               },
               {
                  name: "[oss-security] 20121128 [OSSA 2012-018] EC2-style credentials invalidation issue (CVE-2012-5571)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2012/11/28/5",
               },
               {
                  name: "USN-1641-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-1641-1",
               },
               {
                  name: "keystone-tenant-sec-bypass(80333)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80333",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713b",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugs.launchpad.net/keystone/+bug/1064914",
               },
               {
                  name: "[oss-security] 20121128 [OSSA 2012-019] Extension of token validity through token chaining (CVE-2012-5563)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2012/11/28/6",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653",
               },
               {
                  name: "51423",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/51423",
               },
               {
                  name: "56726",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/56726",
               },
               {
                  name: "51436",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/51436",
               },
               {
                  name: "FEDORA-2012-19341",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2012-11-28T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-08-28T12:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19",
            },
            {
               name: "RHSA-2012:1557",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2012-1557.html",
            },
            {
               name: "RHSA-2012:1556",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2012-1556.html",
            },
            {
               name: "[oss-security] 20121128 [OSSA 2012-018] EC2-style credentials invalidation issue (CVE-2012-5571)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2012/11/28/5",
            },
            {
               name: "USN-1641-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-1641-1",
            },
            {
               name: "keystone-tenant-sec-bypass(80333)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80333",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713b",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugs.launchpad.net/keystone/+bug/1064914",
            },
            {
               name: "[oss-security] 20121128 [OSSA 2012-019] Extension of token validity through token chaining (CVE-2012-5563)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2012/11/28/6",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653",
            },
            {
               name: "51423",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/51423",
            },
            {
               name: "56726",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/56726",
            },
            {
               name: "51436",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/51436",
            },
            {
               name: "FEDORA-2012-19341",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2012-5571",
      datePublished: "2012-12-18T01:00:00",
      dateReserved: "2012-10-24T00:00:00",
      dateUpdated: "2024-08-06T21:14:15.748Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2012-4573
Vulnerability from cvelistv5
Published
2012-11-11 11:00
Modified
2024-08-06 20:42
Severity ?
Summary
The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T20:42:54.862Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "51174",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/51174",
               },
               {
                  name: "51234",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/51234",
               },
               {
                  name: "USN-1626-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-1626-1",
               },
               {
                  name: "RHSA-2012:1558",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2012-1558.html",
               },
               {
                  name: "56437",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/56437",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openstack/glance/commit/90bcdc5a89e350a358cf320a03f5afe99795f6f6",
               },
               {
                  name: "FEDORA-2012-17901",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html",
               },
               {
                  name: "[oss-security] 20121107 [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2012/11/07/6",
               },
               {
                  name: "[oss-security] 20121109 [OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2012/11/09/5",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/118733/Red-Hat-Security-Advisory-2012-1558-01.html",
               },
               {
                  name: "87248",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/87248",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openstack/glance/commit/6ab0992e5472ae3f9bef0d2ced41030655d9d2bc",
               },
               {
                  name: "USN-1626-2",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-1626-2",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugs.launchpad.net/glance/+bug/1065187",
               },
               {
                  name: "SUSE-SU-2012:1455",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openstack/glance/commit/efd7e75b1f419a52c7103c7840e24af8e5deb29d",
               },
               {
                  name: "openstack-glance-sec-bypass(79895)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/79895",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2012-11-07T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-08-28T12:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "51174",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/51174",
            },
            {
               name: "51234",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/51234",
            },
            {
               name: "USN-1626-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-1626-1",
            },
            {
               name: "RHSA-2012:1558",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2012-1558.html",
            },
            {
               name: "56437",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/56437",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openstack/glance/commit/90bcdc5a89e350a358cf320a03f5afe99795f6f6",
            },
            {
               name: "FEDORA-2012-17901",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html",
            },
            {
               name: "[oss-security] 20121107 [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2012/11/07/6",
            },
            {
               name: "[oss-security] 20121109 [OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2012/11/09/5",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://packetstormsecurity.com/files/118733/Red-Hat-Security-Advisory-2012-1558-01.html",
            },
            {
               name: "87248",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/87248",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openstack/glance/commit/6ab0992e5472ae3f9bef0d2ced41030655d9d2bc",
            },
            {
               name: "USN-1626-2",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-1626-2",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugs.launchpad.net/glance/+bug/1065187",
            },
            {
               name: "SUSE-SU-2012:1455",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openstack/glance/commit/efd7e75b1f419a52c7103c7840e24af8e5deb29d",
            },
            {
               name: "openstack-glance-sec-bypass(79895)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/79895",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2012-4573",
      datePublished: "2012-11-11T11:00:00",
      dateReserved: "2012-08-21T00:00:00",
      dateUpdated: "2024-08-06T20:42:54.862Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2012-3371
Vulnerability from cvelistv5
Published
2012-07-17 21:00
Modified
2024-08-06 20:05
Severity ?
Summary
The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T20:05:12.113Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "54388",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/54388",
               },
               {
                  name: "[openstack] 20120711 [OSSA 2012-009] Scheduler denial of service through scheduler_hints (CVE-2012-3371)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.launchpad.net/openstack/msg14452.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugs.launchpad.net/nova/+bug/1017795",
               },
               {
                  name: "[oss-security] 20120711 [OSSA 2012-009] Scheduler denial of service through scheduler_hints  (CVE-2012-3371)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2012/07/11/13",
               },
               {
                  name: "USN-1501-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-1501-1",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2012-07-11T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2012-07-25T09:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "54388",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/54388",
            },
            {
               name: "[openstack] 20120711 [OSSA 2012-009] Scheduler denial of service through scheduler_hints (CVE-2012-3371)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.launchpad.net/openstack/msg14452.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugs.launchpad.net/nova/+bug/1017795",
            },
            {
               name: "[oss-security] 20120711 [OSSA 2012-009] Scheduler denial of service through scheduler_hints  (CVE-2012-3371)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2012/07/11/13",
            },
            {
               name: "USN-1501-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-1501-1",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2012-3371",
      datePublished: "2012-07-17T21:00:00",
      dateReserved: "2012-06-14T00:00:00",
      dateUpdated: "2024-08-06T20:05:12.113Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2012-3542
Vulnerability from cvelistv5
Published
2012-09-05 23:00
Modified
2024-08-06 20:13
Severity ?
Summary
OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T20:13:50.139Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "50467",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/50467",
               },
               {
                  name: "55326",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/55326",
               },
               {
                  name: "[openstack] 20120830 [OSSA 2012-013] Keystone, Lack of authorization for adding users to tenants (CVE-2012-3542)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.launchpad.net/openstack/msg16282.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openstack/keystone/commit/c13d0ba606f7b2bdc609a7f388334e5efec3f3aa",
               },
               {
                  name: "[oss-security] 20120830 [OSSA 2012-013] Keystone, Lack of authorization for adding users to tenants (CVE-2012-3542)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2012/08/30/6",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openstack/keystone/commit/5438d3b5a219d7c8fa67e66e538d325a61617155",
               },
               {
                  name: "50494",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/50494",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugs.launchpad.net/keystone/+bug/1040626",
               },
               {
                  name: "USN-1552-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-1552-1",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API.  NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2012-09-05T23:00:00Z",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "50467",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/50467",
            },
            {
               name: "55326",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/55326",
            },
            {
               name: "[openstack] 20120830 [OSSA 2012-013] Keystone, Lack of authorization for adding users to tenants (CVE-2012-3542)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.launchpad.net/openstack/msg16282.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openstack/keystone/commit/c13d0ba606f7b2bdc609a7f388334e5efec3f3aa",
            },
            {
               name: "[oss-security] 20120830 [OSSA 2012-013] Keystone, Lack of authorization for adding users to tenants (CVE-2012-3542)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2012/08/30/6",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openstack/keystone/commit/5438d3b5a219d7c8fa67e66e538d325a61617155",
            },
            {
               name: "50494",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/50494",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugs.launchpad.net/keystone/+bug/1040626",
            },
            {
               name: "USN-1552-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-1552-1",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2012-3542",
      datePublished: "2012-09-05T23:00:00Z",
      dateReserved: "2012-06-14T00:00:00Z",
      dateUpdated: "2024-08-06T20:13:50.139Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2012-3426
Vulnerability from cvelistv5
Published
2012-07-31 10:00
Modified
2024-08-06 20:05
Severity ?
Summary
OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T20:05:12.524Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugs.launchpad.net/keystone/+bug/998185",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugs.launchpad.net/keystone/+bug/997194",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz",
               },
               {
                  name: "50494",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/50494",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugs.launchpad.net/keystone/+bug/996595",
               },
               {
                  name: "[oss-security] 20120727 [OSSA 2012-010] Various Keystone token expiration issues (CVE-2012-3426)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2012/07/27/4",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626",
               },
               {
                  name: "USN-1552-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-1552-1",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d",
               },
               {
                  name: "50045",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/50045",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2012-07-27T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2012-09-07T09:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugs.launchpad.net/keystone/+bug/998185",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugs.launchpad.net/keystone/+bug/997194",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz",
            },
            {
               name: "50494",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/50494",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugs.launchpad.net/keystone/+bug/996595",
            },
            {
               name: "[oss-security] 20120727 [OSSA 2012-010] Various Keystone token expiration issues (CVE-2012-3426)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2012/07/27/4",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626",
            },
            {
               name: "USN-1552-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-1552-1",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d",
            },
            {
               name: "50045",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/50045",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2012-3426",
      datePublished: "2012-07-31T10:00:00",
      dateReserved: "2012-06-14T00:00:00",
      dateUpdated: "2024-08-06T20:05:12.524Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2012-0030
Vulnerability from cvelistv5
Published
2012-01-13 18:00
Modified
2024-08-06 18:09
Severity ?
Summary
Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T18:09:17.303Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "nova-security-bypass(72296)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/72296",
               },
               {
                  name: "47543",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/47543",
               },
               {
                  name: "USN-1326-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-1326-1",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openstack/nova/commit/3d4ffb64f1e18117240c26809788528979e3bd15#diff-0",
               },
               {
                  name: "[openstack] 20120111 [OSSA 2012-001] Tenant bypass by authenticated users using OpenStack API (CVE-2012-0030)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.launchpad.net/openstack/msg06648.html",
               },
               {
                  name: "51370",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/51370",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2012-01-11T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-08-28T12:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "nova-security-bypass(72296)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/72296",
            },
            {
               name: "47543",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/47543",
            },
            {
               name: "USN-1326-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-1326-1",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openstack/nova/commit/3d4ffb64f1e18117240c26809788528979e3bd15#diff-0",
            },
            {
               name: "[openstack] 20120111 [OSSA 2012-001] Tenant bypass by authenticated users using OpenStack API (CVE-2012-0030)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.launchpad.net/openstack/msg06648.html",
            },
            {
               name: "51370",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/51370",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2012-0030",
      datePublished: "2012-01-13T18:00:00",
      dateReserved: "2011-12-07T00:00:00",
      dateUpdated: "2024-08-06T18:09:17.303Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2013-0261
Vulnerability from cvelistv5
Published
2013-03-08 21:00
Modified
2024-08-06 14:18
Severity ?
Summary
(1) installer/basedefs.py and (2) modules/ospluginutils.py in PackStack allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T14:18:09.552Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "RHSA-2013:0595",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0595.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=908101",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "(1) installer/basedefs.py and (2) modules/ospluginutils.py in PackStack allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2013-03-08T21:00:00Z",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2013:0595",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0595.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=908101",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2013-0261",
      datePublished: "2013-03-08T21:00:00Z",
      dateReserved: "2012-12-06T00:00:00Z",
      dateUpdated: "2024-08-06T14:18:09.552Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2013-1840
Vulnerability from cvelistv5
Published
2013-03-22 21:00
Modified
2024-08-06 15:13
Severity ?
Summary
The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/82878vdb-entry, x_refsource_XF
https://review.openstack.org/#/c/24437/x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-1764-1vendor-advisory, x_refsource_UBUNTU
https://review.openstack.org/#/c/24438/x_refsource_CONFIRM
https://bugs.launchpad.net/glance/+bug/1135541x_refsource_CONFIRM
http://secunia.com/advisories/52565third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2013-0707.htmlvendor-advisory, x_refsource_REDHAT
http://osvdb.org/91304vdb-entry, x_refsource_OSVDB
http://www.openwall.com/lists/oss-security/2013/03/14/15mailing-list, x_refsource_MLIST
http://www.securityfocus.com/bid/58490vdb-entry, x_refsource_BID
https://review.openstack.org/#/c/24439/x_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T15:13:33.277Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "openstack-glance-api-info-disclosure(82878)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/82878",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://review.openstack.org/#/c/24437/",
               },
               {
                  name: "USN-1764-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-1764-1",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://review.openstack.org/#/c/24438/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugs.launchpad.net/glance/+bug/1135541",
               },
               {
                  name: "52565",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/52565",
               },
               {
                  name: "RHSA-2013:0707",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0707.html",
               },
               {
                  name: "91304",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/91304",
               },
               {
                  name: "[oss-security] 20130314 [OSSA 2013-007] Backend credentials leak in Glance v1 API (CVE-2013-1840)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2013/03/14/15",
               },
               {
                  name: "58490",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/58490",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://review.openstack.org/#/c/24439/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2013-03-14T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-08-28T12:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "openstack-glance-api-info-disclosure(82878)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/82878",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://review.openstack.org/#/c/24437/",
            },
            {
               name: "USN-1764-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-1764-1",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://review.openstack.org/#/c/24438/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugs.launchpad.net/glance/+bug/1135541",
            },
            {
               name: "52565",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/52565",
            },
            {
               name: "RHSA-2013:0707",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0707.html",
            },
            {
               name: "91304",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/91304",
            },
            {
               name: "[oss-security] 20130314 [OSSA 2013-007] Backend credentials leak in Glance v1 API (CVE-2013-1840)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2013/03/14/15",
            },
            {
               name: "58490",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/58490",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://review.openstack.org/#/c/24439/",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2013-1840",
      datePublished: "2013-03-22T21:00:00",
      dateReserved: "2013-02-19T00:00:00",
      dateUpdated: "2024-08-06T15:13:33.277Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2013-0335
Vulnerability from cvelistv5
Published
2013-03-22 21:00
Modified
2024-08-06 14:25
Severity ?
Summary
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.
References
http://www.osvdb.org/90657vdb-entry, x_refsource_OSVDB
http://secunia.com/advisories/52728third-party-advisory, x_refsource_SECUNIA
https://bugs.launchpad.net/nova/+bug/1125378x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2013/02/26/7mailing-list, x_refsource_MLIST
https://review.openstack.org/#/c/22872/x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-1771-1vendor-advisory, x_refsource_UBUNTU
https://review.openstack.org/#/c/22758x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2013-0709.htmlvendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/52337third-party-advisory, x_refsource_SECUNIA
https://review.openstack.org/#/c/22086/x_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T14:25:09.083Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "90657",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://www.osvdb.org/90657",
               },
               {
                  name: "52728",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/52728",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugs.launchpad.net/nova/+bug/1125378",
               },
               {
                  name: "[oss-security] 20130226 [OSSA-2013-006] VNC proxy can connect to the wrong VM (CVE-2013-0335)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2013/02/26/7",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://review.openstack.org/#/c/22872/",
               },
               {
                  name: "USN-1771-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-1771-1",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://review.openstack.org/#/c/22758",
               },
               {
                  name: "RHSA-2013:0709",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0709.html",
               },
               {
                  name: "52337",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/52337",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://review.openstack.org/#/c/22086/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2013-02-26T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2013-06-05T09:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "90657",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://www.osvdb.org/90657",
            },
            {
               name: "52728",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/52728",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugs.launchpad.net/nova/+bug/1125378",
            },
            {
               name: "[oss-security] 20130226 [OSSA-2013-006] VNC proxy can connect to the wrong VM (CVE-2013-0335)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2013/02/26/7",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://review.openstack.org/#/c/22872/",
            },
            {
               name: "USN-1771-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-1771-1",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://review.openstack.org/#/c/22758",
            },
            {
               name: "RHSA-2013:0709",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0709.html",
            },
            {
               name: "52337",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/52337",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://review.openstack.org/#/c/22086/",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2013-0335",
      datePublished: "2013-03-22T21:00:00",
      dateReserved: "2012-12-06T00:00:00",
      dateUpdated: "2024-08-06T14:25:09.083Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2012-3360
Vulnerability from cvelistv5
Published
2012-07-22 16:00
Modified
2024-08-06 20:05
Severity ?
Summary
Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T20:05:12.510Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "54277",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/54277",
               },
               {
                  name: "49763",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/49763",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugs.launchpad.net/nova/+bug/1015531",
               },
               {
                  name: "49802",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/49802",
               },
               {
                  name: "[openstack] 20120603 [OSSA 2012-008] Arbitrary file injection/corruption through directory traversal issues (CVE-2012-3360, CVE-2012-3361)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.launchpad.net/openstack/msg14089.html",
               },
               {
                  name: "FEDORA-2012-10420",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9",
               },
               {
                  name: "USN-1497-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-1497-1",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2012-06-03T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2012-07-25T09:00:00",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "54277",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/54277",
            },
            {
               name: "49763",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/49763",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugs.launchpad.net/nova/+bug/1015531",
            },
            {
               name: "49802",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/49802",
            },
            {
               name: "[openstack] 20120603 [OSSA 2012-008] Arbitrary file injection/corruption through directory traversal issues (CVE-2012-3360, CVE-2012-3361)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.launchpad.net/openstack/msg14089.html",
            },
            {
               name: "FEDORA-2012-10420",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9",
            },
            {
               name: "USN-1497-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-1497-1",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2012-3360",
      datePublished: "2012-07-22T16:00:00",
      dateReserved: "2012-06-14T00:00:00",
      dateUpdated: "2024-08-06T20:05:12.510Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2013-1838
Vulnerability from cvelistv5
Published
2013-03-22 21:00
Modified
2024-08-06 15:13
Severity ?
Summary
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.
References
https://lists.launchpad.net/openstack/msg21892.htmlmailing-list, x_refsource_MLIST
http://www.securityfocus.com/bid/58492vdb-entry, x_refsource_BID
https://bugs.launchpad.net/nova/+bug/1125468x_refsource_CONFIRM
http://ubuntu.com/usn/usn-1771-1vendor-advisory, x_refsource_UBUNTU
https://review.openstack.org/#/c/24453/x_refsource_CONFIRM
http://secunia.com/advisories/52728third-party-advisory, x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=919648x_refsource_MISC
http://secunia.com/advisories/52580third-party-advisory, x_refsource_SECUNIA
http://osvdb.org/91303vdb-entry, x_refsource_OSVDB
https://review.openstack.org/#/c/24452/x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/82877vdb-entry, x_refsource_XF
http://rhn.redhat.com/errata/RHSA-2013-0709.htmlvendor-advisory, x_refsource_REDHAT
https://review.openstack.org/#/c/24451/x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2013/03/14/18mailing-list, x_refsource_MLIST
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T15:13:33.340Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "[openstack] 20130314 [OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "https://lists.launchpad.net/openstack/msg21892.html",
               },
               {
                  name: "58492",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/58492",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugs.launchpad.net/nova/+bug/1125468",
               },
               {
                  name: "USN-1771-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://ubuntu.com/usn/usn-1771-1",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://review.openstack.org/#/c/24453/",
               },
               {
                  name: "52728",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/52728",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=919648",
               },
               {
                  name: "52580",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/52580",
               },
               {
                  name: "91303",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/91303",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://review.openstack.org/#/c/24452/",
               },
               {
                  name: "nova-fixedips-dos(82877)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/82877",
               },
               {
                  name: "RHSA-2013:0709",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0709.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://review.openstack.org/#/c/24451/",
               },
               {
                  name: "[oss-security] 20130314 [OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2013/03/14/18",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2013-03-14T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-08-28T12:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "[openstack] 20130314 [OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "https://lists.launchpad.net/openstack/msg21892.html",
            },
            {
               name: "58492",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/58492",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugs.launchpad.net/nova/+bug/1125468",
            },
            {
               name: "USN-1771-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://ubuntu.com/usn/usn-1771-1",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://review.openstack.org/#/c/24453/",
            },
            {
               name: "52728",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/52728",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=919648",
            },
            {
               name: "52580",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/52580",
            },
            {
               name: "91303",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/91303",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://review.openstack.org/#/c/24452/",
            },
            {
               name: "nova-fixedips-dos(82877)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/82877",
            },
            {
               name: "RHSA-2013:0709",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0709.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://review.openstack.org/#/c/24451/",
            },
            {
               name: "[oss-security] 20130314 [OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2013/03/14/18",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2013-1838",
      datePublished: "2013-03-22T21:00:00",
      dateReserved: "2013-02-19T00:00:00",
      dateUpdated: "2024-08-06T15:13:33.340Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2013-0266
Vulnerability from cvelistv5
Published
2013-03-08 21:00
Modified
2024-08-06 14:18
Severity ?
Summary
manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T14:18:09.602Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=908581",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/puppetlabs/puppetlabs-cinder/commit/7da792fbd40c0e6eae1ee093aa00e0b177bd2ebc",
               },
               {
                  name: "RHSA-2013:0595",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0595.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2013-03-08T21:00:00Z",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=908581",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/puppetlabs/puppetlabs-cinder/commit/7da792fbd40c0e6eae1ee093aa00e0b177bd2ebc",
            },
            {
               name: "RHSA-2013:0595",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0595.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2013-0266",
      datePublished: "2013-03-08T21:00:00Z",
      dateReserved: "2012-12-06T00:00:00Z",
      dateUpdated: "2024-08-06T14:18:09.602Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2013-0208
Vulnerability from cvelistv5
Published
2013-02-13 16:00
Modified
2024-08-06 14:18
Severity ?
Summary
The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T14:18:09.192Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openstack/nova/commit/317cc0af385536dee43ef2addad50a91357fc1ad",
               },
               {
                  name: "RHSA-2013:0208",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2013-0208.html",
               },
               {
                  name: "51992",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/51992",
               },
               {
                  name: "51963",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/51963",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://bugs.launchpad.net/nova/+bug/1069904",
               },
               {
                  name: "[oss-security] 20130129 [OSSA 2013-001] Boot from volume allows access to random volumes (CVE-2013-0208)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2013/01/29/9",
               },
               {
                  name: "57613",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/57613",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/openstack/nova/commit/243d516cea9d3caa5a8267b12d2f577dcb24193b",
               },
               {
                  name: "USN-1709-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-1709-1",
               },
               {
                  name: "89661",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/89661",
               },
               {
                  name: "nova-volume-security-bypass(81697)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/81697",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=902629",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2013-01-28T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-08-28T12:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openstack/nova/commit/317cc0af385536dee43ef2addad50a91357fc1ad",
            },
            {
               name: "RHSA-2013:0208",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2013-0208.html",
            },
            {
               name: "51992",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/51992",
            },
            {
               name: "51963",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/51963",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://bugs.launchpad.net/nova/+bug/1069904",
            },
            {
               name: "[oss-security] 20130129 [OSSA 2013-001] Boot from volume allows access to random volumes (CVE-2013-0208)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://www.openwall.com/lists/oss-security/2013/01/29/9",
            },
            {
               name: "57613",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/57613",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/openstack/nova/commit/243d516cea9d3caa5a8267b12d2f577dcb24193b",
            },
            {
               name: "USN-1709-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-1709-1",
            },
            {
               name: "89661",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/89661",
            },
            {
               name: "nova-volume-security-bypass(81697)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/81697",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=902629",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2013-0208",
      datePublished: "2013-02-13T16:00:00",
      dateReserved: "2012-12-06T00:00:00",
      dateUpdated: "2024-08-06T14:18:09.192Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

Vulnerability from fkie_nvd
Published
2012-01-13 18:55
Modified
2024-11-21 01:34
Severity ?
Summary
Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter.
Impacted products
Vendor Product Version
openstack essex *
openstack nova 2011.3



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openstack:essex:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F50B9DA6-B071-4B48-A486-54CB3E64AE58",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openstack:nova:2011.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "91787837-B00F-4C62-BCCD-FAAE65563E78",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter.",
      },
      {
         lang: "es",
         value: "Nova v2011.3 y Essex, cuando usan la API OpenStack, permite a usuarios remotos autenticados eludir las restricciones de acceso mediante una solicitud con un parámetro URI project_id modificado.",
      },
   ],
   id: "CVE-2012-0030",
   lastModified: "2024-11-21T01:34:14.790",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.9,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 6.8,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2012-01-13T18:55:04.157",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/47543",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/51370",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ubuntu.com/usn/USN-1326-1",
      },
      {
         source: "secalert@redhat.com",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/72296",
      },
      {
         source: "secalert@redhat.com",
         url: "https://github.com/openstack/nova/commit/3d4ffb64f1e18117240c26809788528979e3bd15#diff-0",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "https://lists.launchpad.net/openstack/msg06648.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/47543",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/51370",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-1326-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/72296",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openstack/nova/commit/3d4ffb64f1e18117240c26809788528979e3bd15#diff-0",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://lists.launchpad.net/openstack/msg06648.html",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2012-07-31 10:45
Modified
2024-11-21 01:40
Severity ?
Summary
OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.
References
secalert@redhat.comhttp://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa
secalert@redhat.comhttp://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355Patch
secalert@redhat.comhttp://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626Exploit, Patch
secalert@redhat.comhttp://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d
secalert@redhat.comhttp://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454
secalert@redhat.comhttp://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56deExploit, Patch
secalert@redhat.comhttp://secunia.com/advisories/50045
secalert@redhat.comhttp://secunia.com/advisories/50494
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2012/07/27/4Patch
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1552-1
secalert@redhat.comhttps://bugs.launchpad.net/keystone/+bug/996595
secalert@redhat.comhttps://bugs.launchpad.net/keystone/+bug/997194
secalert@redhat.comhttps://bugs.launchpad.net/keystone/+bug/998185
secalert@redhat.comhttps://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gzPatch
af854a3a-2127-422b-91ae-364da2661108http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa
af854a3a-2127-422b-91ae-364da2661108http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355Patch
af854a3a-2127-422b-91ae-364da2661108http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d
af854a3a-2127-422b-91ae-364da2661108http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454
af854a3a-2127-422b-91ae-364da2661108http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56deExploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/50045
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/50494
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/07/27/4Patch
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1552-1
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/keystone/+bug/996595
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/keystone/+bug/997194
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/keystone/+bug/998185
af854a3a-2127-422b-91ae-364da2661108https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gzPatch
Impacted products
Vendor Product Version
openstack essex *
openstack horizon folsom-1
openstack keystone 2012.1
openstack keystone 2012.1.1



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openstack:essex:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F50B9DA6-B071-4B48-A486-54CB3E64AE58",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openstack:horizon:folsom-1:*:*:*:*:*:*:*",
                     matchCriteriaId: "1E72EACB-1FA6-4F1D-A3C8-D255C705AAAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openstack:keystone:2012.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "8DACEFF0-BA6A-4184-A1AB-397438034AF0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openstack:keystone:2012.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "C5BD2FC1-7C36-4532-813A-DED5F0BD1FFF",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.",
      },
      {
         lang: "es",
         value: "OpenStack Keystone antes de v2012.1.1, como se usa en OpenStack Folsom antes de Folsom-1 y OpenStack Essex, no implementan apropiadamente la expiración de los token, lo que permite a usuarios autenticados remotamente evitar restricciones de acceso (1) creando nuevos token a través de la cadena de token, (2) aprovechando la posesión de un token de una cuenta de usuario deshabilitada o (3) aprovechando la posesión de un token de una cuenta con una contraseña cambiada",
      },
   ],
   id: "CVE-2012-3426",
   lastModified: "2024-11-21T01:40:51.183",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "NONE",
               baseScore: 4.9,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 6.8,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2012-07-31T10:45:42.670",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626",
      },
      {
         source: "secalert@redhat.com",
         url: "http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d",
      },
      {
         source: "secalert@redhat.com",
         url: "http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/50045",
      },
      {
         source: "secalert@redhat.com",
         url: "http://secunia.com/advisories/50494",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "http://www.openwall.com/lists/oss-security/2012/07/27/4",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ubuntu.com/usn/USN-1552-1",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugs.launchpad.net/keystone/+bug/996595",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugs.launchpad.net/keystone/+bug/997194",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugs.launchpad.net/keystone/+bug/998185",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/50045",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/50494",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.openwall.com/lists/oss-security/2012/07/27/4",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-1552-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugs.launchpad.net/keystone/+bug/996595",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugs.launchpad.net/keystone/+bug/997194",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugs.launchpad.net/keystone/+bug/998185",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2012-07-17 21:55
Modified
2024-11-21 01:40
Severity ?
Summary
The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section.
Impacted products
Vendor Product Version
openstack compute 2012.2
openstack essex 2012.1
openstack folsom 2012.2



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openstack:compute:2012.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "0E9D8029-F7DD-435D-B4F4-D3DABDB7333B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E76B76AB-D744-4163-8615-7BA18ABB1347",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section.",
      },
      {
         lang: "es",
         value: "El planificador Nova en OpenStack Compute (Nova) Folsom (2012.2) y Essex (2012.1), cuando DifferentHostFilter o SameHostFilter están activados, permite a usuarios remotos autenticados provocar una denegación de servicio (exceso de llamadas de búsqueda de base de datos y el servidor se bloquea) a través de una solicitud con muchos identificadores repetidos en el sistema operativo: Sección scheduler_hints.",
      },
   ],
   id: "CVE-2012-3371",
   lastModified: "2024-11-21T01:40:43.773",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 3.5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:S/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 6.8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2012-07-17T21:55:02.350",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://www.openwall.com/lists/oss-security/2012/07/11/13",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/54388",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ubuntu.com/usn/USN-1501-1",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
         ],
         url: "https://bugs.launchpad.net/nova/+bug/1017795",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.launchpad.net/openstack/msg14452.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2012/07/11/13",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/54388",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-1501-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "https://bugs.launchpad.net/nova/+bug/1017795",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.launchpad.net/openstack/msg14452.html",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2012-06-21 15:55
Modified
2024-11-21 01:39
Severity ?
Summary
The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions.
References
secalert@redhat.comhttp://secunia.com/advisories/46808Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/49439Vendor Advisory
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1466-1
secalert@redhat.comhttps://bugs.launchpad.net/nova/+bug/985184Patch
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/76110
secalert@redhat.comhttps://github.com/openstack/nova/commit/9f9e9da777161426a6f8cb4314b78e09beac2978Exploit, Patch
secalert@redhat.comhttps://github.com/openstack/nova/commit/ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654Exploit, Patch
secalert@redhat.comhttps://lists.launchpad.net/openstack/msg12883.html
secalert@redhat.comhttps://review.openstack.org/#/c/8239/
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/46808Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/49439Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1466-1
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/nova/+bug/985184Patch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/76110
af854a3a-2127-422b-91ae-364da2661108https://github.com/openstack/nova/commit/9f9e9da777161426a6f8cb4314b78e09beac2978Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/openstack/nova/commit/ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108https://lists.launchpad.net/openstack/msg12883.html
af854a3a-2127-422b-91ae-364da2661108https://review.openstack.org/#/c/8239/
Impacted products
Vendor Product Version
openstack compute 2012.2
openstack diablo 2011.3
openstack essex 2012.1



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openstack:compute:2012.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "0E9D8029-F7DD-435D-B4F4-D3DABDB7333B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openstack:diablo:2011.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "65FA489C-5FDC-4887-9F1F-66177F87DB5E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions.",
      },
      {
         lang: "es",
         value: "Las APIs (1) EC2 y (2) OS en OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1) y Diablo (2011.3) no comprueban correctamente el protocolo cuando se crean grupos de seguridad y el protocolo de red no se ha especificado por completo en minúsculas, lo que permite a atacantes remotos eludir restricciones de acceso.",
      },
   ],
   id: "CVE-2012-2654",
   lastModified: "2024-11-21T01:39:21.673",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2012-06-21T15:55:12.847",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/46808",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/49439",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ubuntu.com/usn/USN-1466-1",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "https://bugs.launchpad.net/nova/+bug/985184",
      },
      {
         source: "secalert@redhat.com",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/76110",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "https://github.com/openstack/nova/commit/9f9e9da777161426a6f8cb4314b78e09beac2978",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "https://github.com/openstack/nova/commit/ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.launchpad.net/openstack/msg12883.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://review.openstack.org/#/c/8239/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/46808",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/49439",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-1466-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://bugs.launchpad.net/nova/+bug/985184",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/76110",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "https://github.com/openstack/nova/commit/9f9e9da777161426a6f8cb4314b78e09beac2978",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "https://github.com/openstack/nova/commit/ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.launchpad.net/openstack/msg12883.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://review.openstack.org/#/c/8239/",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2012-12-18 01:55
Modified
2024-11-21 01:44
Severity ?
Summary
OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role.
References
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-1556.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-1557.html
secalert@redhat.comhttp://secunia.com/advisories/51423Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/51436Vendor Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2012/11/28/5Patch
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2012/11/28/6Patch
secalert@redhat.comhttp://www.securityfocus.com/bid/56726
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1641-1
secalert@redhat.comhttps://bugs.launchpad.net/keystone/+bug/1064914Patch
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/80333
secalert@redhat.comhttps://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713bPatch
secalert@redhat.comhttps://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19Patch
secalert@redhat.comhttps://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653Patch
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-1556.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-1557.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51423Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51436Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/11/28/5Patch
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/11/28/6Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/56726
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1641-1
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/keystone/+bug/1064914Patch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/80333
af854a3a-2127-422b-91ae-364da2661108https://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713bPatch
af854a3a-2127-422b-91ae-364da2661108https://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653Patch
Impacted products
Vendor Product Version
openstack essex 2012.1
openstack folsom 2012.2



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E76B76AB-D744-4163-8615-7BA18ABB1347",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role.",
      },
      {
         lang: "es",
         value: "OpenStack Keystone Essex (2012.1) and Folsom (2012.2) no controlan correctamente los token EC2 cuando la función de usuario se ha eliminado de un inquilino, lo que permite a usuarios autenticados remotamente eludir las restricciones previstas al aprovechar un token para la función de usuario eliminado.",
      },
   ],
   id: "CVE-2012-5571",
   lastModified: "2024-11-21T01:44:54.593",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "NONE",
               baseScore: 3.5,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 6.8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2012-12-18T01:55:03.570",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2012-1556.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2012-1557.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/51423",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/51436",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "http://www.openwall.com/lists/oss-security/2012/11/28/5",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "http://www.openwall.com/lists/oss-security/2012/11/28/6",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/56726",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ubuntu.com/usn/USN-1641-1",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "https://bugs.launchpad.net/keystone/+bug/1064914",
      },
      {
         source: "secalert@redhat.com",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80333",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "https://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713b",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "https://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "https://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2012-1556.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2012-1557.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/51423",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/51436",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.openwall.com/lists/oss-security/2012/11/28/5",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.openwall.com/lists/oss-security/2012/11/28/6",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/56726",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-1641-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://bugs.launchpad.net/keystone/+bug/1064914",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80333",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713b",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-255",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2013-02-13 16:55
Modified
2024-11-21 01:47
Severity ?
Summary
The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter.
References
secalert@redhat.comhttp://osvdb.org/89661
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-0208.html
secalert@redhat.comhttp://secunia.com/advisories/51963Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/51992Vendor Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2013/01/29/9
secalert@redhat.comhttp://www.securityfocus.com/bid/57613
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1709-1
secalert@redhat.comhttps://bugs.launchpad.net/nova/+bug/1069904
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=902629
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/81697
secalert@redhat.comhttps://github.com/openstack/nova/commit/243d516cea9d3caa5a8267b12d2f577dcb24193b
secalert@redhat.comhttps://github.com/openstack/nova/commit/317cc0af385536dee43ef2addad50a91357fc1ad
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/89661
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0208.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51963Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51992Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2013/01/29/9
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/57613
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1709-1
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/nova/+bug/1069904
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=902629
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/81697
af854a3a-2127-422b-91ae-364da2661108https://github.com/openstack/nova/commit/243d516cea9d3caa5a8267b12d2f577dcb24193b
af854a3a-2127-422b-91ae-364da2661108https://github.com/openstack/nova/commit/317cc0af385536dee43ef2addad50a91357fc1ad
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openstack:essex:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EEEA665A-AE0F-4C48-87F0-83F3EB4E65CB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F5BA13BC-F088-45AA-AD10-B74F89CE5375",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "E4174F4F-149E-41A6-BBCC-D01114C05F38",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
                     matchCriteriaId: "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "E2076871-2E80-4605-A470-A41C1A8EC7EE",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter.",
      },
      {
         lang: "es",
         value: "La función de arranque de volumen en OpenStack Compute (Nova) Folsom y Essex, al utilizar NOVA-volúmenes, permite a usuarios remotos autenticados para arrancar desde volúmenes de otros usuarios a través de un identificador de volumen en el parámetro block_device_mapping.",
      },
   ],
   evaluatorComment: "Per http://www.ubuntu.com/usn/USN-1709-1/\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\nUbuntu 12.10\r\nUbuntu 12.04 LTS\r\nUbuntu 11.10\r\n",
   id: "CVE-2013-0208",
   lastModified: "2024-11-21T01:47:03.997",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2013-02-13T16:55:01.617",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://osvdb.org/89661",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2013-0208.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/51963",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/51992",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.openwall.com/lists/oss-security/2013/01/29/9",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/57613",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ubuntu.com/usn/USN-1709-1",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugs.launchpad.net/nova/+bug/1069904",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=902629",
      },
      {
         source: "secalert@redhat.com",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/81697",
      },
      {
         source: "secalert@redhat.com",
         url: "https://github.com/openstack/nova/commit/243d516cea9d3caa5a8267b12d2f577dcb24193b",
      },
      {
         source: "secalert@redhat.com",
         url: "https://github.com/openstack/nova/commit/317cc0af385536dee43ef2addad50a91357fc1ad",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/89661",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2013-0208.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/51963",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/51992",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2013/01/29/9",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/57613",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-1709-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugs.launchpad.net/nova/+bug/1069904",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=902629",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/81697",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openstack/nova/commit/243d516cea9d3caa5a8267b12d2f577dcb24193b",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openstack/nova/commit/317cc0af385536dee43ef2addad50a91357fc1ad",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2013-03-08 21:55
Modified
2024-11-21 01:47
Severity ?
Summary
manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files.
Impacted products
Vendor Product Version
openstack essex -
openstack folsom -



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openstack:essex:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EEEA665A-AE0F-4C48-87F0-83F3EB4E65CB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F5BA13BC-F088-45AA-AD10-B74F89CE5375",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files.",
      },
      {
         lang: "es",
         value: "manifests/base.pp en el módulo puppetlabs-cinder, tal como se utiliza en PackStack le da permisos de lectura para todo el mundo a los archovs de configuración (1) cinder.conf y (2) api-paste.ini, lo que permite a usuarios locales leer contraseñas de administarción de OpenStack mediante la lectura de dichos archivos.\r\n",
      },
   ],
   id: "CVE-2013-0266",
   lastModified: "2024-11-21T01:47:11.577",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.1,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2013-03-08T21:55:01.960",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2013-0595.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=908581",
      },
      {
         source: "secalert@redhat.com",
         url: "https://github.com/puppetlabs/puppetlabs-cinder/commit/7da792fbd40c0e6eae1ee093aa00e0b177bd2ebc",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2013-0595.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=908581",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/puppetlabs/puppetlabs-cinder/commit/7da792fbd40c0e6eae1ee093aa00e0b177bd2ebc",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-362",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2012-07-22 16:55
Modified
2024-11-21 01:40
Severity ?
Summary
Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element.
References
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html
secalert@redhat.comhttp://secunia.com/advisories/49763Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/49802Vendor Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/54277
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1497-1
secalert@redhat.comhttps://bugs.launchpad.net/nova/+bug/1015531
secalert@redhat.comhttps://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7
secalert@redhat.comhttps://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9Exploit, Patch
secalert@redhat.comhttps://lists.launchpad.net/openstack/msg14089.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/49763Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/49802Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/54277
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1497-1
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/nova/+bug/1015531
af854a3a-2127-422b-91ae-364da2661108https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7
af854a3a-2127-422b-91ae-364da2661108https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108https://lists.launchpad.net/openstack/msg14089.html
Impacted products
Vendor Product Version
openstack essex 2012.1
openstack folsom 2012.2



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E76B76AB-D744-4163-8615-7BA18ABB1347",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de salto de directorio en virt/disk/api.py en OpenStack Compute (Nova) Folsom (2.012,2) y Essex (2.012,1), cuando se utiliza durante libvirt basados ??en hipervisores, permite a usuarios remotos autenticados escribir archivos arbitrarios a la imagen de disco a través de un. . (punto punto) en el atributo de ruta de un elemento de archivo",
      },
   ],
   id: "CVE-2012-3360",
   lastModified: "2024-11-21T01:40:42.273",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 5.5,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2012-07-22T16:55:45.853",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/49763",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/49802",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/54277",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ubuntu.com/usn/USN-1497-1",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugs.launchpad.net/nova/+bug/1015531",
      },
      {
         source: "secalert@redhat.com",
         url: "https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.launchpad.net/openstack/msg14089.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/49763",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/49802",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/54277",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-1497-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugs.launchpad.net/nova/+bug/1015531",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.launchpad.net/openstack/msg14089.html",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-22",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2013-03-22 21:55
Modified
2024-11-21 01:50
Severity ?
Summary
The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.
References
secalert@redhat.comhttp://osvdb.org/91304
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-0707.html
secalert@redhat.comhttp://secunia.com/advisories/52565Vendor Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2013/03/14/15
secalert@redhat.comhttp://www.securityfocus.com/bid/58490
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1764-1
secalert@redhat.comhttps://bugs.launchpad.net/glance/+bug/1135541
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/82878
secalert@redhat.comhttps://review.openstack.org/#/c/24437/
secalert@redhat.comhttps://review.openstack.org/#/c/24438/
secalert@redhat.comhttps://review.openstack.org/#/c/24439/
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/91304
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0707.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/52565Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2013/03/14/15
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/58490
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1764-1
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/glance/+bug/1135541
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/82878
af854a3a-2127-422b-91ae-364da2661108https://review.openstack.org/#/c/24437/
af854a3a-2127-422b-91ae-364da2661108https://review.openstack.org/#/c/24438/
af854a3a-2127-422b-91ae-364da2661108https://review.openstack.org/#/c/24439/
Impacted products
Vendor Product Version
openstack glance v1
openstack essex 2012.1
openstack folsom 2012.2
amazon s3_store -
openstack swift -



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openstack:glance:v1:*:*:*:*:*:*:*",
                     matchCriteriaId: "3E39288B-D80F-493D-BD2A-6A749EBCE0AB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E76B76AB-D744-4163-8615-7BA18ABB1347",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:amazon:s3_store:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "05BC26BF-62C4-47E9-81B1-C968904F1FF2",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:a:openstack:swift:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "BE675165-BF5F-4BB3-964F-777CC3DDFF98",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.",
      },
      {
         lang: "es",
         value: "La API v1 en OpenStack Vistazo Essex (2012.1), Folsom (2012.2) y Grizzly, al utilizar el 'single-tenant Swift' o la tienda S3, informa el campo de ubicación, lo que permite obtener las credenciales del back-end del operador a usuarios remotos autenticados a través de una solicitud de una imagen almacenada en caché.",
      },
   ],
   id: "CVE-2013-1840",
   lastModified: "2024-11-21T01:50:29.740",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "NONE",
               baseScore: 3.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:M/Au:S/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 6.8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2013-03-22T21:55:01.487",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://osvdb.org/91304",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2013-0707.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/52565",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.openwall.com/lists/oss-security/2013/03/14/15",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/58490",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ubuntu.com/usn/USN-1764-1",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugs.launchpad.net/glance/+bug/1135541",
      },
      {
         source: "secalert@redhat.com",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/82878",
      },
      {
         source: "secalert@redhat.com",
         url: "https://review.openstack.org/#/c/24437/",
      },
      {
         source: "secalert@redhat.com",
         url: "https://review.openstack.org/#/c/24438/",
      },
      {
         source: "secalert@redhat.com",
         url: "https://review.openstack.org/#/c/24439/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/91304",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2013-0707.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/52565",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2013/03/14/15",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/58490",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-1764-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugs.launchpad.net/glance/+bug/1135541",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/82878",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://review.openstack.org/#/c/24437/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://review.openstack.org/#/c/24438/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://review.openstack.org/#/c/24439/",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-200",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2012-09-05 23:55
Modified
2024-11-21 01:41
Severity ?
Summary
OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540.
References
secalert@redhat.comhttp://secunia.com/advisories/50467Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/50494Vendor Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2012/08/30/6
secalert@redhat.comhttp://www.securityfocus.com/bid/55326
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1552-1
secalert@redhat.comhttps://bugs.launchpad.net/keystone/+bug/1040626
secalert@redhat.comhttps://github.com/openstack/keystone/commit/5438d3b5a219d7c8fa67e66e538d325a61617155Patch
secalert@redhat.comhttps://github.com/openstack/keystone/commit/c13d0ba606f7b2bdc609a7f388334e5efec3f3aaPatch
secalert@redhat.comhttps://lists.launchpad.net/openstack/msg16282.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/50467Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/50494Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/08/30/6
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/55326
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1552-1
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/keystone/+bug/1040626
af854a3a-2127-422b-91ae-364da2661108https://github.com/openstack/keystone/commit/5438d3b5a219d7c8fa67e66e538d325a61617155Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/openstack/keystone/commit/c13d0ba606f7b2bdc609a7f388334e5efec3f3aaPatch
af854a3a-2127-422b-91ae-364da2661108https://lists.launchpad.net/openstack/msg16282.html
Impacted products
Vendor Product Version
openstack essex 2012.1
openstack horizon folsom-3



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openstack:horizon:folsom-3:*:*:*:*:*:*:*",
                     matchCriteriaId: "95F66BD8-E885-4C11-B41D-8D3004BF106D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API.  NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540.",
      },
      {
         lang: "es",
         value: "OpenStack Keystone, tal como se utiliza en OpenStack Folsom Folsom antes-rc1 y OpenStack Essex (2012.1), permite a atacantes remotos  añadir un usuario arbitrario a través de una solicitud para actualizar el usuario por defecto para la API de administración. NOTA: este identificador originalmente fue incorrectamente asignado a otro problema, pero el identificador correcto es CVE-2012-3540.",
      },
   ],
   id: "CVE-2012-3542",
   lastModified: "2024-11-21T01:41:05.780",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2012-09-05T23:55:02.523",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/50467",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/50494",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.openwall.com/lists/oss-security/2012/08/30/6",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/55326",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ubuntu.com/usn/USN-1552-1",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugs.launchpad.net/keystone/+bug/1040626",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "https://github.com/openstack/keystone/commit/5438d3b5a219d7c8fa67e66e538d325a61617155",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "https://github.com/openstack/keystone/commit/c13d0ba606f7b2bdc609a7f388334e5efec3f3aa",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.launchpad.net/openstack/msg16282.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/50467",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/50494",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2012/08/30/6",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/55326",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-1552-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugs.launchpad.net/keystone/+bug/1040626",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://github.com/openstack/keystone/commit/5438d3b5a219d7c8fa67e66e538d325a61617155",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://github.com/openstack/keystone/commit/c13d0ba606f7b2bdc609a7f388334e5efec3f3aa",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.launchpad.net/openstack/msg16282.html",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2013-03-22 21:55
Modified
2024-11-21 01:50
Severity ?
Summary
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.
References
secalert@redhat.comhttp://osvdb.org/91303
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-0709.html
secalert@redhat.comhttp://secunia.com/advisories/52580Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/52728Vendor Advisory
secalert@redhat.comhttp://ubuntu.com/usn/usn-1771-1
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2013/03/14/18
secalert@redhat.comhttp://www.securityfocus.com/bid/58492
secalert@redhat.comhttps://bugs.launchpad.net/nova/+bug/1125468
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=919648
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/82877
secalert@redhat.comhttps://lists.launchpad.net/openstack/msg21892.html
secalert@redhat.comhttps://review.openstack.org/#/c/24451/
secalert@redhat.comhttps://review.openstack.org/#/c/24452/
secalert@redhat.comhttps://review.openstack.org/#/c/24453/
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/91303
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0709.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/52580Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/52728Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://ubuntu.com/usn/usn-1771-1
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2013/03/14/18
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/58492
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/nova/+bug/1125468
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=919648
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/82877
af854a3a-2127-422b-91ae-364da2661108https://lists.launchpad.net/openstack/msg21892.html
af854a3a-2127-422b-91ae-364da2661108https://review.openstack.org/#/c/24451/
af854a3a-2127-422b-91ae-364da2661108https://review.openstack.org/#/c/24452/
af854a3a-2127-422b-91ae-364da2661108https://review.openstack.org/#/c/24453/
Impacted products
Vendor Product Version
openstack essex 2012.1
openstack folsom 2012.2
openstack grizzly 2012.2
canonical ubuntu_linux 11.10
canonical ubuntu_linux 12.04
canonical ubuntu_linux 12.10



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E76B76AB-D744-4163-8615-7BA18ABB1347",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openstack:grizzly:2012.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "C1D5C8DE-FC66-4787-A65B-CA921881DF67",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "E4174F4F-149E-41A6-BBCC-D01114C05F38",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
                     matchCriteriaId: "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "E2076871-2E80-4605-A470-A41C1A8EC7EE",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.",
      },
      {
         lang: "es",
         value: "OpenStack Compute (Nova) Grizzly, Folsom (versión 2012.2) y Essex (versión 2012.1) no implementan apropiadamente una cuota para direcciones IP fijas, lo que permite a los usuarios autenticados remotos causar una denegación de servicio (agotamiento de recursos y fallo para crear nuevas instancias) por medio de un gran número de llamadas a la función addFixedIp.",
      },
   ],
   evaluatorImpact: "Per http://www.ubuntu.com/usn/usn-1771-1/\r\n\"A security issue affects these releases of Ubuntu and its derivatives:\r\n\r\nUbuntu 12.10\r\nUbuntu 12.04 LTS\r\nUbuntu 11.10\"",
   id: "CVE-2013-1838",
   lastModified: "2024-11-21T01:50:29.483",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 4,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2013-03-22T21:55:01.453",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://osvdb.org/91303",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2013-0709.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/52580",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/52728",
      },
      {
         source: "secalert@redhat.com",
         url: "http://ubuntu.com/usn/usn-1771-1",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.openwall.com/lists/oss-security/2013/03/14/18",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/58492",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugs.launchpad.net/nova/+bug/1125468",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=919648",
      },
      {
         source: "secalert@redhat.com",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/82877",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.launchpad.net/openstack/msg21892.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://review.openstack.org/#/c/24451/",
      },
      {
         source: "secalert@redhat.com",
         url: "https://review.openstack.org/#/c/24452/",
      },
      {
         source: "secalert@redhat.com",
         url: "https://review.openstack.org/#/c/24453/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/91303",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2013-0709.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/52580",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/52728",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://ubuntu.com/usn/usn-1771-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2013/03/14/18",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/58492",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugs.launchpad.net/nova/+bug/1125468",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=919648",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/82877",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.launchpad.net/openstack/msg21892.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://review.openstack.org/#/c/24451/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://review.openstack.org/#/c/24452/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://review.openstack.org/#/c/24453/",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-399",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2013-03-08 21:55
Modified
2024-11-21 01:47
Severity ?
Summary
(1) installer/basedefs.py and (2) modules/ospluginutils.py in PackStack allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
Impacted products
Vendor Product Version
openstack essex -
openstack folsom -



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openstack:essex:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EEEA665A-AE0F-4C48-87F0-83F3EB4E65CB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F5BA13BC-F088-45AA-AD10-B74F89CE5375",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "(1) installer/basedefs.py and (2) modules/ospluginutils.py in PackStack allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.",
      },
      {
         lang: "es",
         value: "(1) installer/basedefs.py y (2) modules/ospluginutils.py en PackStack permite a los usuarios locales sobreescribir ficheros de su elección mediante un ataque de enlaces simbólicos en un archivo temporal con un nombre predecible en /tmp.\r\n",
      },
   ],
   evaluatorImpact: "Per http://rhn.redhat.com/errata/RHSA-2013-0595.html these are the affected products:\r\n\r\nRed Hat OpenStack Essex\r\nRed Hat OpenStack Folsom",
   id: "CVE-2013-0261",
   lastModified: "2024-11-21T01:47:10.907",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "LOCAL",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 4.4,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 3.4,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2013-03-08T21:55:01.947",
   references: [
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2013-0595.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=908101",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://rhn.redhat.com/errata/RHSA-2013-0595.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=908101",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2012-11-11 13:00
Modified
2024-11-21 01:44
Severity ?
Summary
The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.
References
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html
secalert@redhat.comhttp://osvdb.org/87248
secalert@redhat.comhttp://secunia.com/advisories/51174Vendor Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2012/11/07/6
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2012/11/08/2
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2012/11/09/1
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2012/11/09/5
secalert@redhat.comhttp://www.securityfocus.com/bid/56437
secalert@redhat.comhttps://bugs.launchpad.net/glance/+bug/1076506
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/80019
secalert@redhat.comhttps://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88
secalert@redhat.comhttps://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/87248
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51174Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/11/07/6
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/11/08/2
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/11/09/1
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/11/09/5
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/56437
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/glance/+bug/1076506
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/80019
af854a3a-2127-422b-91ae-364da2661108https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88
af854a3a-2127-422b-91ae-364da2661108https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E76B76AB-D744-4163-8615-7BA18ABB1347",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC5343C7-8EBD-49A5-8423-22F88DE0CBD2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.",
      },
      {
         lang: "es",
         value: "v2 API en OpenStack Glance Grizzly, Folsom (2012.2)y Essex (2012.1), permite a usuarios remotos autenticados, borrar imágenes no protegidas de su elección a través de una petición de borrado de imagen. NOTA: Esta vulnerabilidad existe por una solución incompleta para CVE-2012-4573.",
      },
   ],
   id: "CVE-2012-5482",
   lastModified: "2024-11-21T01:44:44.163",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 5.5,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2012-11-11T13:00:59.620",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://osvdb.org/87248",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/51174",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.openwall.com/lists/oss-security/2012/11/07/6",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.openwall.com/lists/oss-security/2012/11/08/2",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.openwall.com/lists/oss-security/2012/11/09/1",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.openwall.com/lists/oss-security/2012/11/09/5",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/56437",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugs.launchpad.net/glance/+bug/1076506",
      },
      {
         source: "secalert@redhat.com",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80019",
      },
      {
         source: "secalert@redhat.com",
         url: "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88",
      },
      {
         source: "secalert@redhat.com",
         url: "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/87248",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/51174",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2012/11/07/6",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2012/11/08/2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2012/11/09/1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2012/11/09/5",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/56437",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugs.launchpad.net/glance/+bug/1076506",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80019",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2012-07-22 16:55
Modified
2024-11-21 01:40
Severity ?
Summary
virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image.
References
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2012-July/083969.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html
secalert@redhat.comhttp://secunia.com/advisories/49763Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/49802Vendor Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/54278
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1497-1
secalert@redhat.comhttps://bugs.launchpad.net/nova/+bug/1015531
secalert@redhat.comhttps://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7Exploit, Patch
secalert@redhat.comhttps://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9Exploit, Patch
secalert@redhat.comhttps://lists.launchpad.net/openstack/msg14089.html
secalert@redhat.comhttps://review.openstack.org/#/c/9268/
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083969.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/49763Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/49802Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/54278
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1497-1
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/nova/+bug/1015531
af854a3a-2127-422b-91ae-364da2661108https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108https://lists.launchpad.net/openstack/msg14089.html
af854a3a-2127-422b-91ae-364da2661108https://review.openstack.org/#/c/9268/
Impacted products
Vendor Product Version
openstack diablo 2011.3
openstack essex 2012.1
openstack folsom 2012.2



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openstack:diablo:2011.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "65FA489C-5FDC-4887-9F1F-66177F87DB5E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E76B76AB-D744-4163-8615-7BA18ABB1347",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image.",
      },
      {
         lang: "es",
         value: "virt/disk/api.py en OpenStack Compute (Nova) Folsom (2.012,2), Essex (2.012,1) y Diablo (2.011,3) permite a usuarios remotos autenticados sobrescribir archivos arbitrarios a través de un ataque de enlace simbólico un archivo en una imagen.",
      },
   ],
   id: "CVE-2012-3361",
   lastModified: "2024-11-21T01:40:42.420",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 5.5,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2012-07-22T16:55:48.227",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083969.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/49763",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/49802",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/54278",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ubuntu.com/usn/USN-1497-1",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugs.launchpad.net/nova/+bug/1015531",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9",
      },
      {
         source: "secalert@redhat.com",
         url: "https://lists.launchpad.net/openstack/msg14089.html",
      },
      {
         source: "secalert@redhat.com",
         url: "https://review.openstack.org/#/c/9268/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083969.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/49763",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/49802",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/54278",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-1497-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugs.launchpad.net/nova/+bug/1015531",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Patch",
         ],
         url: "https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.launchpad.net/openstack/msg14089.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://review.openstack.org/#/c/9268/",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2012-11-11 13:00
Modified
2024-11-21 01:43
Severity ?
Summary
The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482.
References
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html
secalert@redhat.comhttp://osvdb.org/87248
secalert@redhat.comhttp://packetstormsecurity.com/files/118733/Red-Hat-Security-Advisory-2012-1558-01.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-1558.html
secalert@redhat.comhttp://secunia.com/advisories/51174Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/51234Vendor Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2012/11/07/6
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2012/11/09/5
secalert@redhat.comhttp://www.securityfocus.com/bid/56437
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1626-1
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1626-2
secalert@redhat.comhttps://bugs.launchpad.net/glance/+bug/1065187
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/79895
secalert@redhat.comhttps://github.com/openstack/glance/commit/6ab0992e5472ae3f9bef0d2ced41030655d9d2bc
secalert@redhat.comhttps://github.com/openstack/glance/commit/90bcdc5a89e350a358cf320a03f5afe99795f6f6
secalert@redhat.comhttps://github.com/openstack/glance/commit/efd7e75b1f419a52c7103c7840e24af8e5deb29dPatch
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/87248
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/118733/Red-Hat-Security-Advisory-2012-1558-01.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-1558.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51174Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51234Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/11/07/6
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/11/09/5
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/56437
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1626-1
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1626-2
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/glance/+bug/1065187
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/79895
af854a3a-2127-422b-91ae-364da2661108https://github.com/openstack/glance/commit/6ab0992e5472ae3f9bef0d2ced41030655d9d2bc
af854a3a-2127-422b-91ae-364da2661108https://github.com/openstack/glance/commit/90bcdc5a89e350a358cf320a03f5afe99795f6f6
af854a3a-2127-422b-91ae-364da2661108https://github.com/openstack/glance/commit/efd7e75b1f419a52c7103c7840e24af8e5deb29dPatch
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E76B76AB-D744-4163-8615-7BA18ABB1347",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EC5343C7-8EBD-49A5-8423-22F88DE0CBD2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482.",
      },
      {
         lang: "es",
         value: "La API v1 en OpenStack Vistazo Grizzly, Folsom (2.012,2) y Essex (2012.1) permite a usuarios autenticados remotamente borrar imágenes de su elección no protegidas a través de una solicitud de eliminación de imágenes, una vulnerabilidad diferente a CVE-2012-5482.",
      },
   ],
   id: "CVE-2012-4573",
   lastModified: "2024-11-21T01:43:09.967",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 5.5,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2012-11-11T13:00:58.883",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://osvdb.org/87248",
      },
      {
         source: "secalert@redhat.com",
         url: "http://packetstormsecurity.com/files/118733/Red-Hat-Security-Advisory-2012-1558-01.html",
      },
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2012-1558.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/51174",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/51234",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.openwall.com/lists/oss-security/2012/11/07/6",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.openwall.com/lists/oss-security/2012/11/09/5",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.securityfocus.com/bid/56437",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ubuntu.com/usn/USN-1626-1",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ubuntu.com/usn/USN-1626-2",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugs.launchpad.net/glance/+bug/1065187",
      },
      {
         source: "secalert@redhat.com",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/79895",
      },
      {
         source: "secalert@redhat.com",
         url: "https://github.com/openstack/glance/commit/6ab0992e5472ae3f9bef0d2ced41030655d9d2bc",
      },
      {
         source: "secalert@redhat.com",
         url: "https://github.com/openstack/glance/commit/90bcdc5a89e350a358cf320a03f5afe99795f6f6",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Patch",
         ],
         url: "https://github.com/openstack/glance/commit/efd7e75b1f419a52c7103c7840e24af8e5deb29d",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://osvdb.org/87248",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://packetstormsecurity.com/files/118733/Red-Hat-Security-Advisory-2012-1558-01.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2012-1558.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/51174",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/51234",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2012/11/07/6",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2012/11/09/5",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/56437",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-1626-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-1626-2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugs.launchpad.net/glance/+bug/1065187",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/79895",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openstack/glance/commit/6ab0992e5472ae3f9bef0d2ced41030655d9d2bc",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://github.com/openstack/glance/commit/90bcdc5a89e350a358cf320a03f5afe99795f6f6",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://github.com/openstack/glance/commit/efd7e75b1f419a52c7103c7840e24af8e5deb29d",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2013-03-22 21:55
Modified
2024-11-21 01:47
Severity ?
Summary
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.
Impacted products
Vendor Product Version
openstack essex 2012.1
openstack folsom 2012.2
openstack grizzly 2012.2
canonical ubuntu_linux 11.10
canonical ubuntu_linux 12.04
canonical ubuntu_linux 12.10



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E76B76AB-D744-4163-8615-7BA18ABB1347",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:openstack:grizzly:2012.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "C1D5C8DE-FC66-4787-A65B-CA921881DF67",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "E4174F4F-149E-41A6-BBCC-D01114C05F38",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
                     matchCriteriaId: "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "E2076871-2E80-4605-A470-A41C1A8EC7EE",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.",
      },
      {
         lang: "es",
         value: "OpenStack Compute (Nova) Grizzly, Folsom (v2012.2) y Essex (v2012.1) permite a usuarios remotos autenticados acceder a una máquina virtual en circunstancias oportunistas utilizando el token VNC para eliminar una máquina virtual que se dirigía al mismo puerto VNC.",
      },
   ],
   evaluatorImpact: "Per http://www.ubuntu.com/usn/USN-1771-1/\r\n\"A security issue affects these releases of Ubuntu and its derivatives:\r\n\r\nUbuntu 12.10\r\nUbuntu 12.04 LTS\r\nUbuntu 11.10\"",
   id: "CVE-2013-0335",
   lastModified: "2024-11-21T01:47:19.847",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 6,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 6.8,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2013-03-22T21:55:00.880",
   references: [
      {
         source: "secalert@redhat.com",
         url: "http://rhn.redhat.com/errata/RHSA-2013-0709.html",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/52337",
      },
      {
         source: "secalert@redhat.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/52728",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.openwall.com/lists/oss-security/2013/02/26/7",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.osvdb.org/90657",
      },
      {
         source: "secalert@redhat.com",
         url: "http://www.ubuntu.com/usn/USN-1771-1",
      },
      {
         source: "secalert@redhat.com",
         url: "https://bugs.launchpad.net/nova/+bug/1125378",
      },
      {
         source: "secalert@redhat.com",
         url: "https://review.openstack.org/#/c/22086/",
      },
      {
         source: "secalert@redhat.com",
         url: "https://review.openstack.org/#/c/22758",
      },
      {
         source: "secalert@redhat.com",
         url: "https://review.openstack.org/#/c/22872/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://rhn.redhat.com/errata/RHSA-2013-0709.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/52337",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/52728",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.openwall.com/lists/oss-security/2013/02/26/7",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.osvdb.org/90657",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.ubuntu.com/usn/USN-1771-1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://bugs.launchpad.net/nova/+bug/1125378",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://review.openstack.org/#/c/22086/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://review.openstack.org/#/c/22758",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://review.openstack.org/#/c/22872/",
      },
   ],
   sourceIdentifier: "secalert@redhat.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}