Latest Openstack Security Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2020-05-07 CVE-2020-12689 Improper Privilege Management vulnerability in Openstack Keystone
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0.
Medium
2020-05-07 CVE-2020-12690 Insufficient Session Expiration vulnerability in Openstack Keystone
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0.
Medium
2020-05-07 CVE-2020-12691 Missing Encryption of Sensitive Data vulnerability in Openstack Keystone
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0.
Medium
2020-05-07 CVE-2020-12692 Missing Encryption of Sensitive Data vulnerability in Openstack Keystone
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0.
Medium
2020-03-12 CVE-2020-9543 Incorrect Default Permissions vulnerability in Openstack Manila
OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID.
Medium
2020-02-20 CVE-2013-7109 Improper Input Validation vulnerability in Openstack Swift
OpenStack Swift as of 2013-12-15 mishandles PYTHON_EGG_CACHE
Medium
2020-02-19 CVE-2015-9543 Information Exposure vulnerability in Openstack Nova
An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0.
Low
2019-12-30 CVE-2012-5474 Missing Encryption of Sensitive Data vulnerability in multiple products
The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value.
Low
2019-12-30 CVE-2012-5476 Information Exposure vulnerability in multiple products
Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value.
Low
2019-12-10 CVE-2013-2166 Inadequate Encryption Strength vulnerability in multiple products
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass
High