Vulnerabilities > Openstack

DATE CVE VULNERABILITY TITLE RISK
2018-12-17 CVE-2018-20170 Information Exposure vulnerability in Openstack Keystone
OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request.
network
low complexity
openstack CWE-200
5.3
2018-09-10 CVE-2018-14636 Unspecified vulnerability in Openstack Neutron
Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor.
network
high complexity
openstack
5.3
2018-09-10 CVE-2018-14635 Improper Input Validation vulnerability in multiple products
When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation.
network
low complexity
redhat openstack CWE-20
6.5
2018-08-27 CVE-2017-15139 Information Exposure vulnerability in multiple products
A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data.
network
low complexity
openstack redhat CWE-200
7.5
2018-08-22 CVE-2017-2627 Path Traversal vulnerability in multiple products
A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11.
local
low complexity
redhat openstack CWE-22
8.2
2018-07-31 CVE-2016-8611 Unspecified vulnerability in Openstack Glance
A vulnerability was found in Openstack Glance.
network
low complexity
openstack
6.5
2018-07-31 CVE-2018-14432 Information Exposure vulnerability in multiple products
In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects.
network
high complexity
debian redhat openstack CWE-200
5.3
2018-07-30 CVE-2018-10898 Use of Hard-coded Credentials vulnerability in multiple products
A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40.
low complexity
redhat openstack CWE-798
8.8
2018-07-27 CVE-2017-2621 An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable.
local
low complexity
redhat openstack
5.5
2018-07-26 CVE-2017-7543 A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled.
network
high complexity
openstack redhat
5.9