Computer Security
[EN] no-pyccku

OpenStack multiple security vulnerabilities
SecurityVulns ID:13750
Threat Level:
Description:Glance code execution, Neutron and Swift unauthorized access, Horizon crossite scripting, Quantum / Cinder / Oslo information leakage.
Affected:OPENSTACK : Cinder 2012.2
 OPENSTACK : Horizon 2013.2
 OPENSTACK : Glance 2013.2
 OPENSTACK : Neutron 2013.2
 OPENSTACK : Swift 1.10
 OPENSTACK : Oslo 2013.2
 OPENSTACK : Quantum 2012.2
CVE:CVE-2014-0162 (The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location.)
 CVE-2014-0157 (Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to inject arbitrary web script or HTML via the description field of a Heat template.)
 CVE-2014-0056 (The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command.)
 CVE-2014-0006 (The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack.)
 CVE-2013-6491 (The python-qpid client (common/rpc/ in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network.)
Original documentdocumentUBUNTU, [USN-2208-2] OpenStack Quantum vulnerability (07.05.2014)
 documentUBUNTU, [USN-2208-1] OpenStack Cinder vulnerability (07.05.2014)
 documentUBUNTU, [USN-2193-1] OpenStack Glance vulnerability (07.05.2014)
 documentUBUNTU, [USN-2194-1] OpenStack Neutron vulnerability (07.05.2014)
 documentUBUNTU, [USN-2206-1] OpenStack Horizon vulnerability (07.05.2014)
 documentUBUNTU, [USN-2207-1] OpenStack Swift vulnerability (07.05.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod