Openstack : Security Vulnerabilities, CVEs, Published In December 2012
OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume (PV) content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume (LV).
Max CVSS
4.3
EPSS Score
0.48%
Published
2012-12-26
Updated
2013-02-15
OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role.
Max CVSS
3.5
EPSS Score
0.26%
Published
2012-12-18
Updated
2017-08-29
OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression.
Max CVSS
4.0
EPSS Score
0.20%
Published
2012-12-18
Updated
2023-02-13
tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elastic Compute Cloud (Amazon EC2) is configured, uses world-readable permissions for /etc/keystone/ec2rc, which allows local users to obtain access to EC2 services by reading administrative access and secret values from this file.
Max CVSS
2.1
EPSS Score
0.04%
Published
2012-12-26
Updated
2017-08-29
4 vulnerabilities found