Vulnerabilities > Openstack > Manila > 1.0.0

DATE CVE VULNERABILITY TITLE RISK
2020-03-12 CVE-2020-9543 Incorrect Default Permissions vulnerability in Openstack Manila
OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID.
network
low complexity
openstack CWE-276
6.5
2017-04-21 CVE-2016-6519 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form.
network
low complexity
redhat openstack CWE-79
5.4