CVSS: 1.9EPSS: 0%CPEs: 1EXPL: 1CVE-2013-6384
https://notcve.org/view.php?id=CVE-2013-6384
(1) impl_db2.py and (2) impl_mongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to obtain sensitive information (the DB2 or MongoDB password) by reading the log file. (1) impl_db2.py y (2) impl_mongodb.py en OpenStack Ceilometer 2013.2 y anteriores, cuando el nivel de "logging" es igual a INFO, registra la cadena de conexión de ceilometer.conf, lo cual permite a usuarios locales obtener información sensible (la contraseña de DB2 o MongoDB) mediante la lectura del log. • http://www.openwall.com/lists/oss-security/2013/11/22/3 http://www.openwall.com/lists/oss-security/2013/11/25/3 https://bugs.launchpad.net/ceilometer/+bug/1244476 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-4354
https://notcve.org/view.php?id=CVE-2013-4354
The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image. El API anterior a 2,1 en OpenStack Image Registry and Delivery Service (Glance) hace que sea más fácil para los usuarios locales inyectar imágenes en inquilinos arbitrarios añadiendo el inquilino como un miembro de la imagen. • http://www.openwall.com/lists/oss-security/2013/09/19/2 http://www.openwall.com/lists/oss-security/2013/09/19/3 https://bugs.launchpad.net/glance/+bug/1226078 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2013-6858 – openstack: horizon multiple XSS vulnerabilities.
https://notcve.org/view.php?id=CVE-2013-6858
Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topology" page. Múltiples vulnerabilidades de XSS en OpenStack Dashboard (Horizon) 2013.2 y anteriores versiones permiten a usuarios locales inyectar script web o HTML arbitrario a través de un nombre de instancia en (1) "Volumes" o (2) "Network Topology". • http://lists.opensuse.org/opensuse-updates/2015-01/msg00040.html http://secunia.com/advisories/55770 http://secunia.com/advisories/56117 http://www.securityfocus.com/bid/63787 http://www.ubuntu.com/usn/USN-2062-1 https://bugs.launchpad.net/horizon/+bug/1247675 https://access.redhat.com/security/cve/CVE-2013-6858 https://bugzilla.redhat.com/show_bug.cgi?id=1034153 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0CVE-2013-4497 – openstack-nova: XenAPI security groups not kept through migrate or resize
https://notcve.org/view.php?id=CVE-2013-4497
The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions. El backend XenAPI en OpenStack Compute (Nova) Folsom, Grizzly, y Habana anterior a 2013.2 no se aplica correctamente los grupos de seguridad (1) al cambiar el tamaño de una imagen o (2) durante la migración en tiempo real, lo que permite a atacantes remotos evitar las restricciones previstas. • http://www.openwall.com/lists/oss-security/2013/11/03/2 http://www.openwall.com/lists/oss-security/2013/11/03/3 https://bugs.launchpad.net/nova/+bug/1073306 https://bugs.launchpad.net/nova/+bug/1202266 https://access.redhat.com/security/cve/CVE-2013-4497 https://bugzilla.redhat.com/show_bug.cgi?id=1026171 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 1CVE-2013-4477 – openstack-keystone: unintentional role granting with Keystone LDAP backend
https://notcve.org/view.php?id=CVE-2013-4477
The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges. El backend LDAP en OpenStack Identity (Keystone) Grizzly y Habana, cuando al retirar un rol de un inquilino para un usuario que no tiene esa función, añade el role al usuario, lo que permite a usuarios locales conseguir privilegios. • http://rhn.redhat.com/errata/RHSA-2014-0113.html http://www.openwall.com/lists/oss-security/2013/10/30/6 http://www.ubuntu.com/usn/USN-2034-1 https://bugs.launchpad.net/keystone/+bug/1242855 https://access.redhat.com/security/cve/CVE-2013-4477 https://bugzilla.redhat.com/show_bug.cgi?id=1024401 • CWE-264: Permissions, Privileges, and Access Controls •