Openstack
by OpenStack
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-6829 | Cri | 0.64 | 9.8 | 0.02 | Dec 9, 2016 | The trove service user in (1) Openstack deployment (aka crowbar-openstack) and (2) Trove Barclamp (aka barclamp-trove and crowbar-barclamp-trove) in the Crowbar Framework has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors. | ||
| CVE-2017-12440 | Hig | 0.42 | 7.5 | 0.02 | Aug 18, 2017 | Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with… | ||
| CVE-2026-40212 | Med | 0.35 | 5.4 | 0.00 | Apr 10, 2026 | OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting (XSS) vulnerability in the console because document.write is used unsafely, which is relevant in scenarios where administrators use the console web interface to view instance console logs. | ||
| CVE-2023-2088 | 0.00 | — | 0.01 | May 12, 2023 | A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to… | |||
| CVE-2022-38065 | 0.00 | — | 0.01 | Dec 21, 2022 | A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly permissive functionality within tools leveraging this library within a container can lead increased privileges. | |||
| CVE-2022-38060 | 0.00 | — | 0.00 | Dec 21, 2022 | A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges. | |||
| CVE-2013-1793 | 0.00 | — | 0.01 | Dec 10, 2019 | openstack-utils openstack-db has insecure password creation |
- risk 0.64cvss 9.8epss 0.02
The trove service user in (1) Openstack deployment (aka crowbar-openstack) and (2) Trove Barclamp (aka barclamp-trove and crowbar-barclamp-trove) in the Crowbar Framework has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors.
- risk 0.42cvss 7.5epss 0.02
Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with…
- risk 0.35cvss 5.4epss 0.00
OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting (XSS) vulnerability in the console because document.write is used unsafely, which is relevant in scenarios where administrators use the console web interface to view instance console logs.
- CVE-2023-2088May 12, 2023risk 0.00cvss —epss 0.01
A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to…
- CVE-2022-38065Dec 21, 2022risk 0.00cvss —epss 0.01
A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly permissive functionality within tools leveraging this library within a container can lead increased privileges.
- CVE-2022-38060Dec 21, 2022risk 0.00cvss —epss 0.00
A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges.
- CVE-2013-1793Dec 10, 2019risk 0.00cvss —epss 0.01
openstack-utils openstack-db has insecure password creation