CVE-2021-38598
https://notcve.org/view.php?id=CVE-2021-38598
OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the hardware addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations. OpenStack Neutron versiones anteriores a 16.4.1, 17.x versiones anteriores a 17.1.3 y 18.0.0, permite una suplantación de direcciones de hardware cuando es usado el controlador linuxbridge con ebtables-nft en una plataforma basada en Netfilter. Mediante el envío de paquetes cuidadosamente diseñados, cualquier persona que controle una instancia de servidor conectada al conmutador virtual puede suplantar las direcciones de hardware de otros sistemas en la red, resultando en una denegación de servicio o, en algunos casos, a una posible interceptación del tráfico previsto para otros destinos. • https://launchpad.net/bugs/1938670 • CWE-290: Authentication Bypass by Spoofing •
CVE-2021-38155
https://notcve.org/view.php?id=CVE-2021-38155
OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). By guessing the name of an account and failing to authenticate multiple times, any unauthenticated actor could both confirm the account exists and obtain that account's corresponding UUID, which might be leveraged for other unrelated attacks. All deployments enabling security_compliance.lockout_failure_attempts are affected. OpenStack Keystone versiones 10.x hasta 16.x anteriores a 16.0.2, versiones 17.x anteriores a 17.0.1, versiones 18.x anteriores a 18.0.1 y versiones 19.x anteriores a 19.0.1, permite una divulgación de información durante el bloqueo de cuentas (relacionado con las características de PCI DSS). Al adivinar el nombre de una cuenta y fallando en la autenticación múltiples veces, cualquier actor no autenticado podría tanto confirmar que la cuenta se presenta y obtener el UUID correspondiente de esa cuenta, que podría ser aprovechado para otros ataques no relacionados. • http://www.openwall.com/lists/oss-security/2021/08/10/5 https://launchpad.net/bugs/1688137 https://lists.debian.org/debian-lts-announce/2024/01/msg00007.html https://security.openstack.org/ossa/OSSA-2021-003.html • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVE-2017-8761
https://notcve.org/view.php?id=CVE-2017-8761
In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected. En OpenStack Swift versiones hasta 2.10.1, versiones 2.11.0 hasta 2.13.0 y la versión 2.14.0, el servidor proxy registra las rutas tempurl completas, potencialmente filtrando firmas tempurl reutilizables a cualquiera que tenga acceso a estos registros. Todas las implantaciones de Swift que usen el middleware tempurl están afectadas • https://launchpad.net/bugs/1685798 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2021-20267
https://notcve.org/view.php?id=CVE-2021-20267
A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations. Only deployments using the Open vSwitch driver are affected. Source: OpenStack project. Versions before openstack-neutron 15.3.3, openstack-neutron 16.3.1 and openstack-neutron 17.1.1 are affected. • https://bugzilla.redhat.com/show_bug.cgi?id=1934330 https://security.openstack.org/ossa/OSSA-2021-001.html • CWE-345: Insufficient Verification of Data Authenticity •
CVE-2020-29565 – python-django-horizon: dashboard allows open redirect
https://notcve.org/view.php?id=CVE-2020-29565
An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provided malicious URL. Se detectó un problema en OpenStack Horizon versiones 15.3.2, versiones 16.x anteriores a 16.2.1, versiones 17.x y versiones 18.x anteriores a 18.3.3, versiones 18.4.x y 18.5.x. Se presenta una falta de comprobación del parámetro "next", lo que permitiría a alguien proporcionar una URL maliciosa en Horizon que puede causar un redireccionamiento automático a la URL maliciosa proporcionada A flaw was found in python-django-horizon. The "next" parameter is not correctly validated allowing a remote attacker to supply a malicious URL in the dashboard that could cause an automatic redirect to the provided malicious site. • http://www.openwall.com/lists/oss-security/2020/12/08/2 https://bugs.launchpad.net/horizon/+bug/1865026 https://review.opendev.org/c/openstack/horizon/+/758841 https://review.opendev.org/c/openstack/horizon/+/758843 https://security.openstack.org/ossa/OSSA-2020-008.html https://www.debian.org/security/2020/dsa-4820 https://access.redhat.com/security/cve/CVE-2020-29565 https://bugzilla.redhat.com/show_bug.cgi?id=1811510 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •