CVE-2013-2255
https://notcve.org/view.php?id=CVE-2013-2255
HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. HTTPSConnections en OpenStack Keystone versión 2013, OpenStack Compute versión 2013.1 y posiblemente otros componentes de OpenStack, no pueden comprobar los certificados SSL del lado del servidor. • https://access.redhat.com/security/cve/cve-2013-2255 https://bugs.launchpad.net/ossn/+bug/1188189 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2255 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-2255 https://exchange.xforce.ibmcloud.com/vulnerabilities/85562 https://security-tracker.debian.org/tracker/CVE-2013-2255 https://www.securityfocus.com/bid/61118 • CWE-295: Improper Certificate Validation •
CVE-2019-15753
https://notcve.org/view.php?id=CVE-2019-15753
In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instances belonging to other tenants sharing the same network. Only deployments using the linuxbridge backend are affected. This occurs in PyRoute2.add() in internal/command/ip/linux/impl_pyroute2.py. En OpenStack os-vif versiones 1.15.x anteriores a 1.15.2 y versión 1.16.0, un tiempo de envejecimiento de la MAC de 0 embebido deshabilita el aprendizaje de MAC en linuxbridge, forzando a la inundación obligatoria de Ethernet de destinos no locales, lo que impide tanto el desempeño de la red como permitir a usuarios posiblemente visualizar el contenido de paquetes para instancias que pertenecen a otros inquilinos que comparten la misma red. Solo las implementaciones que utilizan el backend de linuxbridge están afectadas. • http://www.openwall.com/lists/oss-security/2019/08/29/2 https://launchpad.net/bugs/1837252 https://review.opendev.org/672834 https://review.opendev.org/678098 https://security.openstack.org/ossa/OSSA-2019-004.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2019-14433 – openstack-nova: Nova server resource faults leak external exception details
https://notcve.org/view.php?id=CVE-2019-14433
An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensitive configuration or other data. Se detectó un problema en OpenStack Nova en versiones anteriores a 17.0.12, versiones 18.x anteriores a 18.2.2, y versiones 19.x anteriores a 19.0.2. Si una petición de la API de un usuario autenticado termina en una condición de fallo debido a una excepción externa, los detalles del entorno subyacente puede ser filtrados en la respuesta, y podrían incluir una configuración confidencial u otros datos. A vulnerability was found in the Nova Compute resource fault handling. • http://www.openwall.com/lists/oss-security/2019/08/06/6 https://access.redhat.com/errata/RHSA-2019:2622 https://access.redhat.com/errata/RHSA-2019:2631 https://access.redhat.com/errata/RHSA-2019:2652 https://launchpad.net/bugs/1837877 https://lists.debian.org/debian-lts-announce/2022/09/msg00018.html https://security.openstack.org/ossa/OSSA-2019-003.html https://usn.ubuntu.com/4104-1 https://access.redhat.com/security/cve/CVE-2019-14433 https://bugzilla.redhat. • CWE-209: Generation of Error Message Containing Sensitive Information •
CVE-2019-10141 – openstack-ironic-inspector: SQL Injection vulnerability when receiving introspection data
https://notcve.org/view.php?id=CVE-2019-10141
A vulnerability was found in openstack-ironic-inspector all versions excluding 5.0.2, 6.0.3, 7.2.4, 8.0.3 and 8.2.1. A SQL-injection vulnerability was found in openstack-ironic-inspector's node_cache.find_node(). This function makes a SQL query using unfiltered data from a server reporting inspection results (by a POST to the /v1/continue endpoint). Because the API is unauthenticated, the flaw could be exploited by an attacker with access to the network on which ironic-inspector is listening. Because of how ironic-inspector uses the query results, it is unlikely that data could be obtained. • https://access.redhat.com/errata/RHSA-2019:2505 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10141 https://docs.openstack.org/releasenotes/ironic-inspector/ocata.html#relnotes-5-0-2-7-origin-stable-ocata https://docs.openstack.org/releasenotes/ironic-inspector/pike.html#relnotes-6-0-3-4-stable-pike https://docs.openstack.org/releasenotes/ironic-inspector/queens.html#relnotes-7-2-4-stable-queens https://docs.openstack.org/releasenotes/ironic-inspector/rocky.html#relnotes-8-0-3-stable-rocky • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2016-7404
https://notcve.org/view.php?id=CVE-2016-7404
OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform. OpenStack Magnum pasa las credenciales de OpenStack a las plantillas Heat creando sus instancias. Si bien esto solo debe ser usado para recuperar los certificados SSL de las instancias, permiten el acceso total a la API, y pueden usarse para llevar a cabo cualquier operación de la API que el usuario esté autorizado a realizar. • https://bugs.launchpad.net/magnum/+bug/1620536 https://bugzilla.suse.com/show_bug.cgi?id=998182 https://opendev.org/openstack/magnum/commit/0bb0d6486d6771ee21bbf897a091b1aa59e01b22 https://www.securityfocus.com/bid/98467 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •