CVE-2012-2144
https://notcve.org/view.php?id=CVE-2012-2144
Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie. Vulnerabilidad de fijación de sesión en OpenStack Dashboard (Horizon) Folsom-1 y v2012.1 permite a atacantes remotos secuestrar sesiones web a través de la cookie SessionID. • http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081173.html http://secunia.com/advisories/49024 http://secunia.com/advisories/49071 http://ubuntu.com/usn/usn-1439-1 http://www.openwall.com/lists/oss-security/2012/05/05/1 http://www.osvdb.org/81741 http://www.securityfocus.com/bid/53399 https://bugs.launchpad.net/horizon/+bug/978896 https://exchange.xforce.ibmcloud.com/vulnerabilities/75423 https://github.com/openstack/horizon/commit/041b1c44c7d6cf5429505067c32f8f35 •
CVE-2012-2101
https://notcve.org/view.php?id=CVE-2012-2101
Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request that triggers a large number of iptables rules. Openstack Compute (Nova) Folsom v2012.1 y v2011.3 no limitan el número de reglas de seguridad del grupo, lo que permite causar una denegación de servicio (excesivo consumo de CPU y de disco duro) a usuarios remotos autenticados con determinados permisos a través de una solicitud de red que provoca una gran número de reglas de iptables. • http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079434.html http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079551.html http://secunia.com/advisories/49034 http://secunia.com/advisories/49048 http://ubuntu.com/usn/usn-1438-1 http://www.osvdb.org/81641 https://bugs.launchpad.net/nova/+bug/969545 https://exchange.xforce.ibmcloud.com/vulnerabilities/75243 https://github.com/openstack/nova/commit/1f644d210557b1254f7c7b39424b09a45329ade7 https://github.com/opens • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-1585
https://notcve.org/view.php?id=CVE-2012-1585
OpenStack Compute (Nova) Essex before 2011.3 allows remote authenticated users to cause a denial of service (Nova-API log file and disk consumption) via a long server name. OpenStack Compute (Nova) Essex antes de v2011.3 permite a usuarios remotos autenticados provocar una denegación de servicio (por consumo de disco al actualizar el fichero de log de Nova-API) a través de un nombre de servidor demasiado largo. • http://lwn.net/Alerts/491298 http://osdir.com/ml/openstack-cloud-computing/2012-03/msg01133.html https://bugs.launchpad.net/nova/+bug/962515 • CWE-399: Resource Management Errors •
CVE-2012-0030
https://notcve.org/view.php?id=CVE-2012-0030
Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter. Nova v2011.3 y Essex, cuando usan la API OpenStack, permite a usuarios remotos autenticados eludir las restricciones de acceso mediante una solicitud con un parámetro URI project_id modificado. • http://secunia.com/advisories/47543 http://www.securityfocus.com/bid/51370 http://www.ubuntu.com/usn/USN-1326-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/72296 https://github.com/openstack/nova/commit/3d4ffb64f1e18117240c26809788528979e3bd15#diff-0 https://lists.launchpad.net/openstack/msg06648.html • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2011-4596
https://notcve.org/view.php?id=CVE-2011-4596
Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball or (2) manifest. Múltiples vulnerabilidades de salto de directorio en OpenStack Nova anterior a v2011.3.1, cuando el EC2 API y el método S3/RegisterImage image-registration están habilitados, cuando está habilitado register_globals, permite que usuarios remotos autenticados sobrescriban archivos arbitrarios a través de una (1) tarball o (2) manifest manipulado. • https://bugs.launchpad.net/nova/+bug/885167 https://bugs.launchpad.net/nova/+bug/894755 https://github.com/openstack/nova/commit/76363226bd8533256f7795bba358d7f4b8a6c9e6 https://github.com/openstack/nova/commit/ad3241929ea00569c74505ed002208ce360c667e https://lists.launchpad.net/openstack/msg06105.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •