Vulnerabilities > Openstack

DATE CVE VULNERABILITY TITLE RISK
2022-08-26 CVE-2021-3563 Incorrect Authorization vulnerability in multiple products
A flaw was found in openstack-keystone.
network
high complexity
openstack debian redhat CWE-863
7.4
7.4
2022-08-26 CVE-2021-3585 Cleartext Storage of Sensitive Information vulnerability in Openstack Tripleo Heat Templates
A flaw was found in openstack-tripleo-heat-templates.
local
low complexity
openstack CWE-312
5.5
5.5
2022-08-03 CVE-2022-37394 Unspecified vulnerability in Openstack Nova
An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2.
local
low complexity
openstack
3.3
3.3
2022-03-23 CVE-2021-4180 Exposure of Resource to Wrong Sphere vulnerability in multiple products
An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname.
network
low complexity
redhat openstack CWE-668
4.3
4.3
2022-03-02 CVE-2021-3654 Open Redirect vulnerability in multiple products
A vulnerability was found in openstack-nova's console proxy, noVNC.
network
low complexity
openstack redhat CWE-601
6.1
6.1
2021-09-08 CVE-2021-40797 Missing Release of Resource after Effective Lifetime vulnerability in Openstack Neutron
An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1.
network
low complexity
openstack CWE-772
6.5
6.5
2021-08-31 CVE-2021-40085 An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1.
network
low complexity
openstack debian
6.5
6.5
2021-08-23 CVE-2021-38598 Authentication Bypass by Spoofing vulnerability in Openstack Neutron
OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform.
network
low complexity
openstack CWE-290
critical
 9.1
9.1
2021-08-06 CVE-2021-38155 Improper Restriction of Excessive Authentication Attempts vulnerability in Openstack Keystone
OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features).
network
low complexity
openstack CWE-307
7.5
7.5
2021-06-02 CVE-2017-8761 Information Exposure vulnerability in Openstack Swift
In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs.
network
low complexity
openstack CWE-200
4.3
4.3