Vulnerabilities > Openstack

DATE CVE VULNERABILITY TITLE RISK
2024-08-02 CVE-2024-7319 An incomplete fix for CVE-2023-1625 was found in openstack-heat.
network
low complexity
openstack redhat
5.0
2024-07-24 CVE-2024-40767 Unspecified vulnerability in Openstack Nova
In OpenStack Nova before 27.4.1, 28 before 28.2.1, and 29 before 29.1.1, by supplying a raw format image that is actually a crafted QCOW2 image with a backing file path or VMDK flat image with a descriptor file path, an authenticated user may convince systems to return a copy of the referenced file's contents from the server, resulting in unauthorized access to potentially sensitive data.
network
low complexity
openstack
6.5
2024-07-05 CVE-2024-32498 Unspecified vulnerability in Openstack Nova
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3.
network
low complexity
openstack
6.5
2024-02-01 CVE-2024-1141 Unspecified vulnerability in Openstack Glance-Store
A vulnerability was found in python-glance-store.
local
low complexity
openstack
5.5
2023-09-24 CVE-2023-1625 An information leak was discovered in OpenStack heat.
network
low complexity
openstack redhat
5.0
2023-09-24 CVE-2023-1633 Insufficiently Protected Credentials vulnerability in multiple products
A credentials leak flaw was found in OpenStack Barbican.
local
low complexity
openstack redhat CWE-522
5.5
2023-09-24 CVE-2023-1636 A vulnerability was found in OpenStack Barbican containers.
network
low complexity
openstack redhat
5.0
2023-08-22 CVE-2022-45582 Open Redirect vulnerability in Openstack Horizon
Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter.
network
low complexity
openstack CWE-601
6.1
2023-03-23 CVE-2022-3101 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
A flaw was found in tripleo-ansible.
local
low complexity
redhat openstack CWE-732
5.5
2023-03-23 CVE-2022-3146 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
A flaw was found in tripleo-ansible.
local
low complexity
redhat openstack CWE-732
5.5