CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3585
https://notcve.org/view.php?id=CVE-2021-3585
A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager. Se ha encontrado un fallo en openstack-tripleo-heat-templates. Las contraseñas simples de RHSM se presentan en los registros durante el despliegue de OSP13 con subscription-manager. • https://access.redhat.com/security/cve/CVE-2021-3585 https://bugs.launchpad.net/tripleo/+bug/1931132 https://bugzilla.redhat.com/show_bug.cgi?id=1961709 https://bugzilla.redhat.com/show_bug.cgi?id=1968247 https://review.opendev.org/c/openstack/tripleo-heat-templates/+/791988 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.4EPSS: 0%CPEs: 7EXPL: 3CVE-2021-3563
https://notcve.org/view.php?id=CVE-2021-3563
A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity. Se ha encontrado un fallo en openstack-keystone. Sólo son verificados los primeros 72 caracteres del secreto de una aplicación, lo que permite a atacantes omitir determinada complejidad de las contraseñas con la que pueden contar los administradores. • https://access.redhat.com/security/cve/CVE-2021-3563 https://bugs.launchpad.net/ossa/+bug/1901891 https://bugzilla.redhat.com/show_bug.cgi?id=1962908 https://lists.debian.org/debian-lts-announce/2024/01/msg00007.html https://security-tracker.debian.org/tracker/CVE-2021-3563 • CWE-863: Incorrect Authorization •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 1CVE-2022-37394 – openstack-nova: Compute service fails to restart if the vnic_type of a bound port changed from direct to macvtap
https://notcve.org/view.php?id=CVE-2022-37394
An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnic_type, creating an instance bound to that port, and then changing the vnic_type of the bound port to macvtap, an authenticated user may cause the compute service to fail to restart, resulting in a possible denial of service. Only Nova deployments configured with SR-IOV are affected. Se ha detectado un problema en OpenStack Nova versiones anteriores a 23.2.2, 24.x anteriores a 24.1.2 y 25.x anteriores a 25.0.2. Al crear un puerto de neutrones con el vnic_type directo, crear una instancia vinculada a ese puerto y luego cambiar el vnic_type del puerto vinculado a macvtap, un usuario autenticado puede causar que el servicio de computación no sea reiniciado, resultando en una posible denegación de servicio. • https://bugs.launchpad.net/ossa/+bug/1981813 https://review.opendev.org/c/openstack/nova/+/849985 https://review.opendev.org/c/openstack/nova/+/850003 https://access.redhat.com/security/cve/CVE-2022-37394 https://bugzilla.redhat.com/show_bug.cgi?id=2117333 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2022-23452 – openstack-barbican: Barbican allows anyone with an admin role to add their secrets to a different project's containers
https://notcve.org/view.php?id=CVE-2022-23452
An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service. Se ha encontrado un fallo de autorización en openstack-barbican, donde cualquier persona con un rol de administrador puede añadir secretos a un contenedor de proyecto diferente. Este fallo permite a un atacante en la red consumir recursos protegidos y causar una denegación de servicio • https://access.redhat.com/security/cve/CVE-2022-23452 https://bugzilla.redhat.com/show_bug.cgi?id=2022908 https://bugzilla.redhat.com/show_bug.cgi?id=2025090 https://review.opendev.org/c/openstack/barbican/+/814200 https://storyboard.openstack.org/#%21/story/2009297 • CWE-863: Incorrect Authorization •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-23451 – openstack-barbican: Barbican allows authenticated users to add/modify/delete arbitrary metadata on any secret
https://notcve.org/view.php?id=CVE-2022-23451
An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources. Se ha encontrado un fallo de autorización en openstack-barbican. Las reglas de política por defecto para la API de metadatos secretos permitían a cualquier usuario autenticado añadir, modificar o eliminar metadatos de cualquier secreto independientemente de su propiedad. • https://access.redhat.com/security/cve/CVE-2022-23451 https://bugzilla.redhat.com/show_bug.cgi?id=2022878 https://bugzilla.redhat.com/show_bug.cgi?id=2025089 https://review.opendev.org/c/openstack/barbican/+/811236 https://storyboard.openstack.org/#%21/story/2009253 • CWE-863: Incorrect Authorization •