CVSS: 7.6EPSS: 0%CPEs: 6EXPL: 1CVE-2021-40085 – openstack-neutron: arbitrary dnsmasq reconfiguration via extra_dhcp_opts
https://notcve.org/view.php?id=CVE-2021-40085
31 Aug 2021 — An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value. Se ha detectado un problema en OpenStack Neutron versiones anteriores a 16.4.1, 17.x versiones anteriores a 17.2.1 y 18.x versiones anteriores a 18.1.1. Unos atacantes autenticados pueden reconfigurar dnsmasq por medio de un valor extra_dhcp_opts diseñado An input-validation flaw was found in openstack-neutron, where an a... • http://www.openwall.com/lists/oss-security/2021/08/31/2 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 1CVE-2021-38598 – Ubuntu Security Notice USN-6067-1
https://notcve.org/view.php?id=CVE-2021-38598
23 Aug 2021 — OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the hardware addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations. OpenStack Neutron versiones an... • https://launchpad.net/bugs/1938670 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-38155
https://notcve.org/view.php?id=CVE-2021-38155
06 Aug 2021 — OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). By guessing the name of an account and failing to authenticate multiple times, any unauthenticated actor could both confirm the account exists and obtain that account's corresponding UUID, which might be leveraged for other unrelated attacks. All deployments enabling security_compliance.lockout_failure_attempts ... • http://www.openwall.com/lists/oss-security/2021/08/10/5 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2017-8761
https://notcve.org/view.php?id=CVE-2017-8761
02 Jun 2021 — In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected. En OpenStack Swift versiones hasta 2.10.1, versiones 2.11.0 hasta 2.13.0 y la versión 2.14.0, el servidor proxy registra las rutas tempurl completas, potencialmente filtrando firmas tempurl reutilizables a cualquiera que tenga acceso a estos reg... • https://launchpad.net/bugs/1685798 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2021-20267 – Ubuntu Security Notice USN-6067-1
https://notcve.org/view.php?id=CVE-2021-20267
28 May 2021 — A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations. Only deployments using the Open vSwitch driver are affected. Source: OpenStack project. Versions before openstack-neutron 15.3.3, openstack-neut... • https://bugzilla.redhat.com/show_bug.cgi?id=1934330 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 1CVE-2020-29565 – python-django-horizon: dashboard allows open redirect
https://notcve.org/view.php?id=CVE-2020-29565
04 Dec 2020 — An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provided malicious URL. Se detectó un problema en OpenStack Horizon versiones 15.3.2, versiones 16.x anteriores a 16.2.1, versiones 17.x y versiones 18.x anteriores a 18.3.3, versiones 18.4.x y 18.5.x. Se presenta un... • http://www.openwall.com/lists/oss-security/2020/12/08/2 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.9EPSS: 1%CPEs: 3EXPL: 0CVE-2020-26943
https://notcve.org/view.php?id=CVE-2020-26943
16 Oct 2020 — An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under (because the Python eval function is used). This may result in Horizon host unauthorized access and further compromise of the Horizon service. All setups using the Horizon dashboard with the blazar-dashboard plugin are affected. Se detectó un problema en OpenStack blazar-dashboa... • http://www.openwall.com/lists/oss-security/2020/10/16/5 •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 1CVE-2020-17376 – openstack-nova: Soft reboot after live-migration reverts instance to original source domain XML
https://notcve.org/view.php?id=CVE-2020-17376
26 Aug 2020 — An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployments allowing h... • http://www.openwall.com/lists/oss-security/2020/08/25/4 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-12689 – openstack-keystone: EC2 and credential endpoints are not protected from a scoped context
https://notcve.org/view.php?id=CVE-2020-12689
06 May 2020 — An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges. Se detectó un problema en OpenStack Keystone en versione... • http://www.openwall.com/lists/oss-security/2020/05/07/2 • CWE-269: Improper Privilege Management CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-12690 – openstack-keystone: OAuth1 request token authorize silently ignores roles parameter
https://notcve.org/view.php?id=CVE-2020-12690
06 May 2020 — An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. This results in the provided keystone token having more role assignments than the creator intended, possibly giving unintended escalated access. Se detectó un problema en OpenStack Keystone versiones anteriores a 15.0... • http://www.openwall.com/lists/oss-security/2020/05/07/3 • CWE-613: Insufficient Session Expiration CWE-863: Incorrect Authorization •