Vulnerabilities > Openstack > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-03-06 CVE-2022-3277 Resource Exhaustion vulnerability in multiple products
An uncontrolled resource consumption flaw was found in openstack-neutron.
network
low complexity
redhat openstack CWE-400
6.5
2023-01-26 CVE-2022-47951 Path Traversal vulnerability in multiple products
An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0.
network
low complexity
openstack debian CWE-22
5.7
2023-01-18 CVE-2022-3100 A flaw was found in the openstack-barbican component.
network
high complexity
openstack redhat
5.9
2023-01-18 CVE-2022-47950 Files or Directories Accessible to External Parties vulnerability in multiple products
An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0.
network
low complexity
openstack debian CWE-552
6.5
2022-09-01 CVE-2022-23452 An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container.
network
low complexity
openstack redhat
4.9
2022-09-01 CVE-2022-2447 Operation on a Resource after Expiration or Release vulnerability in multiple products
A flaw was found in Keystone.
network
high complexity
openstack redhat CWE-672
6.6
2022-08-29 CVE-2022-0718 Information Exposure Through Log Files vulnerability in multiple products
A flaw was found in python-oslo-utils.
network
low complexity
openstack redhat debian CWE-532
4.9
2022-08-26 CVE-2021-3585 Cleartext Storage of Sensitive Information vulnerability in Openstack Tripleo Heat Templates
A flaw was found in openstack-tripleo-heat-templates.
local
low complexity
openstack CWE-312
5.5
2022-03-23 CVE-2021-4180 Exposure of Resource to Wrong Sphere vulnerability in multiple products
An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname.
network
low complexity
redhat openstack CWE-668
4.3
2022-03-02 CVE-2021-3654 Open Redirect vulnerability in multiple products
A vulnerability was found in openstack-nova's console proxy, noVNC.
network
low complexity
openstack redhat CWE-601
6.1