VYPR

Openstack

by OpenStack

CVEs (7)

  • CVE-2016-6829CriDec 9, 2016
    risk 0.64cvss 9.8epss 0.02

    The trove service user in (1) Openstack deployment (aka crowbar-openstack) and (2) Trove Barclamp (aka barclamp-trove and crowbar-barclamp-trove) in the Crowbar Framework has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors.

  • CVE-2017-12440HigAug 18, 2017
    risk 0.42cvss 7.5epss 0.02

    Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with…

  • CVE-2026-40212MedApr 10, 2026
    risk 0.35cvss 5.4epss 0.00

    OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting (XSS) vulnerability in the console because document.write is used unsafely, which is relevant in scenarios where administrators use the console web interface to view instance console logs.

  • CVE-2023-2088May 12, 2023
    risk 0.00cvss epss 0.01

    A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to…

  • CVE-2022-38065Dec 21, 2022
    risk 0.00cvss epss 0.01

    A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly permissive functionality within tools leveraging this library within a container can lead increased privileges.

  • CVE-2022-38060Dec 21, 2022
    risk 0.00cvss epss 0.00

    A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges.

  • CVE-2013-1793Dec 10, 2019
    risk 0.00cvss epss 0.01

    openstack-utils openstack-db has insecure password creation