Redhat Openstack Platform vulnerabilities

CVE-2022-2447 [MEDIUM] CWE-324 CVE-2022-2447: A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) betwee A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected.

CVE-2022-2132 [HIGH] CWE-791 CVE-2022-2132: A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to c A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.

CVE-2022-0718 [MEDIUM] CWE-522 CVE-2022-0718: A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext.

CVE-2021-3563 [HIGH] CWE-863 CVE-2021-3563: A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are ve A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.

CVE-2021-3979 [MEDIUM] CWE-327 CVE-2021-3979: A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key l A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks.

CVE-2020-14394 [LOW] CWE-835 CVE-2020-14394: An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the len An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service.

CVE-2022-0866 [MEDIUM] CWE-863 CVE-2022-0866: This is a concurrency issue that can result in the wrong caller principal being returned from the se This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRunAsIdentity field. This field is used by the org.jboss.as.ejb3.security.RunAsPrincipalInterceptor to ke

CVE-2021-20257 [MEDIUM] CWE-835 CVE-2021-20257: An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while proce An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerabil

CVE-2021-3654 [MEDIUM] CWE-601 CVE-2021-3654: A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noV A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.

CVE-2020-1690 [MEDIUM] CWE-285 CVE-2020-1690: An improper authorization flaw was discovered in openstack-selinux's applied policy where it does no An improper authorization flaw was discovered in openstack-selinux's applied policy where it does not prevent a non-root user in a container from privilege escalation. A non-root attacker in one or more Red Hat OpenStack (RHOSP) containers could send messages to the dbus. With access to the dbus, the attacker could start or stop services, possibly cau

CVE-2019-12067 [MEDIUM] CWE-476 CVE-2019-12067: The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NU The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null.

CVE-2021-20267 [HIGH] CWE-345 CVE-2021-20267: A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully cr A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other

CVE-2021-20270 [HIGH] CWE-835 CVE-2021-20270: An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when pe An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.

CVE-2020-27781 [HIGH] CWE-522 CVE-2020-27781: User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resul User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack proj

CVE-2020-25658 [HIGH] CWE-385 CVE-2020-25658: It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use thi It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.

CVE-2020-25743 [LOW] CWE-476 CVE-2020-25743: hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call.

CVE-2020-14365 [HIGH] CWE-347 CVE-2020-14365: A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9 A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the syst

CVE-2020-10731 [CRITICAL] CWE-284 CVE-2020-10731: A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16, where A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabled. This flaw causes sVirt, an important isolation mechanism, to be disabled for all running virtual machines.

CVE-2017-15114 [HIGH] CWE-295 CVE-2017-15114: When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it def When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. As no additional authentication is configured this allows these services to connect to libvirtd (which is equivalent to root access). If a vulnerability exists in another service it c