openstack
276 tracked vulnerabilities.
CVE-2023-1625
HIGH
OpenStack Heat - Authenticated Information Disclosure via Stack Show Command
Sep 24, 2023
CVSS 7.4
EPSS 0.00
CVE-2022-45582
MEDIUM
OpenStack Horizon 19.4.0-20.1.4 - Open Redirect via success_url Parameter
Aug 22, 2023
CVSS 6.1
EPSS 0.00
CVE-2022-3146
MEDIUM
tripleo-ansible - Unauthenticated Sensitive Information Exposure via Insecure File Permissions
Mar 23, 2023
CVSS 5.5
EPSS 0.00
CVE-2022-3101
MEDIUM
tripleo-ansible - Information Disclosure via Insecure File Permissions
Mar 23, 2023
CVSS 5.5
EPSS 0.00
CVE-2022-4134
LOW
openstack-glance - Privilege Escalation
Mar 06, 2023
CVSS 2.8
EPSS 0.00
CVE-2022-3277
MEDIUM
openstack-neutron < 18.6.0 and >=19.0.0.0rc1 <19.5.0 - Authenticated Denial of Service via Security Group Query
Mar 06, 2023
CVSS 6.5
EPSS 0.00
CVE-2022-47951
MEDIUM
OpenStack Cinder/Glance/Nova Path Traversal via VMDK Image Backing File Reference
Jan 26, 2023
CVSS 5.7
EPSS 0.01
CVE-2022-47950
MEDIUM
OpenStack Swift <2.28.1-2.30.0 - Info Disclosure
Jan 18, 2023
CVSS 6.5
EPSS 0.00
CVE-2022-3100
MEDIUM
OpenStack Barbican - Authentication Bypass via API Query String
Jan 18, 2023
CVSS 5.9
EPSS 0.00
CVE-2022-38060
HIGH
OpenStack Kolla - Privilege Escalation
Dec 21, 2022
CVSS 8.8
EPSS 0.00
CVE-2022-23451
HIGH
openstack-barbican < 14.0.0 - Authenticated Incorrect Authorization in Secret Metadata API
Sep 06, 2022
CVSS 8.1
EPSS 0.00
CVE-2022-2447
MEDIUM
Keystone - Time-of-Check Time-of-Use Race Condition in Token Revocation
Sep 01, 2022
CVSS 6.6
EPSS 0.00
CVE-2022-23452
MEDIUM
OpenStack Barbican < 14.0.0 - Incorrect Authorization via Admin Role
Sep 01, 2022
CVSS 4.9
EPSS 0.00
CVE-2022-0718
MEDIUM
Python Oslo-Utils - Info Disclosure
Aug 29, 2022
CVSS 4.9
EPSS 0.01
CVE-2022-37394
LOW
OpenStack Nova < 23.2.2, 24.x < 24.1.2, 25.x < 25.0.2 - Authenticated Denial of Service via VNIC Type Change
Aug 03, 2022
CVSS 3.3
EPSS 0.00
CVE-2021-3585
MEDIUM
openstack-tripleo-heat-templates - Info Disclosure
Aug 26, 2022
CVSS 5.5
EPSS 0.00
CVE-2021-3563
HIGH
OpenStack Keystone - Incorrect Authorization via Truncated Application Secret Verification
Aug 26, 2022
CVSS 7.4
EPSS 0.00
CVE-2021-4180
MEDIUM
openstack-tripleo-heat-templates < 11.6.1 - Sensitive Information Exposure via www_authenticate_uri
Mar 23, 2022
CVSS 4.3
EPSS 0.00
CVE-2021-3654
MEDIUM
NUCLEI
OpenStack Nova < 21.2.3 - Open Redirect via noVNC Console Proxy
Mar 02, 2022
CVSS 6.1
EPSS 0.88
CVE-2021-40797
MEDIUM
OpenStack Neutron <16.4.1-18.1.1 - DoS
Sep 08, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-40085
MEDIUM
OpenStack Neutron <18.1.1 - Privilege Escalation
Aug 31, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-38598
CRITICAL
OpenStack Neutron <16.4.1-18.0.0 - DoS
Aug 23, 2021
CVSS 9.1
EPSS 0.00
CVE-2021-38155
HIGH
OpenStack Keystone <16.0.2-19.0.1 - Info Disclosure
Aug 06, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-20267
HIGH
OpenStack Neutron < 16.3.3 - IPv6 Spoofing via Open vSwitch Firewall Rules
May 28, 2021
CVSS 7.1
EPSS 0.00
CVE-2020-29565
MEDIUM
OpenStack Horizon <18.5 - Open Redirect
Dec 04, 2020
CVSS 6.1
EPSS 0.01
Products
keystone 39
nova 38
folsom 25
neutron 25
horizon 22
essex 15
image_registry_and_delivery_service_\(glance\) 15
grizzly 14
swift 13
compute 12
glance 12
havana 11
cinder 9
heat 7
python-keystoneclient 7
Ironic 5
barbican 5
tripleo_heat_templates 5
Keystone 4
icehouse 4
keystonemiddleware 3
trove 3
Cyborg 2
ceilometer 2
cloud_magnum_orchestration 2
designate 2
diablo 2
keystone_essex 2
magnum 2
manila 2
Quick Filters