Openstack Platform Red Hat Openstack Platform

Do you want an email whenever new security vulnerabilities are reported in Red Hat Openstack Platform?

By the Year

In 2021 there have been 1 vulnerability in Red Hat Openstack Platform with an average score of 7.5 out of ten. Last year Openstack Platform had 4 security vulnerabilities published. Right now, Openstack Platform is on track to have less security vulnerabilities in 2021 than it did last year. However, the average CVE base score of the vulnerabilities in 2021 is greater by 1.68.

Year Vulnerabilities Average Score
2021 1 7.50
2020 4 5.83
2019 0 0.00
2018 0 0.00

It may take a day or so for new Openstack Platform vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Red Hat Openstack Platform Security Vulnerabilities

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input

CVE-2021-20270 7.5 - High - March 23, 2021

An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.

Infinite Loop

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation

CVE-2020-27781 7.1 - High - December 18, 2020

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack project can view the access key. This enables the attacker to target any resource that the user has access to. This can be done to even "admin" users, compromising the ceph administrator. This flaw affects Ceph versions prior to 14.2.16, 15.x prior to 15.2.8, and 16.x prior to 16.2.0.

Insufficiently Protected Credentials

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks

CVE-2020-25658 5.9 - Medium - November 12, 2020

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.

Use of a Broken or Risky Cryptographic Algorithm

hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference

CVE-2020-25743 3.2 - Low - October 06, 2020

hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call.

NULL Pointer Dereference

A flaw was found in the Ansible Engine

CVE-2020-14365 7.1 - High - September 23, 2020

A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability.

Improper Verification of Cryptographic Signature

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Red Hat Openstack Platform or by Red Hat? Click the Watch button to subscribe.

subscribe