Vulnerabilites related to openstack - essex
cve-2012-5482
Vulnerability from cvelistv5
Published
2012-11-11 11:00
Modified
2024-08-06 21:05
Severity ?
EPSS score ?
Summary
The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T21:05:47.269Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "51174", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/51174", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88", }, { name: "[oss-security] 20121108 Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/11/08/2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.launchpad.net/glance/+bug/1076506", }, { name: "56437", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/56437", }, { name: "glance-v2api-security-bypass(80019)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80019", }, { name: "FEDORA-2012-17901", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html", }, { name: "[oss-security] 20121107 [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/11/07/6", }, { name: "[oss-security] 20121109 [OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/11/09/5", }, { name: "87248", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/87248", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3", }, { name: "[oss-security] 20121109 Re: Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/11/09/1", }, { name: "SUSE-SU-2012:1455", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-11-07T00:00:00", descriptions: [ { lang: "en", value: "The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "51174", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/51174", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88", }, { name: "[oss-security] 20121108 Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/11/08/2", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.launchpad.net/glance/+bug/1076506", }, { name: "56437", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/56437", }, { name: "glance-v2api-security-bypass(80019)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80019", }, { name: "FEDORA-2012-17901", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html", }, { name: "[oss-security] 20121107 [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/11/07/6", }, { name: "[oss-security] 20121109 [OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/11/09/5", }, { name: "87248", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/87248", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3", }, { name: "[oss-security] 20121109 Re: Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/11/09/1", }, { name: "SUSE-SU-2012:1455", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2012-5482", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "51174", refsource: "SECUNIA", url: "http://secunia.com/advisories/51174", }, { name: "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88", refsource: "CONFIRM", url: "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88", }, { name: "[oss-security] 20121108 Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2012/11/08/2", }, { name: "https://bugs.launchpad.net/glance/+bug/1076506", refsource: "CONFIRM", url: "https://bugs.launchpad.net/glance/+bug/1076506", }, { name: "56437", refsource: "BID", url: "http://www.securityfocus.com/bid/56437", }, { name: "glance-v2api-security-bypass(80019)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80019", }, { name: "FEDORA-2012-17901", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html", }, { name: "[oss-security] 20121107 [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2012/11/07/6", }, { name: "[oss-security] 20121109 [OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2012/11/09/5", }, { name: "87248", refsource: "OSVDB", url: "http://osvdb.org/87248", }, { name: "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3", refsource: "CONFIRM", url: "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3", }, { name: "[oss-security] 20121109 Re: Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2012/11/09/1", }, { name: "SUSE-SU-2012:1455", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-5482", datePublished: "2012-11-11T11:00:00", dateReserved: "2012-10-24T00:00:00", dateUpdated: "2024-08-06T21:05:47.269Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-2654
Vulnerability from cvelistv5
Published
2012-06-21 15:00
Modified
2024-08-06 19:42
Severity ?
EPSS score ?
Summary
The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions.
References
▼ | URL | Tags |
---|---|---|
http://secunia.com/advisories/46808 | third-party-advisory, x_refsource_SECUNIA | |
https://review.openstack.org/#/c/8239/ | x_refsource_CONFIRM | |
https://github.com/openstack/nova/commit/9f9e9da777161426a6f8cb4314b78e09beac2978 | x_refsource_CONFIRM | |
https://bugs.launchpad.net/nova/+bug/985184 | x_refsource_CONFIRM | |
https://github.com/openstack/nova/commit/ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654 | x_refsource_CONFIRM | |
http://www.ubuntu.com/usn/USN-1466-1 | vendor-advisory, x_refsource_UBUNTU | |
https://lists.launchpad.net/openstack/msg12883.html | mailing-list, x_refsource_MLIST | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/76110 | vdb-entry, x_refsource_XF | |
http://secunia.com/advisories/49439 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T19:42:31.878Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "46808", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/46808", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://review.openstack.org/#/c/8239/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/openstack/nova/commit/9f9e9da777161426a6f8cb4314b78e09beac2978", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.launchpad.net/nova/+bug/985184", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/openstack/nova/commit/ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654", }, { name: "USN-1466-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-1466-1", }, { name: "[openstack] 20120606 [OSSA 2012-007] Security groups fail to be set correctly (CVE-2012-2654)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.launchpad.net/openstack/msg12883.html", }, { name: "nova-security-group-sec-bypass(76110)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/76110", }, { name: "49439", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/49439", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-06-06T00:00:00", descriptions: [ { lang: "en", value: "The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "46808", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/46808", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://review.openstack.org/#/c/8239/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/openstack/nova/commit/9f9e9da777161426a6f8cb4314b78e09beac2978", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.launchpad.net/nova/+bug/985184", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/openstack/nova/commit/ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654", }, { name: "USN-1466-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-1466-1", }, { name: "[openstack] 20120606 [OSSA 2012-007] Security groups fail to be set correctly (CVE-2012-2654)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.launchpad.net/openstack/msg12883.html", }, { name: "nova-security-group-sec-bypass(76110)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/76110", }, { name: "49439", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/49439", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-2654", datePublished: "2012-06-21T15:00:00", dateReserved: "2012-05-14T00:00:00", dateUpdated: "2024-08-06T19:42:31.878Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-3361
Vulnerability from cvelistv5
Published
2012-07-22 16:00
Modified
2024-08-06 20:05
Severity ?
EPSS score ?
Summary
virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image.
References
▼ | URL | Tags |
---|---|---|
http://secunia.com/advisories/49763 | third-party-advisory, x_refsource_SECUNIA | |
https://review.openstack.org/#/c/9268/ | x_refsource_CONFIRM | |
http://www.securityfocus.com/bid/54278 | vdb-entry, x_refsource_BID | |
https://bugs.launchpad.net/nova/+bug/1015531 | x_refsource_CONFIRM | |
http://secunia.com/advisories/49802 | third-party-advisory, x_refsource_SECUNIA | |
http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083969.html | vendor-advisory, x_refsource_FEDORA | |
https://lists.launchpad.net/openstack/msg14089.html | mailing-list, x_refsource_MLIST | |
http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html | vendor-advisory, x_refsource_FEDORA | |
https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7 | x_refsource_CONFIRM | |
https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9 | x_refsource_CONFIRM | |
http://www.ubuntu.com/usn/USN-1497-1 | vendor-advisory, x_refsource_UBUNTU |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T20:05:12.062Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "49763", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/49763", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://review.openstack.org/#/c/9268/", }, { name: "54278", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/54278", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.launchpad.net/nova/+bug/1015531", }, { name: "49802", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/49802", }, { name: "FEDORA-2012-10418", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083969.html", }, { name: "[openstack] 20120603 [OSSA 2012-008] Arbitrary file injection/corruption through directory traversal issues (CVE-2012-3360, CVE-2012-3361)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.launchpad.net/openstack/msg14089.html", }, { name: "FEDORA-2012-10420", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9", }, { name: "USN-1497-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-1497-1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-06-03T00:00:00", descriptions: [ { lang: "en", value: "virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-07-25T09:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "49763", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/49763", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://review.openstack.org/#/c/9268/", }, { name: "54278", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/54278", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.launchpad.net/nova/+bug/1015531", }, { name: "49802", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/49802", }, { name: "FEDORA-2012-10418", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083969.html", }, { name: "[openstack] 20120603 [OSSA 2012-008] Arbitrary file injection/corruption through directory traversal issues (CVE-2012-3360, CVE-2012-3361)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.launchpad.net/openstack/msg14089.html", }, { name: "FEDORA-2012-10420", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9", }, { name: "USN-1497-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-1497-1", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-3361", datePublished: "2012-07-22T16:00:00", dateReserved: "2012-06-14T00:00:00", dateUpdated: "2024-08-06T20:05:12.062Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-5571
Vulnerability from cvelistv5
Published
2012-12-18 01:00
Modified
2024-08-06 21:14
Severity ?
EPSS score ?
Summary
OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T21:14:15.748Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19", }, { name: "RHSA-2012:1557", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1557.html", }, { name: "RHSA-2012:1556", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1556.html", }, { name: "[oss-security] 20121128 [OSSA 2012-018] EC2-style credentials invalidation issue (CVE-2012-5571)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/11/28/5", }, { name: "USN-1641-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-1641-1", }, { name: "keystone-tenant-sec-bypass(80333)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80333", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713b", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.launchpad.net/keystone/+bug/1064914", }, { name: "[oss-security] 20121128 [OSSA 2012-019] Extension of token validity through token chaining (CVE-2012-5563)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/11/28/6", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653", }, { name: "51423", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/51423", }, { name: "56726", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/56726", }, { name: "51436", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/51436", }, { name: "FEDORA-2012-19341", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-11-28T00:00:00", descriptions: [ { lang: "en", value: "OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19", }, { name: "RHSA-2012:1557", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1557.html", }, { name: "RHSA-2012:1556", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1556.html", }, { name: "[oss-security] 20121128 [OSSA 2012-018] EC2-style credentials invalidation issue (CVE-2012-5571)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/11/28/5", }, { name: "USN-1641-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-1641-1", }, { name: "keystone-tenant-sec-bypass(80333)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80333", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713b", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.launchpad.net/keystone/+bug/1064914", }, { name: "[oss-security] 20121128 [OSSA 2012-019] Extension of token validity through token chaining (CVE-2012-5563)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/11/28/6", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653", }, { name: "51423", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/51423", }, { name: "56726", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/56726", }, { name: "51436", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/51436", }, { name: "FEDORA-2012-19341", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-5571", datePublished: "2012-12-18T01:00:00", dateReserved: "2012-10-24T00:00:00", dateUpdated: "2024-08-06T21:14:15.748Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-4573
Vulnerability from cvelistv5
Published
2012-11-11 11:00
Modified
2024-08-06 20:42
Severity ?
EPSS score ?
Summary
The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T20:42:54.862Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "51174", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/51174", }, { name: "51234", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/51234", }, { name: "USN-1626-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-1626-1", }, { name: "RHSA-2012:1558", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1558.html", }, { name: "56437", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/56437", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/openstack/glance/commit/90bcdc5a89e350a358cf320a03f5afe99795f6f6", }, { name: "FEDORA-2012-17901", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html", }, { name: "[oss-security] 20121107 [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/11/07/6", }, { name: "[oss-security] 20121109 [OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/11/09/5", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/118733/Red-Hat-Security-Advisory-2012-1558-01.html", }, { name: "87248", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/87248", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/openstack/glance/commit/6ab0992e5472ae3f9bef0d2ced41030655d9d2bc", }, { name: "USN-1626-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-1626-2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.launchpad.net/glance/+bug/1065187", }, { name: "SUSE-SU-2012:1455", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/openstack/glance/commit/efd7e75b1f419a52c7103c7840e24af8e5deb29d", }, { name: "openstack-glance-sec-bypass(79895)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/79895", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-11-07T00:00:00", descriptions: [ { lang: "en", value: "The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "51174", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/51174", }, { name: "51234", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/51234", }, { name: "USN-1626-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-1626-1", }, { name: "RHSA-2012:1558", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2012-1558.html", }, { name: "56437", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/56437", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/openstack/glance/commit/90bcdc5a89e350a358cf320a03f5afe99795f6f6", }, { name: "FEDORA-2012-17901", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html", }, { name: "[oss-security] 20121107 [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/11/07/6", }, { name: "[oss-security] 20121109 [OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/11/09/5", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/118733/Red-Hat-Security-Advisory-2012-1558-01.html", }, { name: "87248", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/87248", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/openstack/glance/commit/6ab0992e5472ae3f9bef0d2ced41030655d9d2bc", }, { name: "USN-1626-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-1626-2", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.launchpad.net/glance/+bug/1065187", }, { name: "SUSE-SU-2012:1455", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/openstack/glance/commit/efd7e75b1f419a52c7103c7840e24af8e5deb29d", }, { name: "openstack-glance-sec-bypass(79895)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/79895", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-4573", datePublished: "2012-11-11T11:00:00", dateReserved: "2012-08-21T00:00:00", dateUpdated: "2024-08-06T20:42:54.862Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-3371
Vulnerability from cvelistv5
Published
2012-07-17 21:00
Modified
2024-08-06 20:05
Severity ?
EPSS score ?
Summary
The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/54388 | vdb-entry, x_refsource_BID | |
https://lists.launchpad.net/openstack/msg14452.html | mailing-list, x_refsource_MLIST | |
https://bugs.launchpad.net/nova/+bug/1017795 | x_refsource_CONFIRM | |
http://www.openwall.com/lists/oss-security/2012/07/11/13 | mailing-list, x_refsource_MLIST | |
http://www.ubuntu.com/usn/USN-1501-1 | vendor-advisory, x_refsource_UBUNTU | |
https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T20:05:12.113Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "54388", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/54388", }, { name: "[openstack] 20120711 [OSSA 2012-009] Scheduler denial of service through scheduler_hints (CVE-2012-3371)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.launchpad.net/openstack/msg14452.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.launchpad.net/nova/+bug/1017795", }, { name: "[oss-security] 20120711 [OSSA 2012-009] Scheduler denial of service through scheduler_hints (CVE-2012-3371)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/07/11/13", }, { name: "USN-1501-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-1501-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-07-11T00:00:00", descriptions: [ { lang: "en", value: "The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-07-25T09:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "54388", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/54388", }, { name: "[openstack] 20120711 [OSSA 2012-009] Scheduler denial of service through scheduler_hints (CVE-2012-3371)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.launchpad.net/openstack/msg14452.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.launchpad.net/nova/+bug/1017795", }, { name: "[oss-security] 20120711 [OSSA 2012-009] Scheduler denial of service through scheduler_hints (CVE-2012-3371)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/07/11/13", }, { name: "USN-1501-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-1501-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-3371", datePublished: "2012-07-17T21:00:00", dateReserved: "2012-06-14T00:00:00", dateUpdated: "2024-08-06T20:05:12.113Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-3542
Vulnerability from cvelistv5
Published
2012-09-05 23:00
Modified
2024-08-06 20:13
Severity ?
EPSS score ?
Summary
OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540.
References
▼ | URL | Tags |
---|---|---|
http://secunia.com/advisories/50467 | third-party-advisory, x_refsource_SECUNIA | |
http://www.securityfocus.com/bid/55326 | vdb-entry, x_refsource_BID | |
https://lists.launchpad.net/openstack/msg16282.html | mailing-list, x_refsource_MLIST | |
https://github.com/openstack/keystone/commit/c13d0ba606f7b2bdc609a7f388334e5efec3f3aa | x_refsource_CONFIRM | |
http://www.openwall.com/lists/oss-security/2012/08/30/6 | mailing-list, x_refsource_MLIST | |
https://github.com/openstack/keystone/commit/5438d3b5a219d7c8fa67e66e538d325a61617155 | x_refsource_CONFIRM | |
http://secunia.com/advisories/50494 | third-party-advisory, x_refsource_SECUNIA | |
https://bugs.launchpad.net/keystone/+bug/1040626 | x_refsource_CONFIRM | |
http://www.ubuntu.com/usn/USN-1552-1 | vendor-advisory, x_refsource_UBUNTU |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T20:13:50.139Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "50467", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/50467", }, { name: "55326", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/55326", }, { name: "[openstack] 20120830 [OSSA 2012-013] Keystone, Lack of authorization for adding users to tenants (CVE-2012-3542)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.launchpad.net/openstack/msg16282.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/openstack/keystone/commit/c13d0ba606f7b2bdc609a7f388334e5efec3f3aa", }, { name: "[oss-security] 20120830 [OSSA 2012-013] Keystone, Lack of authorization for adding users to tenants (CVE-2012-3542)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/08/30/6", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/openstack/keystone/commit/5438d3b5a219d7c8fa67e66e538d325a61617155", }, { name: "50494", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/50494", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.launchpad.net/keystone/+bug/1040626", }, { name: "USN-1552-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-1552-1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-09-05T23:00:00Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "50467", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/50467", }, { name: "55326", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/55326", }, { name: "[openstack] 20120830 [OSSA 2012-013] Keystone, Lack of authorization for adding users to tenants (CVE-2012-3542)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.launchpad.net/openstack/msg16282.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/openstack/keystone/commit/c13d0ba606f7b2bdc609a7f388334e5efec3f3aa", }, { name: "[oss-security] 20120830 [OSSA 2012-013] Keystone, Lack of authorization for adding users to tenants (CVE-2012-3542)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/08/30/6", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/openstack/keystone/commit/5438d3b5a219d7c8fa67e66e538d325a61617155", }, { name: "50494", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/50494", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.launchpad.net/keystone/+bug/1040626", }, { name: "USN-1552-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-1552-1", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-3542", datePublished: "2012-09-05T23:00:00Z", dateReserved: "2012-06-14T00:00:00Z", dateUpdated: "2024-08-06T20:13:50.139Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-3426
Vulnerability from cvelistv5
Published
2012-07-31 10:00
Modified
2024-08-06 20:05
Severity ?
EPSS score ?
Summary
OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T20:05:12.524Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.launchpad.net/keystone/+bug/998185", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.launchpad.net/keystone/+bug/997194", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz", }, { name: "50494", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/50494", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.launchpad.net/keystone/+bug/996595", }, { name: "[oss-security] 20120727 [OSSA 2012-010] Various Keystone token expiration issues (CVE-2012-3426)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2012/07/27/4", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626", }, { name: "USN-1552-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-1552-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d", }, { name: "50045", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/50045", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-07-27T00:00:00", descriptions: [ { lang: "en", value: "OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-09-07T09:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.launchpad.net/keystone/+bug/998185", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.launchpad.net/keystone/+bug/997194", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz", }, { name: "50494", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/50494", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.launchpad.net/keystone/+bug/996595", }, { name: "[oss-security] 20120727 [OSSA 2012-010] Various Keystone token expiration issues (CVE-2012-3426)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2012/07/27/4", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626", }, { name: "USN-1552-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-1552-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d", }, { name: "50045", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/50045", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-3426", datePublished: "2012-07-31T10:00:00", dateReserved: "2012-06-14T00:00:00", dateUpdated: "2024-08-06T20:05:12.524Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-0030
Vulnerability from cvelistv5
Published
2012-01-13 18:00
Modified
2024-08-06 18:09
Severity ?
EPSS score ?
Summary
Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter.
References
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/72296 | vdb-entry, x_refsource_XF | |
http://secunia.com/advisories/47543 | third-party-advisory, x_refsource_SECUNIA | |
http://www.ubuntu.com/usn/USN-1326-1 | vendor-advisory, x_refsource_UBUNTU | |
https://github.com/openstack/nova/commit/3d4ffb64f1e18117240c26809788528979e3bd15#diff-0 | x_refsource_CONFIRM | |
https://lists.launchpad.net/openstack/msg06648.html | mailing-list, x_refsource_MLIST | |
http://www.securityfocus.com/bid/51370 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T18:09:17.303Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "nova-security-bypass(72296)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/72296", }, { name: "47543", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/47543", }, { name: "USN-1326-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-1326-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/openstack/nova/commit/3d4ffb64f1e18117240c26809788528979e3bd15#diff-0", }, { name: "[openstack] 20120111 [OSSA 2012-001] Tenant bypass by authenticated users using OpenStack API (CVE-2012-0030)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.launchpad.net/openstack/msg06648.html", }, { name: "51370", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/51370", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-01-11T00:00:00", descriptions: [ { lang: "en", value: "Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "nova-security-bypass(72296)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/72296", }, { name: "47543", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/47543", }, { name: "USN-1326-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-1326-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/openstack/nova/commit/3d4ffb64f1e18117240c26809788528979e3bd15#diff-0", }, { name: "[openstack] 20120111 [OSSA 2012-001] Tenant bypass by authenticated users using OpenStack API (CVE-2012-0030)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.launchpad.net/openstack/msg06648.html", }, { name: "51370", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/51370", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-0030", datePublished: "2012-01-13T18:00:00", dateReserved: "2011-12-07T00:00:00", dateUpdated: "2024-08-06T18:09:17.303Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-0261
Vulnerability from cvelistv5
Published
2013-03-08 21:00
Modified
2024-08-06 14:18
Severity ?
EPSS score ?
Summary
(1) installer/basedefs.py and (2) modules/ospluginutils.py in PackStack allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
References
▼ | URL | Tags |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2013-0595.html | vendor-advisory, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=908101 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T14:18:09.552Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2013:0595", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0595.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=908101", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "(1) installer/basedefs.py and (2) modules/ospluginutils.py in PackStack allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-03-08T21:00:00Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2013:0595", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0595.html", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=908101", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-0261", datePublished: "2013-03-08T21:00:00Z", dateReserved: "2012-12-06T00:00:00Z", dateUpdated: "2024-08-06T14:18:09.552Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-1840
Vulnerability from cvelistv5
Published
2013-03-22 21:00
Modified
2024-08-06 15:13
Severity ?
EPSS score ?
Summary
The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.
References
▼ | URL | Tags |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/82878 | vdb-entry, x_refsource_XF | |
https://review.openstack.org/#/c/24437/ | x_refsource_CONFIRM | |
http://www.ubuntu.com/usn/USN-1764-1 | vendor-advisory, x_refsource_UBUNTU | |
https://review.openstack.org/#/c/24438/ | x_refsource_CONFIRM | |
https://bugs.launchpad.net/glance/+bug/1135541 | x_refsource_CONFIRM | |
http://secunia.com/advisories/52565 | third-party-advisory, x_refsource_SECUNIA | |
http://rhn.redhat.com/errata/RHSA-2013-0707.html | vendor-advisory, x_refsource_REDHAT | |
http://osvdb.org/91304 | vdb-entry, x_refsource_OSVDB | |
http://www.openwall.com/lists/oss-security/2013/03/14/15 | mailing-list, x_refsource_MLIST | |
http://www.securityfocus.com/bid/58490 | vdb-entry, x_refsource_BID | |
https://review.openstack.org/#/c/24439/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T15:13:33.277Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "openstack-glance-api-info-disclosure(82878)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/82878", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://review.openstack.org/#/c/24437/", }, { name: "USN-1764-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-1764-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://review.openstack.org/#/c/24438/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.launchpad.net/glance/+bug/1135541", }, { name: "52565", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/52565", }, { name: "RHSA-2013:0707", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0707.html", }, { name: "91304", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/91304", }, { name: "[oss-security] 20130314 [OSSA 2013-007] Backend credentials leak in Glance v1 API (CVE-2013-1840)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2013/03/14/15", }, { name: "58490", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/58490", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://review.openstack.org/#/c/24439/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-03-14T00:00:00", descriptions: [ { lang: "en", value: "The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "openstack-glance-api-info-disclosure(82878)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/82878", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://review.openstack.org/#/c/24437/", }, { name: "USN-1764-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-1764-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://review.openstack.org/#/c/24438/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.launchpad.net/glance/+bug/1135541", }, { name: "52565", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/52565", }, { name: "RHSA-2013:0707", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0707.html", }, { name: "91304", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/91304", }, { name: "[oss-security] 20130314 [OSSA 2013-007] Backend credentials leak in Glance v1 API (CVE-2013-1840)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2013/03/14/15", }, { name: "58490", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/58490", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://review.openstack.org/#/c/24439/", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-1840", datePublished: "2013-03-22T21:00:00", dateReserved: "2013-02-19T00:00:00", dateUpdated: "2024-08-06T15:13:33.277Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-0335
Vulnerability from cvelistv5
Published
2013-03-22 21:00
Modified
2024-08-06 14:25
Severity ?
EPSS score ?
Summary
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.
References
▼ | URL | Tags |
---|---|---|
http://www.osvdb.org/90657 | vdb-entry, x_refsource_OSVDB | |
http://secunia.com/advisories/52728 | third-party-advisory, x_refsource_SECUNIA | |
https://bugs.launchpad.net/nova/+bug/1125378 | x_refsource_CONFIRM | |
http://www.openwall.com/lists/oss-security/2013/02/26/7 | mailing-list, x_refsource_MLIST | |
https://review.openstack.org/#/c/22872/ | x_refsource_CONFIRM | |
http://www.ubuntu.com/usn/USN-1771-1 | vendor-advisory, x_refsource_UBUNTU | |
https://review.openstack.org/#/c/22758 | x_refsource_CONFIRM | |
http://rhn.redhat.com/errata/RHSA-2013-0709.html | vendor-advisory, x_refsource_REDHAT | |
http://secunia.com/advisories/52337 | third-party-advisory, x_refsource_SECUNIA | |
https://review.openstack.org/#/c/22086/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T14:25:09.083Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "90657", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/90657", }, { name: "52728", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/52728", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.launchpad.net/nova/+bug/1125378", }, { name: "[oss-security] 20130226 [OSSA-2013-006] VNC proxy can connect to the wrong VM (CVE-2013-0335)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2013/02/26/7", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://review.openstack.org/#/c/22872/", }, { name: "USN-1771-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-1771-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://review.openstack.org/#/c/22758", }, { name: "RHSA-2013:0709", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0709.html", }, { name: "52337", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/52337", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://review.openstack.org/#/c/22086/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-02-26T00:00:00", descriptions: [ { lang: "en", value: "OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-06-05T09:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "90657", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/90657", }, { name: "52728", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/52728", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.launchpad.net/nova/+bug/1125378", }, { name: "[oss-security] 20130226 [OSSA-2013-006] VNC proxy can connect to the wrong VM (CVE-2013-0335)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2013/02/26/7", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://review.openstack.org/#/c/22872/", }, { name: "USN-1771-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-1771-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://review.openstack.org/#/c/22758", }, { name: "RHSA-2013:0709", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0709.html", }, { name: "52337", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/52337", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://review.openstack.org/#/c/22086/", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-0335", datePublished: "2013-03-22T21:00:00", dateReserved: "2012-12-06T00:00:00", dateUpdated: "2024-08-06T14:25:09.083Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-3360
Vulnerability from cvelistv5
Published
2012-07-22 16:00
Modified
2024-08-06 20:05
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element.
References
▼ | URL | Tags |
---|---|---|
http://www.securityfocus.com/bid/54277 | vdb-entry, x_refsource_BID | |
http://secunia.com/advisories/49763 | third-party-advisory, x_refsource_SECUNIA | |
https://bugs.launchpad.net/nova/+bug/1015531 | x_refsource_CONFIRM | |
http://secunia.com/advisories/49802 | third-party-advisory, x_refsource_SECUNIA | |
https://lists.launchpad.net/openstack/msg14089.html | mailing-list, x_refsource_MLIST | |
http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html | vendor-advisory, x_refsource_FEDORA | |
https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7 | x_refsource_CONFIRM | |
https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9 | x_refsource_CONFIRM | |
http://www.ubuntu.com/usn/USN-1497-1 | vendor-advisory, x_refsource_UBUNTU |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T20:05:12.510Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "54277", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/54277", }, { name: "49763", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/49763", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.launchpad.net/nova/+bug/1015531", }, { name: "49802", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/49802", }, { name: "[openstack] 20120603 [OSSA 2012-008] Arbitrary file injection/corruption through directory traversal issues (CVE-2012-3360, CVE-2012-3361)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.launchpad.net/openstack/msg14089.html", }, { name: "FEDORA-2012-10420", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9", }, { name: "USN-1497-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-1497-1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-06-03T00:00:00", descriptions: [ { lang: "en", value: "Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-07-25T09:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "54277", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/54277", }, { name: "49763", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/49763", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.launchpad.net/nova/+bug/1015531", }, { name: "49802", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/49802", }, { name: "[openstack] 20120603 [OSSA 2012-008] Arbitrary file injection/corruption through directory traversal issues (CVE-2012-3360, CVE-2012-3361)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.launchpad.net/openstack/msg14089.html", }, { name: "FEDORA-2012-10420", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9", }, { name: "USN-1497-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-1497-1", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-3360", datePublished: "2012-07-22T16:00:00", dateReserved: "2012-06-14T00:00:00", dateUpdated: "2024-08-06T20:05:12.510Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-1838
Vulnerability from cvelistv5
Published
2013-03-22 21:00
Modified
2024-08-06 15:13
Severity ?
EPSS score ?
Summary
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.
References
▼ | URL | Tags |
---|---|---|
https://lists.launchpad.net/openstack/msg21892.html | mailing-list, x_refsource_MLIST | |
http://www.securityfocus.com/bid/58492 | vdb-entry, x_refsource_BID | |
https://bugs.launchpad.net/nova/+bug/1125468 | x_refsource_CONFIRM | |
http://ubuntu.com/usn/usn-1771-1 | vendor-advisory, x_refsource_UBUNTU | |
https://review.openstack.org/#/c/24453/ | x_refsource_CONFIRM | |
http://secunia.com/advisories/52728 | third-party-advisory, x_refsource_SECUNIA | |
https://bugzilla.redhat.com/show_bug.cgi?id=919648 | x_refsource_MISC | |
http://secunia.com/advisories/52580 | third-party-advisory, x_refsource_SECUNIA | |
http://osvdb.org/91303 | vdb-entry, x_refsource_OSVDB | |
https://review.openstack.org/#/c/24452/ | x_refsource_CONFIRM | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/82877 | vdb-entry, x_refsource_XF | |
http://rhn.redhat.com/errata/RHSA-2013-0709.html | vendor-advisory, x_refsource_REDHAT | |
https://review.openstack.org/#/c/24451/ | x_refsource_CONFIRM | |
http://www.openwall.com/lists/oss-security/2013/03/14/18 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T15:13:33.340Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[openstack] 20130314 [OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.launchpad.net/openstack/msg21892.html", }, { name: "58492", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/58492", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.launchpad.net/nova/+bug/1125468", }, { name: "USN-1771-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://ubuntu.com/usn/usn-1771-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://review.openstack.org/#/c/24453/", }, { name: "52728", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/52728", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=919648", }, { name: "52580", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/52580", }, { name: "91303", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/91303", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://review.openstack.org/#/c/24452/", }, { name: "nova-fixedips-dos(82877)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/82877", }, { name: "RHSA-2013:0709", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0709.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://review.openstack.org/#/c/24451/", }, { name: "[oss-security] 20130314 [OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2013/03/14/18", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-03-14T00:00:00", descriptions: [ { lang: "en", value: "OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "[openstack] 20130314 [OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.launchpad.net/openstack/msg21892.html", }, { name: "58492", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/58492", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.launchpad.net/nova/+bug/1125468", }, { name: "USN-1771-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://ubuntu.com/usn/usn-1771-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://review.openstack.org/#/c/24453/", }, { name: "52728", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/52728", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=919648", }, { name: "52580", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/52580", }, { name: "91303", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/91303", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://review.openstack.org/#/c/24452/", }, { name: "nova-fixedips-dos(82877)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/82877", }, { name: "RHSA-2013:0709", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0709.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://review.openstack.org/#/c/24451/", }, { name: "[oss-security] 20130314 [OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2013/03/14/18", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-1838", datePublished: "2013-03-22T21:00:00", dateReserved: "2013-02-19T00:00:00", dateUpdated: "2024-08-06T15:13:33.340Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-0266
Vulnerability from cvelistv5
Published
2013-03-08 21:00
Modified
2024-08-06 14:18
Severity ?
EPSS score ?
Summary
manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=908581 | x_refsource_MISC | |
https://github.com/puppetlabs/puppetlabs-cinder/commit/7da792fbd40c0e6eae1ee093aa00e0b177bd2ebc | x_refsource_CONFIRM | |
http://rhn.redhat.com/errata/RHSA-2013-0595.html | vendor-advisory, x_refsource_REDHAT |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T14:18:09.602Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=908581", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/puppetlabs/puppetlabs-cinder/commit/7da792fbd40c0e6eae1ee093aa00e0b177bd2ebc", }, { name: "RHSA-2013:0595", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0595.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-03-08T21:00:00Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=908581", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/puppetlabs/puppetlabs-cinder/commit/7da792fbd40c0e6eae1ee093aa00e0b177bd2ebc", }, { name: "RHSA-2013:0595", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0595.html", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-0266", datePublished: "2013-03-08T21:00:00Z", dateReserved: "2012-12-06T00:00:00Z", dateUpdated: "2024-08-06T14:18:09.602Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-0208
Vulnerability from cvelistv5
Published
2013-02-13 16:00
Modified
2024-08-06 14:18
Severity ?
EPSS score ?
Summary
The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter.
References
▼ | URL | Tags |
---|---|---|
https://github.com/openstack/nova/commit/317cc0af385536dee43ef2addad50a91357fc1ad | x_refsource_CONFIRM | |
http://rhn.redhat.com/errata/RHSA-2013-0208.html | vendor-advisory, x_refsource_REDHAT | |
http://secunia.com/advisories/51992 | third-party-advisory, x_refsource_SECUNIA | |
http://secunia.com/advisories/51963 | third-party-advisory, x_refsource_SECUNIA | |
https://bugs.launchpad.net/nova/+bug/1069904 | x_refsource_CONFIRM | |
http://www.openwall.com/lists/oss-security/2013/01/29/9 | mailing-list, x_refsource_MLIST | |
http://www.securityfocus.com/bid/57613 | vdb-entry, x_refsource_BID | |
https://github.com/openstack/nova/commit/243d516cea9d3caa5a8267b12d2f577dcb24193b | x_refsource_CONFIRM | |
http://www.ubuntu.com/usn/USN-1709-1 | vendor-advisory, x_refsource_UBUNTU | |
http://osvdb.org/89661 | vdb-entry, x_refsource_OSVDB | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/81697 | vdb-entry, x_refsource_XF | |
https://bugzilla.redhat.com/show_bug.cgi?id=902629 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T14:18:09.192Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/openstack/nova/commit/317cc0af385536dee43ef2addad50a91357fc1ad", }, { name: "RHSA-2013:0208", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0208.html", }, { name: "51992", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/51992", }, { name: "51963", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/51963", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.launchpad.net/nova/+bug/1069904", }, { name: "[oss-security] 20130129 [OSSA 2013-001] Boot from volume allows access to random volumes (CVE-2013-0208)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2013/01/29/9", }, { name: "57613", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/57613", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/openstack/nova/commit/243d516cea9d3caa5a8267b12d2f577dcb24193b", }, { name: "USN-1709-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-1709-1", }, { name: "89661", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/89661", }, { name: "nova-volume-security-bypass(81697)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/81697", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=902629", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-01-28T00:00:00", descriptions: [ { lang: "en", value: "The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/openstack/nova/commit/317cc0af385536dee43ef2addad50a91357fc1ad", }, { name: "RHSA-2013:0208", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0208.html", }, { name: "51992", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/51992", }, { name: "51963", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/51963", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.launchpad.net/nova/+bug/1069904", }, { name: "[oss-security] 20130129 [OSSA 2013-001] Boot from volume allows access to random volumes (CVE-2013-0208)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2013/01/29/9", }, { name: "57613", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/57613", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/openstack/nova/commit/243d516cea9d3caa5a8267b12d2f577dcb24193b", }, { name: "USN-1709-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-1709-1", }, { name: "89661", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/89661", }, { name: "nova-volume-security-bypass(81697)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/81697", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=902629", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-0208", datePublished: "2013-02-13T16:00:00", dateReserved: "2012-12-06T00:00:00", dateUpdated: "2024-08-06T14:18:09.192Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2012-01-13 18:55
Modified
2024-11-21 01:34
Severity ?
Summary
Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openstack:essex:*:*:*:*:*:*:*:*", matchCriteriaId: "F50B9DA6-B071-4B48-A486-54CB3E64AE58", vulnerable: true, }, { criteria: "cpe:2.3:a:openstack:nova:2011.3:*:*:*:*:*:*:*", matchCriteriaId: "91787837-B00F-4C62-BCCD-FAAE65563E78", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter.", }, { lang: "es", value: "Nova v2011.3 y Essex, cuando usan la API OpenStack, permite a usuarios remotos autenticados eludir las restricciones de acceso mediante una solicitud con un parámetro URI project_id modificado.", }, ], id: "CVE-2012-0030", lastModified: "2024-11-21T01:34:14.790", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4.9, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-01-13T18:55:04.157", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/47543", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/51370", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-1326-1", }, { source: "secalert@redhat.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/72296", }, { source: "secalert@redhat.com", url: "https://github.com/openstack/nova/commit/3d4ffb64f1e18117240c26809788528979e3bd15#diff-0", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://lists.launchpad.net/openstack/msg06648.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/47543", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/51370", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-1326-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/72296", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/openstack/nova/commit/3d4ffb64f1e18117240c26809788528979e3bd15#diff-0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://lists.launchpad.net/openstack/msg06648.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-07-31 10:45
Modified
2024-11-21 01:40
Severity ?
Summary
OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openstack:essex:*:*:*:*:*:*:*:*", matchCriteriaId: "F50B9DA6-B071-4B48-A486-54CB3E64AE58", vulnerable: true, }, { criteria: "cpe:2.3:a:openstack:horizon:folsom-1:*:*:*:*:*:*:*", matchCriteriaId: "1E72EACB-1FA6-4F1D-A3C8-D255C705AAAD", vulnerable: true, }, { criteria: "cpe:2.3:a:openstack:keystone:2012.1:*:*:*:*:*:*:*", matchCriteriaId: "8DACEFF0-BA6A-4184-A1AB-397438034AF0", vulnerable: true, }, { criteria: "cpe:2.3:a:openstack:keystone:2012.1.1:*:*:*:*:*:*:*", matchCriteriaId: "C5BD2FC1-7C36-4532-813A-DED5F0BD1FFF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.", }, { lang: "es", value: "OpenStack Keystone antes de v2012.1.1, como se usa en OpenStack Folsom antes de Folsom-1 y OpenStack Essex, no implementan apropiadamente la expiración de los token, lo que permite a usuarios autenticados remotamente evitar restricciones de acceso (1) creando nuevos token a través de la cadena de token, (2) aprovechando la posesión de un token de una cuenta de usuario deshabilitada o (3) aprovechando la posesión de un token de una cuenta con una contraseña cambiada", }, ], id: "CVE-2012-3426", lastModified: "2024-11-21T01:40:51.183", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4.9, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-07-31T10:45:42.670", references: [ { source: "secalert@redhat.com", url: "http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Patch", ], url: "http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626", }, { source: "secalert@redhat.com", url: "http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d", }, { source: "secalert@redhat.com", url: "http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Patch", ], url: "http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/50045", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/50494", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2012/07/27/4", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-1552-1", }, { source: "secalert@redhat.com", url: "https://bugs.launchpad.net/keystone/+bug/996595", }, { source: "secalert@redhat.com", url: "https://bugs.launchpad.net/keystone/+bug/997194", }, { source: "secalert@redhat.com", url: "https://bugs.launchpad.net/keystone/+bug/998185", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/50045", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/50494", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2012/07/27/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-1552-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugs.launchpad.net/keystone/+bug/996595", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugs.launchpad.net/keystone/+bug/997194", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugs.launchpad.net/keystone/+bug/998185", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-07-17 21:55
Modified
2024-11-21 01:40
Severity ?
Summary
The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openstack:compute:2012.2:*:*:*:*:*:*:*", matchCriteriaId: "0E9D8029-F7DD-435D-B4F4-D3DABDB7333B", vulnerable: true, }, { criteria: "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*", matchCriteriaId: "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A", vulnerable: true, }, { criteria: "cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*", matchCriteriaId: "E76B76AB-D744-4163-8615-7BA18ABB1347", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section.", }, { lang: "es", value: "El planificador Nova en OpenStack Compute (Nova) Folsom (2012.2) y Essex (2012.1), cuando DifferentHostFilter o SameHostFilter están activados, permite a usuarios remotos autenticados provocar una denegación de servicio (exceso de llamadas de búsqueda de base de datos y el servidor se bloquea) a través de una solicitud con muchos identificadores repetidos en el sistema operativo: Sección scheduler_hints.", }, ], id: "CVE-2012-3371", lastModified: "2024-11-21T01:40:43.773", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-07-17T21:55:02.350", references: [ { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/07/11/13", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/54388", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-1501-1", }, { source: "secalert@redhat.com", tags: [ "Exploit", ], url: "https://bugs.launchpad.net/nova/+bug/1017795", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Patch", ], url: "https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d", }, { source: "secalert@redhat.com", url: "https://lists.launchpad.net/openstack/msg14452.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/07/11/13", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/54388", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-1501-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://bugs.launchpad.net/nova/+bug/1017795", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.launchpad.net/openstack/msg14452.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-06-21 15:55
Modified
2024-11-21 01:39
Severity ?
Summary
The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openstack:compute:2012.2:*:*:*:*:*:*:*", matchCriteriaId: "0E9D8029-F7DD-435D-B4F4-D3DABDB7333B", vulnerable: true, }, { criteria: "cpe:2.3:a:openstack:diablo:2011.3:*:*:*:*:*:*:*", matchCriteriaId: "65FA489C-5FDC-4887-9F1F-66177F87DB5E", vulnerable: true, }, { criteria: "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*", matchCriteriaId: "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions.", }, { lang: "es", value: "Las APIs (1) EC2 y (2) OS en OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1) y Diablo (2011.3) no comprueban correctamente el protocolo cuando se crean grupos de seguridad y el protocolo de red no se ha especificado por completo en minúsculas, lo que permite a atacantes remotos eludir restricciones de acceso.", }, ], id: "CVE-2012-2654", lastModified: "2024-11-21T01:39:21.673", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-06-21T15:55:12.847", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/46808", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/49439", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-1466-1", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://bugs.launchpad.net/nova/+bug/985184", }, { source: "secalert@redhat.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/76110", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Patch", ], url: "https://github.com/openstack/nova/commit/9f9e9da777161426a6f8cb4314b78e09beac2978", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Patch", ], url: "https://github.com/openstack/nova/commit/ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654", }, { source: "secalert@redhat.com", url: "https://lists.launchpad.net/openstack/msg12883.html", }, { source: "secalert@redhat.com", url: "https://review.openstack.org/#/c/8239/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/46808", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/49439", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-1466-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://bugs.launchpad.net/nova/+bug/985184", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/76110", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "https://github.com/openstack/nova/commit/9f9e9da777161426a6f8cb4314b78e09beac2978", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "https://github.com/openstack/nova/commit/ff06c7c885dc94ed7c828e8cdbb8b5d850a7e654", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.launchpad.net/openstack/msg12883.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://review.openstack.org/#/c/8239/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-12-18 01:55
Modified
2024-11-21 01:44
Severity ?
Summary
OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*", matchCriteriaId: "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A", vulnerable: true, }, { criteria: "cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*", matchCriteriaId: "E76B76AB-D744-4163-8615-7BA18ABB1347", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role.", }, { lang: "es", value: "OpenStack Keystone Essex (2012.1) and Folsom (2012.2) no controlan correctamente los token EC2 cuando la función de usuario se ha eliminado de un inquilino, lo que permite a usuarios autenticados remotamente eludir las restricciones previstas al aprovechar un token para la función de usuario eliminado.", }, ], id: "CVE-2012-5571", lastModified: "2024-11-21T01:44:54.593", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-12-18T01:55:03.570", references: [ { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2012-1556.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2012-1557.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/51423", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/51436", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2012/11/28/5", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2012/11/28/6", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/56726", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-1641-1", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://bugs.launchpad.net/keystone/+bug/1064914", }, { source: "secalert@redhat.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80333", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713b", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2012-1556.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2012-1557.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/51423", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/51436", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2012/11/28/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2012/11/28/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/56726", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-1641-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://bugs.launchpad.net/keystone/+bug/1064914", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80333", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-255", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-02-13 16:55
Modified
2024-11-21 01:47
Severity ?
Summary
The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
openstack | essex | - | |
openstack | folsom | - | |
canonical | ubuntu_linux | 11.10 | |
canonical | ubuntu_linux | 12.04 | |
canonical | ubuntu_linux | 12.10 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openstack:essex:-:*:*:*:*:*:*:*", matchCriteriaId: "EEEA665A-AE0F-4C48-87F0-83F3EB4E65CB", vulnerable: true, }, { criteria: "cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*", matchCriteriaId: "F5BA13BC-F088-45AA-AD10-B74F89CE5375", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", matchCriteriaId: "E4174F4F-149E-41A6-BBCC-D01114C05F38", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*", matchCriteriaId: "F5D324C4-97C7-49D3-A809-9EAD4B690C69", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", matchCriteriaId: "E2076871-2E80-4605-A470-A41C1A8EC7EE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter.", }, { lang: "es", value: "La función de arranque de volumen en OpenStack Compute (Nova) Folsom y Essex, al utilizar NOVA-volúmenes, permite a usuarios remotos autenticados para arrancar desde volúmenes de otros usuarios a través de un identificador de volumen en el parámetro block_device_mapping.", }, ], evaluatorComment: "Per http://www.ubuntu.com/usn/USN-1709-1/\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\nUbuntu 12.10\r\nUbuntu 12.04 LTS\r\nUbuntu 11.10\r\n", id: "CVE-2013-0208", lastModified: "2024-11-21T01:47:03.997", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-02-13T16:55:01.617", references: [ { source: "secalert@redhat.com", url: "http://osvdb.org/89661", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2013-0208.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/51963", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/51992", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2013/01/29/9", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/57613", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-1709-1", }, { source: "secalert@redhat.com", url: "https://bugs.launchpad.net/nova/+bug/1069904", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=902629", }, { source: "secalert@redhat.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/81697", }, { source: "secalert@redhat.com", url: "https://github.com/openstack/nova/commit/243d516cea9d3caa5a8267b12d2f577dcb24193b", }, { source: "secalert@redhat.com", url: "https://github.com/openstack/nova/commit/317cc0af385536dee43ef2addad50a91357fc1ad", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/89661", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2013-0208.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/51963", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/51992", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2013/01/29/9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/57613", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-1709-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugs.launchpad.net/nova/+bug/1069904", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=902629", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/81697", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/openstack/nova/commit/243d516cea9d3caa5a8267b12d2f577dcb24193b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/openstack/nova/commit/317cc0af385536dee43ef2addad50a91357fc1ad", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-03-08 21:55
Modified
2024-11-21 01:47
Severity ?
Summary
manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openstack:essex:-:*:*:*:*:*:*:*", matchCriteriaId: "EEEA665A-AE0F-4C48-87F0-83F3EB4E65CB", vulnerable: true, }, { criteria: "cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*", matchCriteriaId: "F5BA13BC-F088-45AA-AD10-B74F89CE5375", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files.", }, { lang: "es", value: "manifests/base.pp en el módulo puppetlabs-cinder, tal como se utiliza en PackStack le da permisos de lectura para todo el mundo a los archovs de configuración (1) cinder.conf y (2) api-paste.ini, lo que permite a usuarios locales leer contraseñas de administarción de OpenStack mediante la lectura de dichos archivos.\r\n", }, ], id: "CVE-2013-0266", lastModified: "2024-11-21T01:47:11.577", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-03-08T21:55:01.960", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0595.html", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=908581", }, { source: "secalert@redhat.com", url: "https://github.com/puppetlabs/puppetlabs-cinder/commit/7da792fbd40c0e6eae1ee093aa00e0b177bd2ebc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0595.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=908581", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/puppetlabs/puppetlabs-cinder/commit/7da792fbd40c0e6eae1ee093aa00e0b177bd2ebc", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-362", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-07-22 16:55
Modified
2024-11-21 01:40
Severity ?
Summary
Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*", matchCriteriaId: "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A", vulnerable: true, }, { criteria: "cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*", matchCriteriaId: "E76B76AB-D744-4163-8615-7BA18ABB1347", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element.", }, { lang: "es", value: "Vulnerabilidad de salto de directorio en virt/disk/api.py en OpenStack Compute (Nova) Folsom (2.012,2) y Essex (2.012,1), cuando se utiliza durante libvirt basados ??en hipervisores, permite a usuarios remotos autenticados escribir archivos arbitrarios a la imagen de disco a través de un. . (punto punto) en el atributo de ruta de un elemento de archivo", }, ], id: "CVE-2012-3360", lastModified: "2024-11-21T01:40:42.273", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-07-22T16:55:45.853", references: [ { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/49763", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/49802", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/54277", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-1497-1", }, { source: "secalert@redhat.com", url: "https://bugs.launchpad.net/nova/+bug/1015531", }, { source: "secalert@redhat.com", url: "https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Patch", ], url: "https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9", }, { source: "secalert@redhat.com", url: "https://lists.launchpad.net/openstack/msg14089.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/49763", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/49802", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/54277", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-1497-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugs.launchpad.net/nova/+bug/1015531", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.launchpad.net/openstack/msg14089.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-03-22 21:55
Modified
2024-11-21 01:50
Severity ?
Summary
The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openstack:glance:v1:*:*:*:*:*:*:*", matchCriteriaId: "3E39288B-D80F-493D-BD2A-6A749EBCE0AB", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*", matchCriteriaId: "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A", vulnerable: false, }, { criteria: "cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*", matchCriteriaId: "E76B76AB-D744-4163-8615-7BA18ABB1347", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:amazon:s3_store:-:*:*:*:*:*:*:*", matchCriteriaId: "05BC26BF-62C4-47E9-81B1-C968904F1FF2", vulnerable: false, }, { criteria: "cpe:2.3:a:openstack:swift:-:*:*:*:*:*:*:*", matchCriteriaId: "BE675165-BF5F-4BB3-964F-777CC3DDFF98", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.", }, { lang: "es", value: "La API v1 en OpenStack Vistazo Essex (2012.1), Folsom (2012.2) y Grizzly, al utilizar el 'single-tenant Swift' o la tienda S3, informa el campo de ubicación, lo que permite obtener las credenciales del back-end del operador a usuarios remotos autenticados a través de una solicitud de una imagen almacenada en caché.", }, ], id: "CVE-2013-1840", lastModified: "2024-11-21T01:50:29.740", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-03-22T21:55:01.487", references: [ { source: "secalert@redhat.com", url: "http://osvdb.org/91304", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2013-0707.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/52565", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2013/03/14/15", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/58490", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-1764-1", }, { source: "secalert@redhat.com", url: "https://bugs.launchpad.net/glance/+bug/1135541", }, { source: "secalert@redhat.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/82878", }, { source: "secalert@redhat.com", url: "https://review.openstack.org/#/c/24437/", }, { source: "secalert@redhat.com", url: "https://review.openstack.org/#/c/24438/", }, { source: "secalert@redhat.com", url: "https://review.openstack.org/#/c/24439/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/91304", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2013-0707.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/52565", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2013/03/14/15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/58490", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-1764-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugs.launchpad.net/glance/+bug/1135541", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/82878", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://review.openstack.org/#/c/24437/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://review.openstack.org/#/c/24438/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://review.openstack.org/#/c/24439/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-09-05 23:55
Modified
2024-11-21 01:41
Severity ?
Summary
OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*", matchCriteriaId: "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A", vulnerable: true, }, { criteria: "cpe:2.3:a:openstack:horizon:folsom-3:*:*:*:*:*:*:*", matchCriteriaId: "95F66BD8-E885-4C11-B41D-8D3004BF106D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540.", }, { lang: "es", value: "OpenStack Keystone, tal como se utiliza en OpenStack Folsom Folsom antes-rc1 y OpenStack Essex (2012.1), permite a atacantes remotos añadir un usuario arbitrario a través de una solicitud para actualizar el usuario por defecto para la API de administración. NOTA: este identificador originalmente fue incorrectamente asignado a otro problema, pero el identificador correcto es CVE-2012-3540.", }, ], id: "CVE-2012-3542", lastModified: "2024-11-21T01:41:05.780", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-09-05T23:55:02.523", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/50467", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/50494", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/08/30/6", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/55326", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-1552-1", }, { source: "secalert@redhat.com", url: "https://bugs.launchpad.net/keystone/+bug/1040626", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://github.com/openstack/keystone/commit/5438d3b5a219d7c8fa67e66e538d325a61617155", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://github.com/openstack/keystone/commit/c13d0ba606f7b2bdc609a7f388334e5efec3f3aa", }, { source: "secalert@redhat.com", url: "https://lists.launchpad.net/openstack/msg16282.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/50467", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/50494", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/08/30/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/55326", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-1552-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugs.launchpad.net/keystone/+bug/1040626", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/openstack/keystone/commit/5438d3b5a219d7c8fa67e66e538d325a61617155", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/openstack/keystone/commit/c13d0ba606f7b2bdc609a7f388334e5efec3f3aa", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.launchpad.net/openstack/msg16282.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-03-22 21:55
Modified
2024-11-21 01:50
Severity ?
Summary
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
openstack | essex | 2012.1 | |
openstack | folsom | 2012.2 | |
openstack | grizzly | 2012.2 | |
canonical | ubuntu_linux | 11.10 | |
canonical | ubuntu_linux | 12.04 | |
canonical | ubuntu_linux | 12.10 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*", matchCriteriaId: "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A", vulnerable: true, }, { criteria: "cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*", matchCriteriaId: "E76B76AB-D744-4163-8615-7BA18ABB1347", vulnerable: true, }, { criteria: "cpe:2.3:a:openstack:grizzly:2012.2:*:*:*:*:*:*:*", matchCriteriaId: "C1D5C8DE-FC66-4787-A65B-CA921881DF67", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", matchCriteriaId: "E4174F4F-149E-41A6-BBCC-D01114C05F38", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*", matchCriteriaId: "F5D324C4-97C7-49D3-A809-9EAD4B690C69", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", matchCriteriaId: "E2076871-2E80-4605-A470-A41C1A8EC7EE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.", }, { lang: "es", value: "OpenStack Compute (Nova) Grizzly, Folsom (versión 2012.2) y Essex (versión 2012.1) no implementan apropiadamente una cuota para direcciones IP fijas, lo que permite a los usuarios autenticados remotos causar una denegación de servicio (agotamiento de recursos y fallo para crear nuevas instancias) por medio de un gran número de llamadas a la función addFixedIp.", }, ], evaluatorImpact: "Per http://www.ubuntu.com/usn/usn-1771-1/\r\n\"A security issue affects these releases of Ubuntu and its derivatives:\r\n\r\nUbuntu 12.10\r\nUbuntu 12.04 LTS\r\nUbuntu 11.10\"", id: "CVE-2013-1838", lastModified: "2024-11-21T01:50:29.483", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-03-22T21:55:01.453", references: [ { source: "secalert@redhat.com", url: "http://osvdb.org/91303", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2013-0709.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/52580", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/52728", }, { source: "secalert@redhat.com", url: "http://ubuntu.com/usn/usn-1771-1", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2013/03/14/18", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/58492", }, { source: "secalert@redhat.com", url: "https://bugs.launchpad.net/nova/+bug/1125468", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=919648", }, { source: "secalert@redhat.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/82877", }, { source: "secalert@redhat.com", url: "https://lists.launchpad.net/openstack/msg21892.html", }, { source: "secalert@redhat.com", url: "https://review.openstack.org/#/c/24451/", }, { source: "secalert@redhat.com", url: "https://review.openstack.org/#/c/24452/", }, { source: "secalert@redhat.com", url: "https://review.openstack.org/#/c/24453/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/91303", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2013-0709.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/52580", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/52728", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://ubuntu.com/usn/usn-1771-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2013/03/14/18", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/58492", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugs.launchpad.net/nova/+bug/1125468", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=919648", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/82877", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.launchpad.net/openstack/msg21892.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://review.openstack.org/#/c/24451/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://review.openstack.org/#/c/24452/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://review.openstack.org/#/c/24453/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-03-08 21:55
Modified
2024-11-21 01:47
Severity ?
Summary
(1) installer/basedefs.py and (2) modules/ospluginutils.py in PackStack allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openstack:essex:-:*:*:*:*:*:*:*", matchCriteriaId: "EEEA665A-AE0F-4C48-87F0-83F3EB4E65CB", vulnerable: true, }, { criteria: "cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*", matchCriteriaId: "F5BA13BC-F088-45AA-AD10-B74F89CE5375", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "(1) installer/basedefs.py and (2) modules/ospluginutils.py in PackStack allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.", }, { lang: "es", value: "(1) installer/basedefs.py y (2) modules/ospluginutils.py en PackStack permite a los usuarios locales sobreescribir ficheros de su elección mediante un ataque de enlaces simbólicos en un archivo temporal con un nombre predecible en /tmp.\r\n", }, ], evaluatorImpact: "Per http://rhn.redhat.com/errata/RHSA-2013-0595.html these are the affected products:\r\n\r\nRed Hat OpenStack Essex\r\nRed Hat OpenStack Folsom", id: "CVE-2013-0261", lastModified: "2024-11-21T01:47:10.907", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-03-08T21:55:01.947", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0595.html", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=908101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0595.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=908101", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-11-11 13:00
Modified
2024-11-21 01:44
Severity ?
Summary
The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*", matchCriteriaId: "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A", vulnerable: true, }, { criteria: "cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*", matchCriteriaId: "E76B76AB-D744-4163-8615-7BA18ABB1347", vulnerable: true, }, { criteria: "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):-:*:*:*:*:*:*:*", matchCriteriaId: "EC5343C7-8EBD-49A5-8423-22F88DE0CBD2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.", }, { lang: "es", value: "v2 API en OpenStack Glance Grizzly, Folsom (2012.2)y Essex (2012.1), permite a usuarios remotos autenticados, borrar imágenes no protegidas de su elección a través de una petición de borrado de imagen. NOTA: Esta vulnerabilidad existe por una solución incompleta para CVE-2012-4573.", }, ], id: "CVE-2012-5482", lastModified: "2024-11-21T01:44:44.163", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-11-11T13:00:59.620", references: [ { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html", }, { source: "secalert@redhat.com", url: "http://osvdb.org/87248", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/51174", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/11/07/6", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/11/08/2", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/11/09/1", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/11/09/5", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/56437", }, { source: "secalert@redhat.com", url: "https://bugs.launchpad.net/glance/+bug/1076506", }, { source: "secalert@redhat.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80019", }, { source: "secalert@redhat.com", url: "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88", }, { source: "secalert@redhat.com", url: "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/87248", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/51174", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/11/07/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/11/08/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/11/09/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/11/09/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/56437", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugs.launchpad.net/glance/+bug/1076506", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/80019", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-07-22 16:55
Modified
2024-11-21 01:40
Severity ?
Summary
virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openstack:diablo:2011.3:*:*:*:*:*:*:*", matchCriteriaId: "65FA489C-5FDC-4887-9F1F-66177F87DB5E", vulnerable: true, }, { criteria: "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*", matchCriteriaId: "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A", vulnerable: true, }, { criteria: "cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*", matchCriteriaId: "E76B76AB-D744-4163-8615-7BA18ABB1347", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image.", }, { lang: "es", value: "virt/disk/api.py en OpenStack Compute (Nova) Folsom (2.012,2), Essex (2.012,1) y Diablo (2.011,3) permite a usuarios remotos autenticados sobrescribir archivos arbitrarios a través de un ataque de enlace simbólico un archivo en una imagen.", }, ], id: "CVE-2012-3361", lastModified: "2024-11-21T01:40:42.420", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-07-22T16:55:48.227", references: [ { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083969.html", }, { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/49763", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/49802", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/54278", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-1497-1", }, { source: "secalert@redhat.com", url: "https://bugs.launchpad.net/nova/+bug/1015531", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Patch", ], url: "https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Patch", ], url: "https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9", }, { source: "secalert@redhat.com", url: "https://lists.launchpad.net/openstack/msg14089.html", }, { source: "secalert@redhat.com", url: "https://review.openstack.org/#/c/9268/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083969.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/49763", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/49802", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/54278", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-1497-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugs.launchpad.net/nova/+bug/1015531", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.launchpad.net/openstack/msg14089.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://review.openstack.org/#/c/9268/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-11-11 13:00
Modified
2024-11-21 01:43
Severity ?
Summary
The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*", matchCriteriaId: "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A", vulnerable: true, }, { criteria: "cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*", matchCriteriaId: "E76B76AB-D744-4163-8615-7BA18ABB1347", vulnerable: true, }, { criteria: "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):-:*:*:*:*:*:*:*", matchCriteriaId: "EC5343C7-8EBD-49A5-8423-22F88DE0CBD2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482.", }, { lang: "es", value: "La API v1 en OpenStack Vistazo Grizzly, Folsom (2.012,2) y Essex (2012.1) permite a usuarios autenticados remotamente borrar imágenes de su elección no protegidas a través de una solicitud de eliminación de imágenes, una vulnerabilidad diferente a CVE-2012-5482.", }, ], id: "CVE-2012-4573", lastModified: "2024-11-21T01:43:09.967", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-11-11T13:00:58.883", references: [ { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html", }, { source: "secalert@redhat.com", url: "http://osvdb.org/87248", }, { source: "secalert@redhat.com", url: "http://packetstormsecurity.com/files/118733/Red-Hat-Security-Advisory-2012-1558-01.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2012-1558.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/51174", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/51234", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/11/07/6", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2012/11/09/5", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/56437", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-1626-1", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-1626-2", }, { source: "secalert@redhat.com", url: "https://bugs.launchpad.net/glance/+bug/1065187", }, { source: "secalert@redhat.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/79895", }, { source: "secalert@redhat.com", url: "https://github.com/openstack/glance/commit/6ab0992e5472ae3f9bef0d2ced41030655d9d2bc", }, { source: "secalert@redhat.com", url: "https://github.com/openstack/glance/commit/90bcdc5a89e350a358cf320a03f5afe99795f6f6", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://github.com/openstack/glance/commit/efd7e75b1f419a52c7103c7840e24af8e5deb29d", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/87248", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/118733/Red-Hat-Security-Advisory-2012-1558-01.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2012-1558.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/51174", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/51234", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/11/07/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2012/11/09/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/56437", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-1626-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-1626-2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugs.launchpad.net/glance/+bug/1065187", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/79895", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/openstack/glance/commit/6ab0992e5472ae3f9bef0d2ced41030655d9d2bc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://github.com/openstack/glance/commit/90bcdc5a89e350a358cf320a03f5afe99795f6f6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/openstack/glance/commit/efd7e75b1f419a52c7103c7840e24af8e5deb29d", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-03-22 21:55
Modified
2024-11-21 01:47
Severity ?
Summary
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
openstack | essex | 2012.1 | |
openstack | folsom | 2012.2 | |
openstack | grizzly | 2012.2 | |
canonical | ubuntu_linux | 11.10 | |
canonical | ubuntu_linux | 12.04 | |
canonical | ubuntu_linux | 12.10 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*", matchCriteriaId: "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A", vulnerable: true, }, { criteria: "cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*", matchCriteriaId: "E76B76AB-D744-4163-8615-7BA18ABB1347", vulnerable: true, }, { criteria: "cpe:2.3:a:openstack:grizzly:2012.2:*:*:*:*:*:*:*", matchCriteriaId: "C1D5C8DE-FC66-4787-A65B-CA921881DF67", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", matchCriteriaId: "E4174F4F-149E-41A6-BBCC-D01114C05F38", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*", matchCriteriaId: "F5D324C4-97C7-49D3-A809-9EAD4B690C69", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", matchCriteriaId: "E2076871-2E80-4605-A470-A41C1A8EC7EE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.", }, { lang: "es", value: "OpenStack Compute (Nova) Grizzly, Folsom (v2012.2) y Essex (v2012.1) permite a usuarios remotos autenticados acceder a una máquina virtual en circunstancias oportunistas utilizando el token VNC para eliminar una máquina virtual que se dirigía al mismo puerto VNC.", }, ], evaluatorImpact: "Per http://www.ubuntu.com/usn/USN-1771-1/\r\n\"A security issue affects these releases of Ubuntu and its derivatives:\r\n\r\nUbuntu 12.10\r\nUbuntu 12.04 LTS\r\nUbuntu 11.10\"", id: "CVE-2013-0335", lastModified: "2024-11-21T01:47:19.847", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-03-22T21:55:00.880", references: [ { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2013-0709.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/52337", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/52728", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2013/02/26/7", }, { source: "secalert@redhat.com", url: "http://www.osvdb.org/90657", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-1771-1", }, { source: "secalert@redhat.com", url: "https://bugs.launchpad.net/nova/+bug/1125378", }, { source: "secalert@redhat.com", url: "https://review.openstack.org/#/c/22086/", }, { source: "secalert@redhat.com", url: "https://review.openstack.org/#/c/22758", }, { source: "secalert@redhat.com", url: "https://review.openstack.org/#/c/22872/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2013-0709.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/52337", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/52728", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2013/02/26/7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/90657", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-1771-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugs.launchpad.net/nova/+bug/1125378", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://review.openstack.org/#/c/22086/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://review.openstack.org/#/c/22758", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://review.openstack.org/#/c/22872/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }