CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2015-1851 – openstack-cinder: Host file disclosure through qcow2 backing file
https://notcve.org/view.php?id=CVE-2015-1851
OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote authenticated users to read arbitrary files via a crafted qcow2 signature in an image to the upload-to-image command. OpenStack Cinder anterior a 2014.1.5 (icehouse), 2014.2.x anterior a 2014.2.4 (juno), y 2015.1.x anterior a 2015.1.1 (kilo) permite a usuarios remotos autenticados leer ficheros arbitrarios a través de una firma qcow2 manipulada en una imagen en el comando 'subir a imagen' (upload-to-image). A flaw was found in the OpenStack Block Storage (cinder) upload-to-image functionality. When processing a malicious qcow2 header, cinder could be tricked into reading an arbitrary file from the cinder host. • http://lists.openstack.org/pipermail/openstack-announce/2015-June/000367.html http://rhn.redhat.com/errata/RHSA-2015-1206.html http://www.debian.org/security/2015/dsa-3292 http://www.openwall.com/lists/oss-security/2015/06/13/1 http://www.openwall.com/lists/oss-security/2015/06/17/2 http://www.openwall.com/lists/oss-security/2015/06/17/7 http://www.ubuntu.com/usn/USN-2703-1 https://bugs.launchpad.net/cinder/+bug/1415087 https://access.redhat.com/sec • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-3988 – python-django-horizon: persistent XSS in Horizon metadata dashboard
https://notcve.org/view.php?id=CVE-2015-3988
Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance image, (2) Nova flavor or (3) Host Aggregate. Múltiples vulnerabilidades de XSS en OpenStack Dashboard (Horizon) 2015.1.0 permiten a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través de los metadatos en (1) una imagen Glance, (2) un sabor Nova o (3) Host Aggregate. A flaw was discovered in the OpenStack dashboard (horizon) handling of metadata. Potentially untrusted data was displayed from OpenStack Image service (glance) images, OpenStack Compute (nova) flavors, or host aggregates without correct sanitization. The flaw could be used by an authenticated user to conduct an XSS attack. • http://rhn.redhat.com/errata/RHSA-2015-1679.html http://www.openwall.com/lists/oss-security/2015/05/12/9 http://www.openwall.com/lists/oss-security/2015/05/14/14 http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html http://www.securityfocus.com/bid/74666 https://security.openstack.org/ossa/OSSA-2015-009.html https://access.redhat.com/security/cve/CVE-2015-3988 https://bugzilla.redhat.com/show_bug.cgi?id=1222871 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2015-3646
https://notcve.org/view.php?id=CVE-2015-3646
OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs. OpenStack Identity (Keystone) anterior a 2014.1.5 y 2014.2.x anterior a 2014.2.4 registra el contenido de la opción de configuración backend_argument, lo que permite a usuarios remotos autenticados obtener contraseñas y otra información sensible de backends mediante la lectura de los registros Keystone. • http://lists.openstack.org/pipermail/openstack-announce/2015-May/000356.html http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.securityfocus.com/bid/74456 https://bugs.launchpad.net/keystone/+bug/1443598 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2015-1856 – Swift: unauthorized deletion of versioned Swift object
https://notcve.org/view.php?id=CVE-2015-1856
OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container. OpenStack Object Storage (Swift) anterior a 2.3.0, cuando allow_version está configurado, permite a usuarios remotos autenticados eliminar la última versión de un objeto mediante el aprovechamiento del acceso listado al contenedor de la localización de versiones x. A flaw was found in OpenStack Object Storage that could allow an authenticated user to delete the most recent version of a versioned object regardless of ownership. To exploit this flaw, an attacker must know the name of the object and have listing access to the x-versions-location container. • http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163113.html http://lists.openstack.org/pipermail/openstack-announce/2015-April/000349.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html http://rhn.redhat.com/errata/RHSA-2015-1681.html http://rhn.redhat.com/errata/RHSA-2015-1684.html http://rhn.redhat.com/errata/RHSA-2015-1845.html http://rhn.redhat.com/errata/RHSA-2015-1846.html http://www.oracle.com/technetwork/topics/security/bulletinapr • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2015-1852 – keystonemiddleware/keystoneclient: S3Token TLS cert verification option not honored
https://notcve.org/view.php?id=CVE-2015-1852
The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate, a different vulnerability than CVE-2014-7144. El middleware s3_token en OpenStack keystonemiddleware anterior a 1.6.0 y python-keystoneclient anterior a 1.4.0 deshabilita la verificación de certificados cuando la opción 'inseguro' esté configurada en un fichero de configuración paste (paste.ini) independientemente de su valor, lo que permite a atacantes remotos realizar ataques man-in-the-middle a través de un certificado manipulado, una vulnerabilidad diferente a CVE-2014-7144. It was discovered that some items in the S3Token paste configuration as used by python-keystonemiddleware (formerly python-keystoneclient) were incorrectly evaluated as strings, an issue similar to CVE-2014-7144. If the "insecure" option were set to "false", the option would be evaluated as true, resulting in TLS connections being vulnerable to man-in-the-middle attacks. Note: the "insecure" option defaults to false, so setups that do not specifically define "insecure=false" are not affected. • http://lists.openstack.org/pipermail/openstack-announce/2015-April/000350.html http://rhn.redhat.com/errata/RHSA-2015-1677.html http://rhn.redhat.com/errata/RHSA-2015-1685.html http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.securityfocus.com/bid/74187 http://www.ubuntu.com/usn/USN-2705-1 https://bugs.launchpad.net/keystonemiddleware/+bug/1411063 https://access.redhat.com/security/cve/CVE-2015-1852 https://bugzilla.redhat.com/show_bug.cg • CWE-17: DEPRECATED: Code CWE-295: Improper Certificate Validation •