Jump to: navigation, search

Difference between revisions of "SecurityAdvisories/Essex"

(ossa 2012-013)
Line 23: Line 23:
 
| Lack of authorization for adding users to tenants
 
| Lack of authorization for adding users to tenants
 
| Critical
 
| Critical
 +
|-
 +
| Keystone
 +
| September 12, 2012
 +
| [https://lists.launchpad.net/openstack/msg16659.html 2012-014]
 +
| [https://bugs.launchpad.net/bugs/cve/2012-4413 2012-4413]
 +
| Revoking a role does not affect existing tokens
 +
| High
 
|}
 
|}
  

Revision as of 07:25, 18 September 2012

Essex Security Advisories

Product Date Openstack Security Advisory CVE Number Title Impact
Horizon August 30, 2012 2012-012 2012-3540 Open redirect through 'next' parameter Medium
Keystone August 30, 2012 2012-013 2012-3542 Lack of authorization for adding users to tenants Critical
Keystone September 12, 2012 2012-014 2012-4413 Revoking a role does not affect existing tokens High

Fixed in 2012.1.2

See ReleaseNotes/2012.1.2

Product Date Openstack Security Advisory CVE Number Title Impact
Nova July 3, 2012 2012-008 2012-3360 Arbitrary file injection/corruption through directory traversal issues Critical
Nova July 11, 2012 2012-009 2012-3371 Scheduler denial of service through scheduler_hints Medium
Nova August 7, 2012 2012-011 2012-3447 Compute node filesystem injection/corruption Critical

Fixed in 2012.1.1

See ReleaseNotes/2012.1.1

Product Date Openstack Security Advisory CVE Number Title Impact
Horizon April 17, 2012 2012-004 2012-2094 XSS vulnerability in Horizon log viewer High
Nova April 19, 2012 2012-005 2012-2101 No quota enforced on security group rules High
Horizon May 4, 2012 2012-006 2012-2144 Horizon session fixation and reuse Critical
Nova June 6, 2012 2012-007 2012-2654 Security groups fail to be set correctly Medium
Keystone July 27, 2012 2012-010 2012-3426 Various Keystone token expiration issues Medium
Retrieved from "https://wiki.openstack.org/w/index.php?title=SecurityAdvisories/Essex&oldid=11800"