Jump to: navigation, search

SecurityAdvisories/Essex

< SecurityAdvisories
Revision as of 10:12, 5 September 2012 by GheRivero (talk) (ossa2012-012)

Essex Security Advisories

Product Date Openstack Security Advisory CVE Number Title Impact
Horizon August 30, 2012 2012-012 2012-3540 Open redirect through 'next' parameter Medium

Fixed in 2012.1.2

See ReleaseNotes/2012.1.2

Product Date Openstack Security Advisory CVE Number Title Impact
Nova July 3, 2012 2012-008 2012-3360 Arbitrary file injection/corruption through directory traversal issues Critical
Nova July 11, 2012 2012-009 2012-3371 Scheduler denial of service through scheduler_hints Medium
Nova August 7, 2012 2012-011 2012-3447 Compute node filesystem injection/corruption Critical

Fixed in 2012.1.1

See ReleaseNotes/2012.1.1

Product Date Openstack Security Advisory CVE Number Title Impact
Horizon April 17, 2012 2012-004 2012-2094 XSS vulnerability in Horizon log viewer High
Nova April 19, 2012 2012-005 2012-2101 No quota enforced on security group rules High
Horizon May 4, 2012 2012-006 2012-2144 Horizon session fixation and reuse Critical
Nova June 6, 2012 2012-007 2012-2654 Security groups fail to be set correctly Medium
Keystone July 27, 2012 2012-010 2012-3426 Various Keystone token expiration issues Medium
Retrieved from "https://wiki.openstack.org/w/index.php?title=SecurityAdvisories/Essex&oldid=11798"