CVE-2017-7200
https://notcve.org/view.php?id=CVE-2017-7200
An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to enumerate internal network details while appearing masked, since the scan would appear to originate from the Glance Image service. Un problema SSRF ha sido descubierto en OpenStack Glance en versiones anteriores a Newton. • http://www.securityfocus.com/bid/96988 https://bugs.launchpad.net/ossn/+bug/1153614 https://bugs.launchpad.net/ossn/+bug/1606495 https://wiki.openstack.org/wiki/OSSN/OSSN-0078 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2017-2592 – python-oslo-middleware: CatchErrors leaks sensitive values into error logs
https://notcve.org/view.php?id=CVE-2017-2592
python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens). python-oslo-middleware en versiones anteriores a la 3.8.1, 3.19.1 y 3.23.1 es vulnerable a una divulgación de información. El software que emplea la clase CatchError incluye valores sensibles en un mensaje de error de traceback. Los usuarios del sistema podrían explotar este error para obtener información sensible de los registros de errores del componente openStack (por ejemplo, los tokens keystone). • http://lists.openstack.org/pipermail/openstack-announce/2017-January/002002.html http://rhn.redhat.com/errata/RHSA-2017-0300.html http://rhn.redhat.com/errata/RHSA-2017-0435.html http://www.securityfocus.com/bid/95827 https://access.redhat.com/errata/RHSA-2017:0300 https://access.redhat.com/errata/RHSA-2017:0435 https://bugs.launchpad.net/keystonemiddleware/+bug/1628031 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2592 https://review.openstack.org/#/c/425730 https& • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2017-5936
https://notcve.org/view.php?id=CVE-2017-5936
OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions. OpenStack Nova-LXD en versiones anteriores a 13.1.1 usa el nombre incorrecto en los pares veth cuando se aplican las reglas del grupo de seguridad Neutron por instancias, lo que permite a atacantes remotos eludir las restricciones de seguridad previstas. • http://www.openwall.com/lists/oss-security/2017/02/09/3 http://www.securityfocus.com/bid/96182 http://www.ubuntu.com/usn/USN-3195-1 https://bugs.launchpad.net/nova-lxd/+bug/1656847 https://github.com/openstack/nova-lxd/commit/1b76cefb92081efa1e88cd8f330253f857028bd2 •
CVE-2016-9590 – puppet-swift: installs config file with world readable permissions
https://notcve.org/view.php?id=CVE-2016-9590
puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage (swift). During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions. puppet-swift en versiones anteriores a la 8.2.1 y 9.4.4 es vulnerable a la divulgación de información en la instalación de Object Storage (swift) de Red Hat OpenStack Platform director. Durante la instalación, el script Puppet responsable de desplegar el servicio elimina y recrea incorrectamente el archivo proxy-server.conf con permisos de lectura globales. An information-disclosure flaw was discovered in Red Hat OpenStack Platform director's installation of Object Storage (swift). During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions. • http://rhn.redhat.com/errata/RHSA-2017-0200.html http://rhn.redhat.com/errata/RHSA-2017-0359.html http://rhn.redhat.com/errata/RHSA-2017-0361.html http://www.securityfocus.com/bid/95448 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9590 https://access.redhat.com/security/cve/CVE-2016-9590 https://bugzilla.redhat.com/show_bug.cgi?id=1410293 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-5737
https://notcve.org/view.php?id=CVE-2016-5737
The Gerrit configuration in the Openstack Puppet module for Gerrit (aka puppet-gerrit) improperly marks text/html as a safe mimetype, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a crafted review. La configuración de Gerrit en el módulo Openstack Puppet para Gerrit (también conocido como puppet-gerrit) marca indebidamente text/html como un mimetype seguro, lo que podrían permitir a atacantes remotos llevar a cabo ataques XSS a través de una revisión manipulada. • http://www.openwall.com/lists/oss-security/2016/06/22/2 http://www.securityfocus.com/bid/91352 https://github.com/openstack-infra/puppet-gerrit/commit/8573c2ee172f66c1667de49685c88fdc8883ca8b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •