CVSS: 5.9EPSS: 0%CPEs: 12EXPL: 0CVE-2017-7543 – openstack-neutron: iptables not active after update
https://notcve.org/view.php?id=CVE-2017-7543
A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. The race was only triggered by an update, at which point an attacker could access exposed tenant VMs and network resources. Se ha descubierto una condición de carrera en openstack-neutron en versiones anteriores a la 7.2.0-12.1, 8.x anteriores a la 8.3.0-11.1, 9.x anteriores a la 9.3.1-2.1 y 10.x anteriores a la 10.0.2-1.1, cuando, siguiendo a una actualización overcloud menor, los grupos de seguridad neutron estaban deshabilitados. De manera específica, lo siguiente se ha reiniciado a 0: net.bridge.bridge-nf-call-ip6tables y net.bridge.bridge-nf-call-iptables. • http://www.securityfocus.com/bid/100237 https://access.redhat.com/errata/RHSA-2017:2447 https://access.redhat.com/errata/RHSA-2017:2448 https://access.redhat.com/errata/RHSA-2017:2449 https://access.redhat.com/errata/RHSA-2017:2450 https://access.redhat.com/errata/RHSA-2017:2451 https://access.redhat.com/errata/RHSA-2017:2452 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7543 https://access.redhat.com/security/cve/CVE-2017-7543 https://bugzilla.redhat.com/sh • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2017-2621 – openstack-heat: /var/log/heat/ is world readable
https://notcve.org/view.php?id=CVE-2017-2621
An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information. Se ha encontrado un fallo de control de acceso en OpenStack Orchestration (heat) en versiones anteriores a la 8.0.0, 6.1.0 y 7.0.2, en el que un directorio de registro de servicio se hacía legible para todos los usuarios de manera incorrecta. Un usuario malicioso del sistema podría explotar esta vulnerabilidad para acceder a información confidencial. An access-control flaw was found in the OpenStack Orchestration (heat) service where a service log directory was improperly made world readable. • http://www.securityfocus.com/bid/96280 https://access.redhat.com/errata/RHSA-2017:1243 https://access.redhat.com/errata/RHSA-2017:1464 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2621 https://access.redhat.com/security/cve/CVE-2017-2621 https://bugzilla.redhat.com/show_bug.cgi?id=1420990 • CWE-532: Insertion of Sensitive Information into Log File CWE-552: Files or Directories Accessible to External Parties •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2016-9590 – puppet-swift: installs config file with world readable permissions
https://notcve.org/view.php?id=CVE-2016-9590
puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage (swift). During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions. puppet-swift en versiones anteriores a la 8.2.1 y 9.4.4 es vulnerable a la divulgación de información en la instalación de Object Storage (swift) de Red Hat OpenStack Platform director. Durante la instalación, el script Puppet responsable de desplegar el servicio elimina y recrea incorrectamente el archivo proxy-server.conf con permisos de lectura globales. An information-disclosure flaw was discovered in Red Hat OpenStack Platform director's installation of Object Storage (swift). During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions. • http://rhn.redhat.com/errata/RHSA-2017-0200.html http://rhn.redhat.com/errata/RHSA-2017-0359.html http://rhn.redhat.com/errata/RHSA-2017-0361.html http://www.securityfocus.com/bid/95448 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9590 https://access.redhat.com/security/cve/CVE-2016-9590 https://bugzilla.redhat.com/show_bug.cgi?id=1410293 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-9599 – puppet-tripleo: if ssl is enabled, traffic is open on both undercloud and overcloud
https://notcve.org/view.php?id=CVE-2016-9599
puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gain access to unauthorized resources. puppet-tripleo, en versiones anteriores a la 5.5.0 y la 6.2.0, es vulnerable a un error de control de acceso en la gestión de reglas IPtables, que permite la creación de reglas TCP/UDP con valores de puerto vacíos. Si SSL está habilitado, un usuario malicioso podría emplear estos puertos abiertos para obtener acceso a recursos no autorizados. • http://rhn.redhat.com/errata/RHSA-2017-0025.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9599 https://access.redhat.com/security/cve/CVE-2016-9599 https://bugzilla.redhat.com/show_bug.cgi?id=1409687 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2016-6829
https://notcve.org/view.php?id=CVE-2016-6829
The trove service user in (1) Openstack deployment (aka crowbar-openstack) and (2) Trove Barclamp (aka barclamp-trove and crowbar-barclamp-trove) in the Crowbar Framework has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors. El servicio de usuario de trove en (1) la implementación Openstack (también conocido como crowbar-openstack) y (2) Trove Barclamp (también conocido como barclamp-trove y crowbar-barclamp-trove) en el Crowbar Framework tiene una contraseña por defecto, lo que hace más fácil a atacantes remotos obtener acceso a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2016/08/16/1 http://www.openwall.com/lists/oss-security/2016/08/18/9 http://www.securityfocus.com/bid/92476 https://github.com/crowbar/barclamp-trove/commit/932298f250365fed6963700870e52db3a7a32daa https://github.com/crowbar/crowbar-openstack/commit/208230bdfbcb19d062149d083b1a66b429516a69 https://www.suse.com/security/cve//CVE-2016-6829.html • CWE-798: Use of Hard-coded Credentials •