Vulnerabilities > Openstack

DATE CVE VULNERABILITY TITLE RISK
2021-06-02 CVE-2017-8761 Information Exposure vulnerability in Openstack Swift
In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs.
network
low complexity
openstack CWE-200
4.3
4.3
2021-05-28 CVE-2021-20267 A flaw was found in openstack-neutron's default Open vSwitch firewall rules.
network
low complexity
openstack redhat
7.1
7.1
2020-12-04 CVE-2020-29565 Open Redirect vulnerability in multiple products
An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x.
network
low complexity
openstack debian CWE-601
6.1
6.1
2020-10-16 CVE-2020-26943 Unspecified vulnerability in Openstack Blazar-Dashboard
An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0.
network
low complexity
openstack
critical
 9.9
9.9
2020-08-26 CVE-2020-17376 XXE vulnerability in Openstack Nova
An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0.
network
low complexity
openstack CWE-611
8.3
8.3
2020-05-07 CVE-2020-12692 Authentication Bypass by Capture-replay vulnerability in multiple products
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0.
network
low complexity
openstack canonical CWE-294
5.4
5.4
2020-05-07 CVE-2020-12691 Incorrect Authorization vulnerability in multiple products
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0.
network
low complexity
openstack canonical CWE-863
8.8
8.8
2020-05-07 CVE-2020-12690 Insufficient Session Expiration vulnerability in Openstack Keystone
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0.
network
low complexity
openstack CWE-613
8.8
8.8
2020-05-07 CVE-2020-12689 Improper Privilege Management vulnerability in multiple products
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0.
network
low complexity
openstack canonical CWE-269
8.8
8.8
2020-03-12 CVE-2020-9543 Incorrect Default Permissions vulnerability in Openstack Manila
OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID.
network
low complexity
openstack CWE-276
8.3
8.3