rpm package
suse/openstack-dashboard&distro=SUSE OpenStack Cloud 7
pkg:rpm/suse/openstack-dashboard&distro=SUSE%20OpenStack%20Cloud%207
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-14432 | — | < 10.0.6~dev4-4.15.1 | 10.0.6~dev4-4.15.1 | Jul 31, 2018 | In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access | ||
| CVE-2017-7400 | Med | 4.8 | < 10.0.4~a0~dev2-3.1 | 10.0.4~a0~dev2-3.1 | Apr 3, 2017 | OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping. | |
| CVE-2017-7214 | Cri | 9.8 | < 10.0.4~a0~dev2-3.1 | 10.0.4~a0~dev2-3.1 | Mar 21, 2017 | An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization |
- CVE-2018-14432Jul 31, 2018affected < 10.0.6~dev4-4.15.1fixed 10.0.6~dev4-4.15.1
In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access
- affected < 10.0.4~a0~dev2-3.1fixed 10.0.4~a0~dev2-3.1
OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping.
- affected < 10.0.4~a0~dev2-3.1fixed 10.0.4~a0~dev2-3.1
An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization