CVE-2023-32551 – Landscape Open Redirect
https://notcve.org/view.php?id=CVE-2023-32551
Landscape allowed URLs which caused open redirection. • https://bugs.launchpad.net/landscape/+bug/1929620 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2023-32550 – Landscape's Apache server-status is accessible by default
https://notcve.org/view.php?id=CVE-2023-32550
Landscape's server-status page exposed sensitive system information. This data leak included GET requests which contain information to attack and leak further information from the Landscape API. • https://bugs.launchpad.net/landscape/+bug/1929037 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2023-32549 – Landscape insecure token generation
https://notcve.org/view.php?id=CVE-2023-32549
Landscape cryptographic keys were insecurely generated with a weak pseudo-random generator. • https://bugs.launchpad.net/landscape/+bug/1929034 • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •