Vulnerabilities > Openstack > Essex > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-03-22 | CVE-2013-1840 | Information Exposure vulnerability in Openstack Glance V1 The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image. | 3.5 |
| 2013-03-08 | CVE-2013-0266 | Race Condition vulnerability in Openstack Essex and Folsom manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files. | 2.1 |
| 2012-12-18 | CVE-2012-5571 | Credentials Management vulnerability in Openstack Essex and Folsom OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role. | 3.5 |
| 2012-07-17 | CVE-2012-3371 | Improper Input Validation vulnerability in Openstack Compute, Essex and Folsom The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section. | 3.5 |