Difference between revisions of "SecurityAdvisories/Essex"
(Added 2012-016 Keystone) |
m (Text replace - "__NOTOC__" to "") |
||
Line 1: | Line 1: | ||
− | + | ||
= Essex Security Advisories = | = Essex Security Advisories = | ||
Latest revision as of 23:30, 17 February 2013
Contents
Essex Security Advisories
Fixed in 2012.1.3
Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
Horizon | August 30, 2012 | 2012-012 | 2012-3540 | Open redirect through 'next' parameter | Medium |
Keystone | August 30, 2012 | 2012-013 | 2012-3542 | Lack of authorization for adding users to tenants | Critical |
Keystone | September 12, 2012 | 2012-014 | 2012-4413 | Revoking a role does not affect existing tokens | High |
Fixed in 2012.1.2
Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
Nova | July 3, 2012 | 2012-008 | 2012-3360 | Arbitrary file injection/corruption through directory traversal issues | Critical |
Nova | July 11, 2012 | 2012-009 | 2012-3371 | Scheduler denial of service through scheduler_hints | Medium |
Nova | August 7, 2012 | 2012-011 | 2012-3447 | Compute node filesystem injection/corruption | Critical |
Keystone | September 28, 2012 | 2012-015 | 2012-4456 | Some actions in Keystone admin API do not validate token | High |
2012-4456 | |||||
Keystone | September 28, 2012 | 2012-016 | 2012-4457 | Token authorization for a user in a disabled tenant is allowed | High |
Fixed in 2012.1.1
Product | Date | Openstack Security Advisory | CVE Number | Title | Impact |
Horizon | April 17, 2012 | 2012-004 | 2012-2094 | XSS vulnerability in Horizon log viewer | High |
Nova | April 19, 2012 | 2012-005 | 2012-2101 | No quota enforced on security group rules | High |
Horizon | May 4, 2012 | 2012-006 | 2012-2144 | Horizon session fixation and reuse | Critical |
Nova | June 6, 2012 | 2012-007 | 2012-2654 | Security groups fail to be set correctly | Medium |
Keystone | July 27, 2012 | 2012-010 | 2012-3426 | Various Keystone token expiration issues | Medium |