CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7548 – openstack-nova: Unprivileged API user can access host data using instance snapshot
https://notcve.org/view.php?id=CVE-2015-7548
OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesting a snapshot. OpenStack Compute (Nova) en versiones anteriores a 2015.1.3 (kilo) y 12.0.x en versiones anteriores a 12.0.1 (liberty), cuando se utiliza libvirt para producir instancias y use_cow_images se establece en false, permite a usuarios remotos autenticados leer archivos arbitrarios sobrescribiendo una instancia de disco con una imagen manipulada y solicitando una instantánea. A flaw was discovered in the OpenStack Compute (nova) snapshot feature when using the libvirt driver. A compute user could overwrite an attached instance disk with a malicious header specifying a backing file, and then request a snapshot, causing a file from the compute host to be leaked. This flaw only affects LVM or Ceph setups, or setups using filesystem storage with "use_cow_images = False". • http://rhn.redhat.com/errata/RHSA-2016-0018.html http://www.securityfocus.com/bid/80176 https://security.openstack.org/ossa/OSSA-2016-001.html https://access.redhat.com/security/cve/CVE-2015-7548 https://bugzilla.redhat.com/show_bug.cgi?id=1290511 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5303 – python-rdomanager-oscplugin: NeutronMetadataProxySharedSecret parameter uses default value
https://notcve.org/view.php?id=CVE-2015-5303
The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter. Las plantillas TripleO Heat (tripleo-heat-templates), cuando se despliegan través de la interfaz de línea de comandos, permiten a atacantes remotos suplantar peticiones de metadatos OpenStack Networking aprovechando el conocimiento del valor por defecto del parámetro NeutronMetadataProxySharedSecret. It was discovered that Director's NeutronMetadataProxySharedSecret parameter remained specified at the default value of 'unset'. This value is used by OpenStack Networking to sign instance headers; if unchanged, an attacker knowing the shared secret could use this flaw to spoof OpenStack Networking metadata requests. • https://access.redhat.com/errata/RHSA-2015:2650 https://bugs.launchpad.net/tripleo/+bug/1516027 https://access.redhat.com/security/cve/CVE-2015-5303 https://bugzilla.redhat.com/show_bug.cgi?id=1272297 • CWE-254: 7PK - Security Features •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-7713 – openstack-nova: network security group changes are not applied to running instances
https://notcve.org/view.php?id=CVE-2015-7713
OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made. OpenStack Compute (Nova) en versiones anteriores a 2014.2.4 (juno) y 2015.1.x en versiones anteriores a 2015.1.2 (kilo) no aplica correctamente los cambios de grupos de seguridad, lo que permite a atacantes remotos eludir las restricciones previstas mediante el aprovechamiento de una instancia que se estaba ejecutando cuando se hizo el cambio. A vulnerability was discovered in the way OpenStack Compute (nova) networking handled security group updates; changes were not applied to already running VM instances. A remote attacker could use this flaw to access running VM instances. • http://rhn.redhat.com/errata/RHSA-2015-2684.html http://www.securityfocus.com/bid/76960 https://access.redhat.com/errata/RHSA-2015:2673 https://bugs.launchpad.net/nova/+bug/1491307 https://bugs.launchpad.net/nova/+bug/1492961 https://security.openstack.org/ossa/OSSA-2015-021.html https://access.redhat.com/security/cve/CVE-2015-7713 https://bugzilla.redhat.com/show_bug.cgi?id=1269119 • CWE-254: 7PK - Security Features CWE-285: Improper Authorization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5306 – openstack-ironic-discoverd: potential remote code execution with debug mode enabled
https://notcve.org/view.php?id=CVE-2015-5306
OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error. OpenStack Ironic Inspector (también conocido como ironic-inspector o ironic-discoverd), cuando el modo depurardor está habilitado, podría permitir a atacantes remotos acceder a la consola Flask y ejecutar código Python arbitrario desencadenando un error. It was discovered that enabling debug mode in openstack-ironic-discoverd also enabled debug mode in the underlying Flask framework. If errors were encountered while Flask was in debug mode, a user experiencing an error might be able to access the debug console (effectively, a command shell). • http://rhn.redhat.com/errata/RHSA-2015-2685.html https://access.redhat.com/errata/RHSA-2015:1929 https://bugs.launchpad.net/ironic-inspector/+bug/1506419 https://bugzilla.redhat.com/show_bug.cgi?id=1273698 https://access.redhat.com/security/cve/CVE-2015-5306 • CWE-254: 7PK - Security Features CWE-749: Exposed Dangerous Method or Function •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5223 – openstack-swift: Information leak via Swift tempurls
https://notcve.org/view.php?id=CVE-2015-5223
OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container. OpenStack Object Storage (Swift) en versiones anteriores a 2.4.0 permite a atacantes obtener información sensible a través de un PUT tempurl y un manifiesto de objeto DLO que hace referencia a un objeto en otro contenedor. A flaw was discovered in the OpenStack Object Storage service (swift) TempURLs. An attacker in possession of a TempURL key with PUT permissions could gain read access to other objects in the same project (tenant). • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html http://rhn.redhat.com/errata/RHSA-2015-1895.html http://rhn.redhat.com/errata/RHSA-2016-0329.html http://www.openwall.com/lists/oss-security/2015/08/26/5 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/84827 https://bugs.launchpad.net/swift/+bug/1449212 https://bugs.launchpad.net/swift/+bug/1453948 https://security.openstack.org/ossa/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •