CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5240 – openstack-neutron: Firewall rules bypass through port update
https://notcve.org/view.php?id=CVE-2015-5240
Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: before the security group rules are applied. Condición de carrera en OpenStack Neutron en versiones anteriores 2014.2.4 and 2015.1 en versiones anteriores 2015.1.2, cuando se utiliza el plugin ML2 o los grupos de seguridad de API AMQP, permite a usuarios remotos autenticados eludir controles IP anti-spoofing cambiando el propietario del dispositivo de un puerto para empezar con la red: antes de que las reglas de seguridad de grupo sean aplicadas. A race-condition flaw leading to ACL bypass was discovered in OpenStack Networking (neutron). An authenticated user could change the owner of a port after it was created but before firewall rules were applied, thus preventing firewall control checks from occurring. All OpenStack Networking deployments that used either the ML2 plug-in or a plug-in that relied on the security groups AMQP API were affected. • http://rhn.redhat.com/errata/RHSA-2015-1909.html http://www.openwall.com/lists/oss-security/2015/09/08/9 https://bugs.launchpad.net/neutron/+bug/1489111 https://bugzilla.redhat.com/show_bug.cgi?id=1258458 https://security.openstack.org/ossa/OSSA-2015-018.html https://access.redhat.com/security/cve/CVE-2015-5240 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-3280 – openstack-nova: Deleting instances in resize state fails
https://notcve.org/view.php?id=CVE-2015-3280
OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state. OpenStack Compute (nova) en versiones anteriores a 2014.2.4 (juno) y 2015.1.x en versiones anteriores a 2015.1.2 (kilo) no elimina adecuadamente casos desde los nodos de cómputo, lo que permite a usuarios remotos autenticados provocar una denegación de servicio (consumo del disco) borrando instancias cuando entra en el estado de cambio de tamaño. A flaw was found in the way OpenStack Compute (nova) handled the resize state. If an authenticated user deleted an instance while it was in the resize state, it could cause the original instance to not be deleted from the compute node it was running on, allowing the user to cause a denial of service. • http://rhn.redhat.com/errata/RHSA-2015-1898.html http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html http://www.securityfocus.com/bid/76553 https://launchpad.net/bugs/1392527 https://security.openstack.org/ossa/OSSA-2015-017.html https://access.redhat.com/security/cve/CVE-2015-3280 https://bugzilla.redhat.com/show_bug.cgi?id=1257942 • CWE-399: Resource Management Errors CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5286 – openstack-glance: Storage overrun by deleting images
https://notcve.org/view.php?id=CVE-2015-5286
OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a token that expires during the process. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9623. OpenStack Image Service (Glance) en versiones anteriores a 2014.2.4 (juno) y 2015.1.x en versiones anteriores a 2015.1.2 (kilo) permite a usuarios remotos autenticados eludir la cuota de almacenamiento y provocar una denegación de servicio (consumo de disco) borrando imágenes que han sido subidas utilizando un token que expira durante el proceso. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2014-9623. A race-condition flaw was discovered in the OpenStack Image service (glance). • http://rhn.redhat.com/errata/RHSA-2015-1897.html http://www.securityfocus.com/bid/76943 https://bugs.launchpad.net/bugs/1498163 https://security.openstack.org/ossa/OSSA-2015-020.html https://access.redhat.com/security/cve/CVE-2015-5286 https://bugzilla.redhat.com/show_bug.cgi?id=1267516 • CWE-264: Permissions, Privileges, and Access Controls CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5251 – openstack-glance allows illegal modification of image status
https://notcve.org/view.php?id=CVE-2015-5251
OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*. OpenStack Image Service (Glance) en versiones anteriores a 2014.2.4 (juno) y 2015.1.x en versiones anteriores 2015.1.2 (kilo) permiten a usuarios remotos autenticados cambiar el estado de sus imágenes y eludir las restricciones de acceso a través de la cabecera HTTP x-image-meta-status a images/*. A flaw was discovered in the OpenStack Image service (glance) where a tenant could manipulate the status of their images by submitting an HTTP PUT request together with an 'x-image-meta-status' header. A malicious tenant could exploit this flaw to reactivate disabled images, bypass storage quotas, and in some cases replace image contents (where they have owner access). Setups using the Image service's v1 API could allow the illegal modification of image status. • http://rhn.redhat.com/errata/RHSA-2015-1897.html https://bugs.launchpad.net/bugs/1482371 https://security.openstack.org/ossa/OSSA-2015-019.html https://access.redhat.com/security/cve/CVE-2015-5251 https://bugzilla.redhat.com/show_bug.cgi?id=1263511 • CWE-264: Permissions, Privileges, and Access Controls CWE-285: Improper Authorization •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5271 – openstack-tripleo-heat-templates: unsafe pipeline ordering of swift staticweb middleware
https://notcve.org/view.php?id=CVE-2015-5271
The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive information from private containers via unspecified vectors. Las plantillas TripleO Heat (tripleo-heat-templates) no ordena correctamente el Identity Service (keystone) en versiones anteriores al middleware de web estática OpenStack Object Storage (Swift) en el pipeline de swiftproxy cuando el middleware de web estática está habilitado, lo que podría permitir a atacantes remotos obtener información sensible de contenedores privados a través de vectores no especificados. A flaw was discovered in the pipeline ordering of OpenStack Object Storage's staticweb middleware in the swiftproxy configuration generated from the openstack-tripleo-heat-templates package (OpenStack director). The staticweb middleware was incorrectly configured before the Identity Service, and under some conditions an attacker could use this flaw to gain unauthenticated access to private data. • https://access.redhat.com/errata/RHSA-2015:1862 https://bugs.launchpad.net/tripleo/+bug/1494896 https://bugzilla.redhat.com/show_bug.cgi?id=1261697 https://launchpadlibrarian.net/217268516/CVE-2015-5271_puppet-swift.patch https://access.redhat.com/security/cve/CVE-2015-5271 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-285: Improper Authorization •