Red Hat Openstack Platform
Recent Red Hat Openstack Platform Security Advisories
| Advisory | Title | Published |
|---|---|---|
| RHSA-2023:1275 | (RHSA-2023:1275) Important: Red Hat OpenStack Platform (etcd) security update | March 15, 2023 |
| RHSA-2023:1278 | (RHSA-2023:1278) Important: Red Hat OpenStack Platform (openstack-nova) security update | March 15, 2023 |
| RHSA-2023:1277 | (RHSA-2023:1277) Important: Red Hat OpenStack Platform (openstack-swift) security update | March 15, 2023 |
| RHSA-2023:1279 | (RHSA-2023:1279) Important: Synopsis: Red Hat OpenStack Platform (openstack-cinder) security update | March 15, 2023 |
| RHSA-2023:1280 | (RHSA-2023:1280) Important: Synopsis: Red Hat OpenStack Platform (openstack-glance) security update | March 15, 2023 |
| RHSA-2023:1281 | (RHSA-2023:1281) Important: Red Hat OpenStack Platform (python-werkzeug) security update | March 15, 2023 |
| RHSA-2023:1276 | (RHSA-2023:1276) Moderate: Red Hat OpenStack Platform (collectd-libpod-stats) security update | March 15, 2023 |
| RHSA-2023:1079 | (RHSA-2023:1079) Moderate: Red Hat OpenStack Platform 16.2 (osp-director-downloader-container, osp-director-agent-container and osp-director-operator-container) security update | March 6, 2023 |
| RHSA-2023:1018 | (RHSA-2023:1018) Important: Red Hat OpenStack Platform 17.0 (python-werkzeug) security update | March 2, 2023 |
| RHSA-2023:1014 | (RHSA-2023:1014) Important: Red Hat OpenStack Platform 17.0 (etcd) security update | February 28, 2023 |
By the Year
In 2023 there have been 1 vulnerability in Red Hat Openstack Platform with an average score of 6.5 out of ten. Last year Openstack Platform had 11 security vulnerabilities published. Right now, Openstack Platform is on track to have less security vulnerabilities in 2023 than it did last year. However, the average CVE base score of the vulnerabilities in 2023 is greater by 0.31.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 1 | 6.50 |
| 2022 | 11 | 6.19 |
| 2021 | 4 | 6.90 |
| 2020 | 5 | 6.64 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Openstack Platform vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Openstack Platform Security Vulnerabilities
An uncontrolled resource consumption flaw was found in openstack-neutron
CVE-2022-3277
6.5 - Medium
- March 06, 2023
An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service.
Resource Exhaustion
An authorization flaw was found in openstack-barbican
CVE-2022-23451
8.1 - High
- September 06, 2022
An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources.
AuthZ
An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container
CVE-2022-23452
4.9 - Medium
- September 01, 2022
An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service.
AuthZ
A flaw was found in Keystone
CVE-2022-2447
6.6 - Medium
- September 01, 2022
A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected.
Operation on a Resource after Expiration or Release
A permissive list of allowed inputs flaw was found in DPDK
CVE-2022-2132
8.6 - High
- August 31, 2022
A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.
A flaw was found in python-oslo-utils
CVE-2022-0718
4.9 - Medium
- August 29, 2022
A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext.
Insufficiently Protected Credentials
A flaw was found in openstack-keystone
CVE-2021-3563
7.4 - High
- August 26, 2022
A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.
AuthZ
A key length flaw was found in Red Hat Ceph Storage
CVE-2021-3979
6.5 - Medium
- August 25, 2022
A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks.
Use of a Broken or Risky Cryptographic Algorithm
An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring
CVE-2020-14394
3.2 - Low
- August 17, 2022
An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service.
Infinite Loop
This is a concurrency issue
CVE-2022-0866
5.3 - Medium
- May 10, 2022
This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRunAsIdentity field. This field is used by the org.jboss.as.ejb3.security.RunAsPrincipalInterceptor to keep track of the current identity prior to switching to a new identity created using the RunAs principal. The exploit consist that the EJBComponent#incomingRunAsIdentity field is currently just a SecurityIdentity. This means in a concurrent environment, where multiple users are repeatedly invoking an EJB that is configured with a RunAs principal, it's possible for the wrong the caller principal to be returned from EJBComponent#getCallerPrincipal. Similarly, it's also possible for EJBComponent#isCallerInRole to return the wrong value. Both of these methods rely on incomingRunAsIdentity. Affects all versions of JBoss EAP from 7.1.0 and all versions of WildFly 11+ when Elytron is enabled.
AuthZ
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU
CVE-2021-20257
6.5 - Medium
- March 16, 2022
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Infinite Loop
A vulnerability was found in openstack-nova's console proxy, noVNC
CVE-2021-3654
6.1 - Medium
- March 02, 2022
A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.
Open Redirect
An improper authorization flaw was discovered in openstack-selinux's applied policy where it does not prevent a non-root user in a container
CVE-2020-1690
6.5 - Medium
- June 07, 2021
An improper authorization flaw was discovered in openstack-selinux's applied policy where it does not prevent a non-root user in a container from privilege escalation. A non-root attacker in one or more Red Hat OpenStack (RHOSP) containers could send messages to the dbus. With access to the dbus, the attacker could start or stop services, possibly causing a denial of service. Versions before openstack-selinux 0.8.24 are affected.
The ahci_commit_buf function in ide/ahci.c in QEMU
CVE-2019-12067
6.5 - Medium
- June 02, 2021
The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null.
NULL Pointer Dereference
A flaw was found in openstack-neutron's default Open vSwitch firewall rules
CVE-2021-20267
7.1 - High
- May 28, 2021
A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the IPv6 addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations. Only deployments using the Open vSwitch driver are affected. Source: OpenStack project. Versions before openstack-neutron 15.3.3, openstack-neutron 16.3.1 and openstack-neutron 17.1.1 are affected.
Insufficient Verification of Data Authenticity
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input
CVE-2021-20270
7.5 - High
- March 23, 2021
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
Infinite Loop
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation
CVE-2020-27781
7.1 - High
- December 18, 2020
User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack project can view the access key. This enables the attacker to target any resource that the user has access to. This can be done to even "admin" users, compromising the ceph administrator. This flaw affects Ceph versions prior to 14.2.16, 15.x prior to 15.2.8, and 16.x prior to 16.2.0.
Insufficiently Protected Credentials
It was found that python-rsa is vulnerable to Bleichenbacher timing attacks
CVE-2020-25658
5.9 - Medium
- November 12, 2020
It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.
Covert Timing Channel
hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference
CVE-2020-25743
3.2 - Low
- October 06, 2020
hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call.
NULL Pointer Dereference
A flaw was found in the Ansible Engine
CVE-2020-14365
7.1 - High
- September 23, 2020
A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability.
Improper Verification of Cryptographic Signature
A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabled
CVE-2020-10731
9.9 - Critical
- July 31, 2020
A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabled. This flaw causes sVirt, an important isolation mechanism, to be disabled for all running virtual machines.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Openstack Platform or by Red Hat? Click the Watch button to subscribe.
