CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Openstack : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-2828 287 DoS 2014-04-15 2014-04-16
5.0
None Remote Low Not required None None Partial
The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the same authentication method in a request, aka "authentication chaining."
2 CVE-2014-2573 264 DoS Bypass 2014-03-25 2014-03-26
2.3
None Local Network Medium Single system None None Partial
The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image.
3 CVE-2014-2237 264 Bypass 2014-04-01 2014-04-01
5.0
None Remote Low Not required None Partial None
The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being invalidated by bulk token revocation and allows the trustee to bypass intended access restrictions.
4 CVE-2014-1948 255 +Info 2014-02-14 2014-03-08
2.6
None Local High Not required Partial Partial None
OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log.
5 CVE-2014-0167 264 +Priv 2014-04-15 2014-04-16
6.0
None Remote Medium Single system Partial Partial Partial
The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules, (3) destroy, and other unspecified methods in compute/api.py when using non-default policies, which allows remote authenticated users to gain privileges via these API requests.
6 CVE-2014-0157 79 XSS 2014-04-15 2014-04-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to inject arbitrary web script or HTML via the description field of a Heat template.
7 CVE-2014-0105 255 +Priv 2014-04-15 2014-04-16
6.0
None Remote Medium Single system Partial Partial Partial
The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, related to an "interaction between eventlet and python-memcached."
8 CVE-2014-0006 200 +Info 2014-01-22 2014-03-08
4.3
None Remote Medium Not required Partial None None
The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack.
9 CVE-2013-7130 200 +Info 2014-02-06 2014-03-08
7.1
None Remote Medium Not required Complete None None
The i_create_images_and_backing (aka create_images_and_backing) method in libvirt driver in OpenStack Compute (Nova) Grizzly, Havana, and Icehouse, when using KVM live block migration, does not properly create all expected files, which allows attackers to obtain snapshot root disk contents of other users via ephemeral storage.
10 CVE-2013-7048 264 2014-01-23 2014-03-08
3.3
None Local Medium Not required Partial Partial None
OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots.
11 CVE-2013-6858 79 XSS 2013-11-23 2014-01-03
1.9
None Local Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topology" page.
12 CVE-2013-6491 310 +Info 2014-02-01 2014-02-03
4.3
None Remote Medium Not required Partial None None
The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network.
13 CVE-2013-6437 399 DoS 2014-03-06 2014-03-07
4.0
None Remote Low Single system None None Partial
The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and icehouse before icehouse-2 allows remote authenticated users to cause a denial of service (disk consumption) by creating and deleting instances with unique os_type settings, which triggers the creation of a new ephemeral disk backing file.
14 CVE-2013-6428 264 Bypass 2013-12-14 2014-03-05
4.0
None Remote Low Single system None Partial None
The ReST API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 allows remote authenticated users to bypass the tenant scoping restrictions via a modified tenant_id in the request path.
15 CVE-2013-6426 264 Bypass 2013-12-14 2014-03-05
4.0
None Remote Low Single system None Partial None
The cloudformation-compatible API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance users to bypass intended access restrictions and (1) create a stack via the CreateStack method or (2) update a stack via the UpdateStack method.
16 CVE-2013-6419 200 +Info 2014-01-07 2014-03-08
5.0
None Remote Low Not required Partial None None
Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by (1) api/metadata/handler.py in Nova and (2) the neutron-metadata-agent (agent/metadata/agent.py) in Neutron.
17 CVE-2013-6396 310 +Info 2014-02-18 2014-02-20
5.8
None Remote Medium Not required Partial Partial None
The OpenStack Python client library for Swift (python-swiftclient) 1.0 through 1.9.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
18 CVE-2013-6391 264 +Priv 2013-12-14 2014-03-05
5.8
None Remote Medium Not required Partial Partial None
The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2tokens API request.
19 CVE-2013-6384 200 +Info 2013-11-23 2013-12-08
1.9
None Local Medium Not required Partial None None
(1) impl_db2.py and (2) impl_mongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to obtain sensitive information (the DB2 or MongoDB password) by reading the log file.
20 CVE-2013-4497 264 Bypass 2013-11-05 2013-11-06
6.4
None Remote Low Not required Partial Partial None
The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions.
21 CVE-2013-4477 264 +Priv 2013-11-02 2014-03-05
3.3
None Local Medium Not required Partial Partial None
The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges.
22 CVE-2013-4469 399 DoS 2013-11-02 2013-11-21
1.9
None Local Medium Not required None None Partial
OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by transferring an image with a large virtual size that does not contain a large amount of data from Glance. NOTE: this issue is due to an incomplete fix for CVE-2013-2096.
23 CVE-2013-4463 399 DoS 2014-02-06 2014-02-11
2.1
None Local Low Not required None None Partial
OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) via a compressed QCOW2 image. NOTE: this issue is due to an incomplete fix for CVE-2013-2096.
24 CVE-2013-4428 264 2013-10-26 2013-12-19
3.5
None Remote Medium Single system Partial None None
OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image UUID.
25 CVE-2013-4354 20 2013-11-23 2013-11-25
2.1
None Local Low Not required None Partial None
The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image.
26 CVE-2013-4294 264 Bypass 2013-09-23 2013-10-30
5.0
None Remote Low Not required None Partial None
The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.
27 CVE-2013-4278 264 2013-09-16 2013-09-25
3.5
None Remote Medium Single system Partial None None
The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for CVE-2013-2256.
28 CVE-2013-4261 119 DoS Overflow 2013-10-29 2013-10-30
3.5
None Remote Medium Single system None None Partial
OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send long strings to an instance console and retrieving the console log.
29 CVE-2013-4222 255 2013-09-30 2013-12-08
6.5
None Remote Low Single system Partial Partial Partial
OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token.
30 CVE-2013-4202 399 DoS 2013-09-16 2013-10-30
4.3
None Remote Medium Not required None None Partial
The (1) backup (api/contrib/backups.py) and (2) volume transfer (contrib/volume_transfer.py) APIs in OpenStack Cinder Grizzly 2013.1.3 and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664.
31 CVE-2013-4185 310 DoS 2013-10-29 2013-10-30
4.0
None Remote Low Single system None None Partial
Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update requests.
32 CVE-2013-4183 200 +Info 2013-09-16 2013-10-30
2.1
None Local Low Not required Partial None None
The clear_volume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive information via unspecified vectors.
33 CVE-2013-4179 119 DoS Overflow 2013-09-16 2013-10-30
4.3
None Remote Medium Not required None None Partial
The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664.
34 CVE-2013-4155 119 DoS Overflow 2013-08-20 2013-10-30
4.0
None Remote Low Single system None None Partial
OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service ("superfluous" tombstone consumption and Swift cluster slowdown) via a DELETE request with a timestamp that is older than expected.
35 CVE-2013-4111 20 2013-08-28 2013-10-30
5.8
None Remote Medium Not required Partial Partial None
The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate and allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
36 CVE-2013-2256 264 +Info 2013-09-16 2013-09-25
6.0
None Remote Medium Single system Partial Partial Partial
OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors, and possibly have other unspecified impacts by guessing the flavor id.
37 CVE-2013-2161 94 2013-08-20 2013-10-07
7.5
None Remote Low Not required Partial Partial Partial
XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name.
38 CVE-2013-2157 287 Bypass 2013-08-20 2013-08-21
4.3
None Remote Medium Not required None Partial None
OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password.
39 CVE-2013-2104 264 2014-01-21 2014-01-22
5.5
None Remote Low Single system None Partial Partial
python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires.
40 CVE-2013-2096 399 DoS 2013-07-09 2014-01-07
2.1
None Local Low Not required None None Partial
OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of data.
41 CVE-2013-2059 287 2013-05-21 2013-11-24
6.0
None Remote Medium Single system Partial Partial Partial
OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.
42 CVE-2013-2030 264 2013-12-26 2013-12-27
2.1
None Local Low Not required None Partial None
keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora.
43 CVE-2013-2013 200 +Info 2013-10-01 2013-11-02
2.1
None Local Low Not required Partial None None
The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the process.
44 CVE-2013-2006 200 +Info 2013-05-21 2013-11-24
2.1
None Local Low Not required Partial None None
OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.
45 CVE-2013-1977 264 +Info 2013-05-21 2013-05-22
2.1
None Local Low Not required Partial None None
OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file.
46 CVE-2013-1865 287 Bypass 2013-03-22 2013-11-30
6.8
None Remote Medium Not required Partial Partial Partial
OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token.
47 CVE-2013-1840 200 +Info 2013-03-22 2013-04-10
3.5
None Remote Medium Single system Partial None None
The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.
48 CVE-2013-1838 399 DoS 2013-03-22 2013-06-04
4.0
None Remote Low Single system None None Partial
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.
49 CVE-2013-1665 200 +Info 2013-04-02 2013-05-14
5.0
None Remote Low Not required Partial None None
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.
50 CVE-2013-1664 119 DoS Overflow 2013-04-02 2013-05-14
5.0
None Remote Low Not required None None Partial
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.
Total number of vulnerabilities : 82   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.