Redhat Openstack Platform vulnerabilities

CVE-2023-1932 [MEDIUM] CWE-79 CVE-2023-1932: A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.c A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or Cross-Site-Scripting (XSS) attacks.

CVE-2024-8007 [HIGH] CWE-295 CVE-2024-8007: A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform (RHOSP) A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an attacker to deploy potentially compromised container images via disabling TLS certificate verification for registry mirrors, which could enable a man-in-the-middle (MITM) attack.

CVE-2024-7319 [MEDIUM] CVE-2024-7319: An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and the CVE-2023-1625 fix applied.

CVE-2023-6725 [MEDIUM] CWE-1220 CVE-2023-6725: An access-control flaw was found in the OpenStack Designate component where private configuration in An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information.

CVE-2023-48795 [MEDIUM] CWE-354 CVE-2023-48795: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other pr The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgr

CVE-2023-5625 [MEDIUM] CVE-2023-5625: A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch app A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all products.

CVE-2023-44487 [HIGH] CWE-400 CVE-2023-44487: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancell The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

CVE-2023-1633 [MEDIUM] CWE-200 CVE-2023-1633: A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated atta A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials.

CVE-2023-1625 [HIGH] CWE-202 CVE-2023-1625: An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system.

CVE-2023-1636 [MEDIUM] CWE-653 CVE-2023-1636: A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to a

CVE-2022-3596 [HIGH] CWE-402 CVE-2022-3596: An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote at An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials.

CVE-2022-3261 [MEDIUM] CWE-256 CVE-2022-3261: A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages du A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages during the OpenStack overcloud update run, leading to a disclosure of sensitive information problem.

CVE-2023-1108 [HIGH] CWE-835 CVE-2023-1108: A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unex A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

CVE-2023-3637 [MEDIUM] CWE-400 CVE-2023-3637: An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of ser

CVE-2023-3354 [HIGH] CWE-476 CVE-2023-3354: A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU che A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL poi

CVE-2023-1668 [HIGH] CWE-670 CVE-2023-1668: A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will instal A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possi

CVE-2022-3277 [MEDIUM] CWE-400 CVE-2022-3277: An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of ser

CVE-2022-3100 [MEDIUM] CWE-305 CVE-2022-3100: A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API.

CVE-2022-23451 [HIGH] CWE-863 CVE-2022-23451: An authorization flaw was found in openstack-barbican. The default policy rules for the secret metad An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resourc

CVE-2022-23452 [MEDIUM] CWE-863 CVE-2022-23452: An authorization flaw was found in openstack-barbican, where anyone with an admin role could add sec An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service.