CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2016-6519 – openstack-manila-ui: persistent XSS in metadata field
https://notcve.org/view.php?id=CVE-2016-6519
Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form. La vulnerabilidad XSS en la vista general de los "Shares" en Openstack Manila en versiones anteriores a 2.5.1 permite a usuarios no autenticados inyectar secuencias de comandos web o HTML arbitrarios a través del campo Metadata en el formulario "Create Share". A cross-site scripting flaw was discovered in openstack-manila-ui's Metadata field contained in its "Create Share" form. A user could inject malicious HTML/JavaScript code that would then be reflected in the "Shares" overview. Remote, authenticated, but unprivileged users could exploit this vulnerability to steal session cookies and escalate their privileges. • http://rhn.redhat.com/errata/RHSA-2016-2115.html http://rhn.redhat.com/errata/RHSA-2016-2116.html http://rhn.redhat.com/errata/RHSA-2016-2117.html http://www.openwall.com/lists/oss-security/2016/09/15/7 http://www.securityfocus.com/bid/93001 https://bugs.launchpad.net/manila-ui/+bug/1597738 https://bugzilla.redhat.com/show_bug.cgi?id=1375147 https://access.redhat.com/security/cve/CVE-2016-6519 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 11EXPL: 0CVE-2016-4428 – python-django-horizon: XSS in client side template
https://notcve.org/view.php?id=CVE-2016-4428
Cross-site scripting (XSS) vulnerability in OpenStack Dashboard (Horizon) 8.0.1 and earlier and 9.0.0 through 9.0.1 allows remote authenticated users to inject arbitrary web script or HTML by injecting an AngularJS template in a dashboard form. Vulnerabilidad de XSS en OpenStack Dashboard (Horizon) 8.0.1 y versiones anteriores y 9.0.0 hasta la versión 9.0.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrario inyectando una plantilla AngularJS en un formulario del cuadro de mandos. A DOM-based, cross-site scripting vulnerability was found in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form (for example, using an image's description), triggering the vulnerability when another user browsed the affected page. As a result, this flaw could result in user accounts being compromised (for example, user-access credentials being stolen). • http://www.debian.org/security/2016/dsa-3617 http://www.openwall.com/lists/oss-security/2016/06/17/4 https://access.redhat.com/errata/RHSA-2016:1268 https://access.redhat.com/errata/RHSA-2016:1269 https://access.redhat.com/errata/RHSA-2016:1270 https://access.redhat.com/errata/RHSA-2016:1271 https://access.redhat.com/errata/RHSA-2016:1272 https://bugs.launchpad.net/horizon/+bug/1567673 https://review.openstack.org/329996 https://review.openstack.org/329997 https&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2015-5295 – openstack-heat: Vulnerability in Heat template validation leading to DoS
https://notcve.org/view.php?id=CVE-2015-5295
The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory consumption) or determine the existence of local files via the resource type in a template, as demonstrated by file:///dev/zero. El comando template-validate en OpenStack Orchestration API (Heat) en versiones anteriores a 2015.1.3 (kilo) y 5.0.x en versiones anteriores a 5.0.1 (liberty) permite a usuarios remotos autenticados provocar una denegación de servicio (consumo de memoria) o determinar la existencia de archivos locales a través del tipo de recurso en una plantilla, según lo demostrado por el archivo:///dev/zero. A vulnerability was discovered in the OpenStack Orchestration service (heat), where a specially formatted template could be used to trick the heat-engine service into opening a local file. Although the file contents are never disclosed to the end user, an OpenStack-authenticated attacker could use this flaw to cause a denial of service or determine whether a given file name is present on the server. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176700.html http://rhn.redhat.com/errata/RHSA-2016-0266.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/81438 https://bugs.launchpad.net/heat/+bug/1496277 https://security.openstack.org/ossa/OSSA-2016-003.html https://access.redhat.com/security/cve/CVE-2015-5295 https://bugzilla.redhat.com/show_bug.cgi?id=1298295 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-5271 – openstack-tripleo-heat-templates: unsafe pipeline ordering of swift staticweb middleware
https://notcve.org/view.php?id=CVE-2015-5271
The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive information from private containers via unspecified vectors. Las plantillas TripleO Heat (tripleo-heat-templates) no ordena correctamente el Identity Service (keystone) en versiones anteriores al middleware de web estática OpenStack Object Storage (Swift) en el pipeline de swiftproxy cuando el middleware de web estática está habilitado, lo que podría permitir a atacantes remotos obtener información sensible de contenedores privados a través de vectores no especificados. A flaw was discovered in the pipeline ordering of OpenStack Object Storage's staticweb middleware in the swiftproxy configuration generated from the openstack-tripleo-heat-templates package (OpenStack director). The staticweb middleware was incorrectly configured before the Identity Service, and under some conditions an attacker could use this flaw to gain unauthenticated access to private data. • https://access.redhat.com/errata/RHSA-2015:1862 https://bugs.launchpad.net/tripleo/+bug/1494896 https://bugzilla.redhat.com/show_bug.cgi?id=1261697 https://launchpadlibrarian.net/217268516/CVE-2015-5271_puppet-swift.patch https://access.redhat.com/security/cve/CVE-2015-5271 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-285: Improper Authorization •
CVSS: 4.0EPSS: 1%CPEs: 6EXPL: 1CVE-2014-9623 – openstack-glance: user storage quota bypass
https://notcve.org/view.php?id=CVE-2014-9623
OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state. OpenStack Glance 2014.2.x hasta la versión 2014.2.1, 2014.1.3 y versiones anteriores permite a usuarios remotos autenticados eludir la cuota de almacenamiento y causar una denegación de servicio (consumo de disco) mediante el borrado de una imagen en el estado de ahorro. A storage quota bypass flaw was found in OpenStack Image (glance). If an image was deleted while it was being uploaded, it would not count towards a user's quota. A malicious user could use this flaw to deliberately fill the backing store, and cause a denial of service. • http://rhn.redhat.com/errata/RHSA-2015-0644.html http://rhn.redhat.com/errata/RHSA-2015-0837.html http://rhn.redhat.com/errata/RHSA-2015-0838.html http://secunia.com/advisories/62165 http://www.openwall.com/lists/oss-security/2015/01/18/4 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html https://bugs.launchpad.net/glance/+bug/1383973 https://bugs.launchpad.net/glance/+bug/1398830 https://security.openstack.org/ossa/OSSA-2015-003.html https • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •