Vulnerabilities > Openstack
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-17 | CVE-2018-20170 | Information Exposure vulnerability in Openstack Keystone OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. | 5.3 |
| 2018-09-10 | CVE-2018-14636 | Unspecified vulnerability in Openstack Neutron Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. | 5.3 |
| 2018-09-10 | CVE-2018-14635 | Improper Input Validation vulnerability in multiple products When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. | 6.5 |
| 2018-08-27 | CVE-2017-15139 | Information Exposure vulnerability in multiple products A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. | 7.5 |
| 2018-08-22 | CVE-2017-2627 | Path Traversal vulnerability in multiple products A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. | 8.2 |
| 2018-07-31 | CVE-2016-8611 | Resource Exhaustion vulnerability in Openstack Glance A vulnerability was found in Openstack Glance. | 6.5 |
| 2018-07-31 | CVE-2018-14432 | Information Exposure vulnerability in multiple products In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. | 5.3 |
| 2018-07-30 | CVE-2018-10898 | Use of Hard-coded Credentials vulnerability in multiple products A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. | 8.8 |
| 2018-07-27 | CVE-2017-2621 | Files or Directories Accessible to External Parties vulnerability in multiple products An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. | 5.5 |
| 2018-07-26 | CVE-2017-7543 | Race Condition vulnerability in multiple products A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. | 5.9 |