CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1655 – OpenStack: Horizon session cookies are not flagged HttpOnly
https://notcve.org/view.php?id=CVE-2022-1655
An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confidentiality and integrity. Se ha encontrado un fallo de Asignación Incorrecta de Permisos para Recursos Críticos en Horizon en Red Hat OpenStack. Las cookies de sesión de Horizon son creadas sin el flag HttpOnly a pesar de que HorizonSecureCookies está configurado como true en los archivos de entorno, conllevando posiblemente a una pérdida de confidencialidad e integridad • https://access.redhat.com/security/cve/cve-2022-1655 https://access.redhat.com/security/cve/CVE-2022-1655 https://bugzilla.redhat.com/show_bug.cgi?id=2075681 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-23451 – openstack-barbican: Barbican allows authenticated users to add/modify/delete arbitrary metadata on any secret
https://notcve.org/view.php?id=CVE-2022-23451
An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources. Se ha encontrado un fallo de autorización en openstack-barbican. Las reglas de política por defecto para la API de metadatos secretos permitían a cualquier usuario autenticado añadir, modificar o eliminar metadatos de cualquier secreto independientemente de su propiedad. • https://access.redhat.com/security/cve/CVE-2022-23451 https://bugzilla.redhat.com/show_bug.cgi?id=2022878 https://bugzilla.redhat.com/show_bug.cgi?id=2025089 https://review.opendev.org/c/openstack/barbican/+/811236 https://storyboard.openstack.org/#%21/story/2009253 • CWE-863: Incorrect Authorization •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-4180 – openstack-tripleo-heat-templates: data leak of internal URL through keystone_authtoken
https://notcve.org/view.php?id=CVE-2021-4180
An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would give sensitive information which may aid in additional system exploitation. This flaw affects openstack-tripleo-heat-templates versions prior to 11.6.1. Un fallo de exposición de información en openstack-tripleo-heat-templates permite a un usuario externo detectar la IP interna o el nombre de host. • https://bugzilla.redhat.com/show_bug.cgi?id=2035793 https://access.redhat.com/security/cve/CVE-2021-4180 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.1EPSS: 92%CPEs: 5EXPL: 1CVE-2021-3654 – openstack-nova: novnc allows open redirection
https://notcve.org/view.php?id=CVE-2021-3654
A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL. Se ha encontrado una vulnerabilidad en el proxy de consola de openstack-nova, noVNC. Mediante el diseño de una URL maliciosa, noVNC puede ser redirigido a cualquier URL deseada A vulnerability was found in CPython which is used by openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL. • https://bugs.launchpad.net/nova/+bug/1927677 https://bugs.python.org/issue32084 https://bugzilla.redhat.com/show_bug.cgi?id=1961439 https://opendev.org/openstack/nova/commit/04d48527b62a35d912f93bc75613a6cca606df66 https://opendev.org/openstack/nova/commit/8906552cfc2525a44251d4cf313ece61e57251eb https://security.gentoo.org/glsa/202305-02 https://security.openstack.org/ossa/OSSA-2021-002.html https://www.openwall.com/lists/oss-security/2021/07/29/2 https://access.redhat.com/security/cve/CVE-2021- • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.5EPSS: 0%CPEs: 44EXPL: 0CVE-2020-25717 – samba: Active Directory (AD) domain user could become root on domain members
https://notcve.org/view.php?id=CVE-2020-25717
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. Se encontró un fallo en la forma en que Samba mapea usuarios del dominio a usuarios locales. Un atacante autenticado podría usar este fallo para causar una posible escalada de privilegios • https://bugzilla.redhat.com/show_bug.cgi?id=2019672 https://security.gentoo.org/glsa/202309-06 https://www.samba.org/samba/security/CVE-2020-25717.html https://access.redhat.com/security/cve/CVE-2020-25717 • CWE-20: Improper Input Validation •