Vulnerabilities > Openstack

DATE	CVE	VULNERABILITY TITLE	RISK
2020-05-07	CVE-2020-12691	Incorrect Authorization vulnerability in multiple products An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. network low complexity openstack canonical CWE-863	8.8
2020-05-07	CVE-2020-12690	Insufficient Session Expiration vulnerability in Openstack Keystone An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. network low complexity openstack CWE-613	8.8
2020-05-07	CVE-2020-12689	Improper Privilege Management vulnerability in multiple products An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. network low complexity openstack canonical CWE-269	8.8
2020-03-12	CVE-2020-9543	Incorrect Default Permissions vulnerability in Openstack Manila OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. network low complexity openstack CWE-276	6.5
2020-02-19	CVE-2015-9543	Information Exposure vulnerability in Openstack Nova An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. local low complexity openstack CWE-200	2.1
2019-12-30	CVE-2012-5476	Information Exposure vulnerability in multiple products Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value. local low complexity openstack debian CWE-200	2.1
2019-12-30	CVE-2012-5474	Missing Encryption of Sensitive Data vulnerability in multiple products The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value. local low complexity redhat openstack debian fedoraproject CWE-311	2.1
2019-12-10	CVE-2013-2167	Insufficient Verification of Data Authenticity vulnerability in multiple products python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass network low complexity openstack redhat debian CWE-345 critical	9.8
2019-12-10	CVE-2013-2166	Inadequate Encryption Strength vulnerability in multiple products python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass network low complexity openstack redhat fedoraproject debian CWE-326 critical	9.8
2019-12-09	CVE-2019-19687	Insufficiently Protected Credentials vulnerability in Openstack Keystone 15.0.0/16.0.0 OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. network openstack CWE-522	3.5

Vulnerabilities > Openstack {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Openstack"}]}

Vulnerabilities > Openstack