Jump to: navigation, search

SecurityAdvisories/Essex

Essex Security Advisories

Fixed in 2012.1.3

See ReleaseNotes/2012.1.3

Product Date Openstack Security Advisory CVE Number Title Impact
Horizon August 30, 2012 2012-012 2012-3540 Open redirect through 'next' parameter Medium
Keystone August 30, 2012 2012-013 2012-3542 Lack of authorization for adding users to tenants Critical
Keystone September 12, 2012 2012-014 2012-4413 Revoking a role does not affect existing tokens High

Fixed in 2012.1.2

See ReleaseNotes/2012.1.2

Product Date Openstack Security Advisory CVE Number Title Impact
Nova July 3, 2012 2012-008 2012-3360 Arbitrary file injection/corruption through directory traversal issues Critical
Nova July 11, 2012 2012-009 2012-3371 Scheduler denial of service through scheduler_hints Medium
Nova August 7, 2012 2012-011 2012-3447 Compute node filesystem injection/corruption Critical
Keystone September 28, 2012 2012-015 2012-4456 Some actions in Keystone admin API do not validate token High
2012-4456
Keystone September 28, 2012 2012-016 2012-4457 Token authorization for a user in a disabled tenant is allowed High

Fixed in 2012.1.1

See ReleaseNotes/2012.1.1

Product Date Openstack Security Advisory CVE Number Title Impact
Horizon April 17, 2012 2012-004 2012-2094 XSS vulnerability in Horizon log viewer High
Nova April 19, 2012 2012-005 2012-2101 No quota enforced on security group rules High
Horizon May 4, 2012 2012-006 2012-2144 Horizon session fixation and reuse Critical
Nova June 6, 2012 2012-007 2012-2654 Security groups fail to be set correctly Medium
Keystone July 27, 2012 2012-010 2012-3426 Various Keystone token expiration issues Medium