Vulnerabilities > Openstack > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-21 | CVE-2022-38060 | Untrusted Search Path vulnerability in Openstack Kolla A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. | 7.8 |
2022-09-06 | CVE-2022-23451 | An authorization flaw was found in openstack-barbican. | 8.1 |
2022-08-26 | CVE-2021-3563 | Incorrect Authorization vulnerability in multiple products A flaw was found in openstack-keystone. | 7.4 |
2021-08-06 | CVE-2021-38155 | Improper Restriction of Excessive Authentication Attempts vulnerability in Openstack Keystone OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). | 7.5 |
2021-05-28 | CVE-2021-20267 | A flaw was found in openstack-neutron's default Open vSwitch firewall rules. | 7.1 |
2020-08-26 | CVE-2020-17376 | XXE vulnerability in Openstack Nova An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. | 8.3 |
2020-05-07 | CVE-2020-12691 | Incorrect Authorization vulnerability in multiple products An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. | 8.8 |
2020-05-07 | CVE-2020-12690 | Insufficient Session Expiration vulnerability in Openstack Keystone An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. | 8.8 |
2020-05-07 | CVE-2020-12689 | Improper Privilege Management vulnerability in multiple products An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. | 8.8 |
2020-03-12 | CVE-2020-9543 | Incorrect Default Permissions vulnerability in Openstack Manila OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that do not belong to them, because of a context-free lookup of a UUID. | 8.3 |