CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-14635 – openstack-neutron: A router interface out of subnet IP range results in a denial of service
https://notcve.org/view.php?id=CVE-2018-14635
When using the Linux bridge ml2 driver, non-privileged tenants are able to create and attach ports without specifying an IP address, bypassing IP address validation. A potential denial of service could occur if an IP address, conflicting with existing guests or routers, is then assigned from outside of the allowed allocation pool. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3 and 11.0.5 are vulnerable. Al emplear el controlador de Linux bridge ml2, los inquilinos sin privilegios pueden crear y adjuntar puertos sin especificar una dirección IP, omitiendo la validación de direcciones IP. Podría ocurrir una denegación de servicio (DoS) si una dirección IP, en conflicto con invitados o routers existentes, se asigna desde fuera del grupo de asignación permitido. • https://access.redhat.com/errata/RHSA-2018:2710 https://access.redhat.com/errata/RHSA-2018:2715 https://access.redhat.com/errata/RHSA-2018:2721 https://access.redhat.com/errata/RHSA-2018:3792 https://bugs.launchpad.net/neutron/+bug/1757482 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14635 https://git.openstack.org/cgit/openstack/neutron/commit/?id=54aa6e81cb17b33ce4d5d469cc11dec2869c762d https://access.redhat.com/security/cve/CVE-2018-14635 https://bugzilla.redhat.com/show • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-14620 – openstack-rabbitmq-container: Insecure download of rabbitmq_clusterer during docker build
https://notcve.org/view.php?id=CVE-2018-14620
The OpenStack RabbitMQ container image insecurely retrieves the rabbitmq_clusterer component over HTTP during the build stage. This could potentially allow an attacker to serve malicious code to the image builder and install in the resultant container image. Version of openstack-rabbitmq-container and openstack-containers as shipped with Red Hat Openstack 12, 13, 14 are believed to be vulnerable. La imagen del contenedor de OpenStack RabbitMQ recupera de forma insegura el componente rabbitmq_clusterer por HTTP durante la fase de construcción. Esto podría permitir que un atacante sirva código malicioso al builder de imagen e instale la imagen de contenedor resultante. • https://access.redhat.com/errata/RHSA-2018:2721 https://access.redhat.com/errata/RHSA-2018:2729 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14620 https://access.redhat.com/security/cve/CVE-2018-14620 https://bugzilla.redhat.com/show_bug.cgi?id=1626953 • CWE-20: Improper Input Validation CWE-494: Download of Code Without Integrity Check •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-15139 – openstack-cinder: Data retained after deletion of a ScaleIO volume
https://notcve.org/view.php?id=CVE-2017-15139
A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants. Se ha detectado una vulnerabilidad en las versiones de openstack-cinder hasta (e incluyendo) Queens, que permite que los volúmenes nuevos creados en ciertas configuraciones de volúmenes de almacenamiento contengan datos anteriores. Específicamente, esto afecta a los volúmenes ScaleIO que emplean volúmenes finos y un relleno de cero. • https://access.redhat.com/errata/RHSA-2018:3601 https://access.redhat.com/errata/RHSA-2019:0917 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15139 https://wiki.openstack.org/wiki/OSSN/OSSN-0084 https://access.redhat.com/security/cve/CVE-2017-15139 https://bugzilla.redhat.com/show_bug.cgi?id=1599899 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.5EPSS: 0%CPEs: 17EXPL: 0CVE-2018-10915 – postgresql: Certain host connection parameters defeat client-side security defenses
https://notcve.org/view.php?id=CVE-2018-10915
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected. Se ha encontrado una vulnerabilidad en qemu-img, la biblioteca de cliente por defecto de PostgreSQL por la que libpq fracasa a la hora de restablecer su estado interno entre conexiones. Si se emplea una versión afectada de libpq se emplea con parámetros de conexión "host" o "hostaddr" desde entradas no fiables, los atacantes podrían omitir características de seguridad de conexión del lado del cliente, obtener acceso a conexiones con mayores privilegios o, posiblemente, provocar otro tipo de impacto mediante una inyección SQL. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html http://www.securityfocus.com/bid/105054 http://www.securitytracker.com/id/1041446 https://access.redhat.com/errata/RHSA-2018:2511 https://access.redhat.com/errata/RHSA-2018:2557 https://access.redhat.com/errata/RHSA-2018:2565 https://access.redhat.com/errata/RHSA-2018:2566 https://access.redhat.com/errata/RHSA-2018:2643 https://access.redhat.com/errata/RHSA-2018:2721 https://access.redhat.com/errata&#x • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-665: Improper Initialization •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2018-14432 – openstack-keystone: Information Exposure through /v3/OS-FEDERATION/projects
https://notcve.org/view.php?id=CVE-2018-14432
In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access, leaking all projects in the deployment and their attributes. Only Keystone with the /v3/OS-FEDERATION endpoint enabled via policy.json is affected. En el componente Federation de OpenStack Keystone en versiones anteriores a la 11.0.4, 12.0.0 y 13.0.0, una petición "GET /v3/OS-FEDERATION/projects" autenticada podría omitir las restricciones de acceso planeadas en los proyectos en lista. Un usuario autenticado podría descubrir proyectos a los que no están autorizados a acceder, filtrando todos los proyectos desplegados y sus atributos. • http://www.openwall.com/lists/oss-security/2018/07/25/2 http://www.securityfocus.com/bid/104930 https://access.redhat.com/errata/RHSA-2018:2523 https://access.redhat.com/errata/RHSA-2018:2533 https://access.redhat.com/errata/RHSA-2018:2543 https://www.debian.org/security/2018/dsa-4275 https://access.redhat.com/security/cve/CVE-2018-14432 https://bugzilla.redhat.com/show_bug.cgi?id=1606868 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •