Vulnerabilities > Openstack > High

DATE CVE VULNERABILITY TITLE RISK
2022-12-21 CVE-2022-38060 Untrusted Search Path vulnerability in Openstack Kolla
A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618.
local
low complexity
openstack CWE-426
7.8
7.8
2022-09-06 CVE-2022-23451 Incorrect Authorization vulnerability in multiple products
An authorization flaw was found in openstack-barbican.
network
low complexity
openstack redhat CWE-863
8.1
8.1
2022-08-26 CVE-2021-3563 Incorrect Authorization vulnerability in multiple products
A flaw was found in openstack-keystone.
network
high complexity
openstack debian redhat CWE-863
7.4
7.4
2021-08-06 CVE-2021-38155 Improper Restriction of Excessive Authentication Attempts vulnerability in Openstack Keystone
OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features).
network
low complexity
openstack CWE-307
7.5
7.5
2021-05-28 CVE-2021-20267 Insufficient Verification of Data Authenticity vulnerability in multiple products
A flaw was found in openstack-neutron's default Open vSwitch firewall rules.
network
low complexity
openstack redhat CWE-345
7.1
7.1
2020-05-07 CVE-2020-12691 Incorrect Authorization vulnerability in multiple products
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0.
network
low complexity
openstack canonical CWE-863
8.8
8.8
2020-05-07 CVE-2020-12690 Insufficient Session Expiration vulnerability in Openstack Keystone
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0.
network
low complexity
openstack CWE-613
8.8
8.8
2020-05-07 CVE-2020-12689 Improper Privilege Management vulnerability in multiple products
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0.
network
low complexity
openstack canonical CWE-269
8.8
8.8
2019-06-21 CVE-2016-7404 Information Exposure vulnerability in Openstack Magnum
OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances.
network
low complexity
openstack CWE-200
7.5
7.5
2018-08-27 CVE-2017-15139 Information Exposure vulnerability in multiple products
A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data.
network
low complexity
openstack redhat CWE-200
7.5
7.5