Vulnerabilities > Openstack > Grizzly > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-12-27 | CVE-2013-2030 | Permissions, Privileges, and Access Controls vulnerability in Openstack products keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora. | 2.1 |
2013-11-02 | CVE-2013-4477 | Permissions, Privileges, and Access Controls vulnerability in Openstack Grizzly and Havana The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges. | 3.3 |
2013-10-29 | CVE-2013-4261 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send long strings to an instance console and retrieving the console log. | 3.5 |
2013-07-09 | CVE-2013-2096 | Resource Management Errors vulnerability in Openstack Folsom, Grizzly and Havana OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of data. | 2.1 |