Redhat Openstack vulnerabilities

CVE-2017-2627 [HIGH] CWE-22 CVE-2017-2627: A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. The sudoers file as installed with OSP's openstack-tripleo-common package is much too permissive. It contains several lines for the mistral user that have wildcards that allow directory traversal with '..' and it grants full passwordless root access to th

CVE-2018-10915 [HIGH] CWE-89 CVE-2018-10915: A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to prop A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher pri

CVE-2018-14432 [MEDIUM] CWE-200 CVE-2018-14432: In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticate In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access, leaking all projects in the deployment and their attributes. Only Key

CVE-2018-10903 [HIGH] CWE-20 CVE-2018-10903: A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passi

CVE-2018-10898 [HIGH] CWE-798 CVE-2018-10898: A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials.

CVE-2016-9603 [CRITICAL] CWE-122 CVE-2016-9603: A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver s A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute a

CVE-2017-2620 [CRITICAL] CWE-787 CVE-2017-2620: Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of th

CVE-2017-2621 [MEDIUM] CWE-552 CVE-2017-2621: An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 a An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1.0 and 7.0.2 where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.

CVE-2017-2622 [MEDIUM] CWE-552 CVE-2017-2622: An accessibility flaw was found in the OpenStack Workflow (mistral) service where a service log dire An accessibility flaw was found in the OpenStack Workflow (mistral) service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information.

CVE-2017-2637 [CRITICAL] CWE-306 CVE-2017-2637: A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable li A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default (by director) listening on 0.0.0.0 (all interfaces) with no-authentication or encryption. Anyone able to make a TCP connection to any compute host IP address, including 127.0.0.1, other loop

CVE-2017-7539 [HIGH] CWE-617 CVE-2017-7539: An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server' An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulti

CVE-2017-7543 [MEDIUM] CWE-362 CVE-2017-7543: A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, A race-condition flaw was discovered in openstack-neutron before 7.2.0-12.1, 8.x before 8.3.0-11.1, 9.x before 9.3.1-2.1, and 10.x before 10.0.2-1.1, where, following a minor overcloud update, neutron security groups were disabled. Specifically, the following were reset to 0: net.bridge.bridge-nf-call-ip6tables and net.bridge.bridge-nf-call-iptables. T

CVE-2017-7481 [CRITICAL] CWE-20 CVE-2017-7481: Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templating language is now marked as 'unsafe' and is not eval

CVE-2017-2673 [HIGH] CWE-863 CVE-2017-2673: An authorization-check flaw was discovered in federation configurations of the OpenStack Identity se An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles.

CVE-2018-2767 [LOW] CVE-2018-2767: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encrypt Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of t

CVE-2018-10875 [HIGH] CWE-426 CVE-2018-10875: A flaw was found in ansible. ansible.cfg is read from the current working directory which can be alt A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code.

CVE-2018-10892 [MEDIUM] CWE-250 CVE-2018-10892: The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not b The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness.

CVE-2017-2615 [CRITICAL] CWE-787 CVE-2017-2615: Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-o Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privi

CVE-2018-10855 [MEDIUM] CWE-532 CVE-2018-10855: Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tas Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible.

CVE-2018-10874 [HIGH] CWE-426 CVE-2018-10874: In ansible it was found that inventory variables are loaded from current working directory when runn In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result.