Vulnerabilities > Openstack

DATE CVE VULNERABILITY TITLE RISK
2021-06-02 CVE-2017-8761 Information Exposure vulnerability in Openstack Swift
In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs.
network
low complexity
openstack CWE-200
4.0
2021-05-28 CVE-2021-20267 Insufficient Verification of Data Authenticity vulnerability in multiple products
A flaw was found in openstack-neutron's default Open vSwitch firewall rules.
network
low complexity
openstack redhat CWE-345
5.5
2020-12-04 CVE-2020-29565 Open Redirect vulnerability in multiple products
An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x.
5.8
2020-10-16 CVE-2020-26943 Unspecified vulnerability in Openstack Blazar-Dashboard 2.0.0/3.0.0
An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0.
network
low complexity
openstack
critical
9.0
2020-08-26 CVE-2020-17376 XXE vulnerability in Openstack Nova
An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0.
network
low complexity
openstack CWE-611
6.5
2020-05-07 CVE-2020-12692 Missing Encryption of Sensitive Data vulnerability in Openstack Keystone
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0.
network
low complexity
openstack CWE-311
5.5
2020-05-07 CVE-2020-12691 Missing Encryption of Sensitive Data vulnerability in Openstack Keystone
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0.
network
low complexity
openstack CWE-311
6.5
2020-05-07 CVE-2020-12690 Insufficient Session Expiration vulnerability in Openstack Keystone
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0.
network
low complexity
openstack CWE-613
6.5
2020-05-07 CVE-2020-12689 Improper Privilege Management vulnerability in Openstack Keystone
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0.
network
low complexity
openstack CWE-269
6.5
2020-03-12 CVE-2020-9543 Incorrect Default Permissions vulnerability in Openstack Manila
OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID.
network
low complexity
openstack CWE-276
6.5