Latest Openstack Security Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-07 | CVE-2020-12689 | Improper Privilege Management vulnerability in Openstack Keystone An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. | Medium |
| 2020-05-07 | CVE-2020-12690 | Insufficient Session Expiration vulnerability in Openstack Keystone An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. | Medium |
| 2020-05-07 | CVE-2020-12691 | Missing Encryption of Sensitive Data vulnerability in Openstack Keystone An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. | Medium |
| 2020-05-07 | CVE-2020-12692 | Missing Encryption of Sensitive Data vulnerability in Openstack Keystone An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. | Medium |
| 2020-03-12 | CVE-2020-9543 | Incorrect Default Permissions vulnerability in Openstack Manila OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. | Medium |
| 2020-02-20 | CVE-2013-7109 | Improper Input Validation vulnerability in Openstack Swift OpenStack Swift as of 2013-12-15 mishandles PYTHON_EGG_CACHE | Medium |
| 2020-02-19 | CVE-2015-9543 | Information Exposure vulnerability in Openstack Nova An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. | Low |
| 2019-12-30 | CVE-2012-5474 | Missing Encryption of Sensitive Data vulnerability in multiple products The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value. | Low |
| 2019-12-30 | CVE-2012-5476 | Information Exposure vulnerability in multiple products Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value. | Low |
| 2019-12-10 | CVE-2013-2166 | Inadequate Encryption Strength vulnerability in multiple products python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass | High |