Openstack Platform Red Hat Openstack Platform

Do you want an email whenever new security vulnerabilities are reported in Red Hat Openstack Platform?

Recent Red Hat Openstack Platform Security Advisories

Advisory Title Published
RHSA-2022:5116 (RHSA-2022:5116) Moderate: Red Hat OpenStack Platform 16.2 (puppet-firewall) security update June 22, 2022
RHSA-2022:5115 (RHSA-2022:5115) Moderate: Red Hat OpenStack Platform 16.2 (python-django20) security update June 22, 2022
RHSA-2022:5114 (RHSA-2022:5114) Moderate: Red Hat OpenStack Platform 16.2 (openstack-barbican) security update June 22, 2022
RHSA-2022:1646 (RHSA-2022:1646) Important: Red Hat OpenStack Platform 16.1 (python-twisted) security update April 28, 2022
RHSA-2022:1645 (RHSA-2022:1645) Important: Red Hat OpenStack Platform 16.2 (python-twisted) security update April 28, 2022
RHSA-2022:1264 (RHSA-2022:1264) Important: Red Hat OpenStack Platform 13.0 (python-waitress) security update April 7, 2022
RHSA-2022:1254 (RHSA-2022:1254) Important: Red Hat OpenStack Platform 16.1 (python-waitress) security update April 6, 2022
RHSA-2022:1253 (RHSA-2022:1253) Important: Red Hat OpenStack Platform 16.2 (python-waitress) security update April 6, 2022
RHSA-2022:0982 (RHSA-2022:0982) Important: Red Hat OpenStack Platform 16.1 (python-twisted) security update March 24, 2022
RHSA-2022:0987 (RHSA-2022:0987) Moderate: Red Hat OpenStack Platform 16.1 (numpy) security update March 24, 2022

By the Year

In 2022 there have been 3 vulnerabilities in Red Hat Openstack Platform with an average score of 6.0 out of ten. Last year Openstack Platform had 4 security vulnerabilities published. At the current rates, it appears that the number of vulnerabilities last year and this year may equal out. Last year, the average CVE base score was greater by 0.93

Year Vulnerabilities Average Score
2022 3 5.97
2021 4 6.90
2020 5 6.64
2019 0 0.00
2018 0 0.00

It may take a day or so for new Openstack Platform vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Red Hat Openstack Platform Security Vulnerabilities

This is a concurrency issue

CVE-2022-0866 5.3 - Medium - May 10, 2022

This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRunAsIdentity field. This field is used by the org.jboss.as.ejb3.security.RunAsPrincipalInterceptor to keep track of the current identity prior to switching to a new identity created using the RunAs principal. The exploit consist that the EJBComponent#incomingRunAsIdentity field is currently just a SecurityIdentity. This means in a concurrent environment, where multiple users are repeatedly invoking an EJB that is configured with a RunAs principal, it's possible for the wrong the caller principal to be returned from EJBComponent#getCallerPrincipal. Similarly, it's also possible for EJBComponent#isCallerInRole to return the wrong value. Both of these methods rely on incomingRunAsIdentity. Affects all versions of JBoss EAP from 7.1.0 and all versions of WildFly 11+ when Elytron is enabled.

AuthZ

An infinite loop flaw was found in the e1000 NIC emulator of the QEMU

CVE-2021-20257 6.5 - Medium - March 16, 2022

An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Infinite Loop

A vulnerability was found in openstack-nova's console proxy, noVNC

CVE-2021-3654 6.1 - Medium - March 02, 2022

A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.

Open Redirect

An improper authorization flaw was discovered in openstack-selinux's applied policy where it does not prevent a non-root user in a container

CVE-2020-1690 6.5 - Medium - June 07, 2021

An improper authorization flaw was discovered in openstack-selinux's applied policy where it does not prevent a non-root user in a container from privilege escalation. A non-root attacker in one or more Red Hat OpenStack (RHOSP) containers could send messages to the dbus. With access to the dbus, the attacker could start or stop services, possibly causing a denial of service. Versions before openstack-selinux 0.8.24 are affected.

The ahci_commit_buf function in ide/ahci.c in QEMU

CVE-2019-12067 6.5 - Medium - June 02, 2021

The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null.

NULL Pointer Dereference

A flaw was found in openstack-neutron's default Open vSwitch firewall rules

CVE-2021-20267 7.1 - High - May 28, 2021

A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations. Only deployments using the Open vSwitch driver are affected. Source: OpenStack project. Versions before openstack-neutron 15.3.3, openstack-neutron 16.3.1 and openstack-neutron 17.1.1 are affected.

Insufficient Verification of Data Authenticity

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input

CVE-2021-20270 7.5 - High - March 23, 2021

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.

Infinite Loop

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation

CVE-2020-27781 7.1 - High - December 18, 2020

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack project can view the access key. This enables the attacker to target any resource that the user has access to. This can be done to even "admin" users, compromising the ceph administrator. This flaw affects Ceph versions prior to 14.2.16, 15.x prior to 15.2.8, and 16.x prior to 16.2.0.

Insufficiently Protected Credentials

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks

CVE-2020-25658 5.9 - Medium - November 12, 2020

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.

Covert Timing Channel

hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference

CVE-2020-25743 3.2 - Low - October 06, 2020

hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call.

NULL Pointer Dereference

A flaw was found in the Ansible Engine

CVE-2020-14365 7.1 - High - September 23, 2020

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability.

Improper Verification of Cryptographic Signature

A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabled

CVE-2020-10731 9.9 - Critical - July 31, 2020

A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabled. This flaw causes sVirt, an important isolation mechanism, to be disabled for all running virtual machines.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Red Hat Openstack Platform or by Red Hat? Click the Watch button to subscribe.

Red Hat
Vendor

subscribe