Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в OpenStack
Опубликовано:7 мая 2014 г.
Источник:
SecurityVulns ID:13750
Тип:удаленная
Уровень опасности:
5/10
Описание:Выполнение кода в Glance, несанционированный доступ в Neutron и Swift, межсайтовый скриптинг в Horizon, утечка информации в Quantum / Cinder / Oslo.
Затронутые продукты:OPENSTACK : Cinder 2012.2
 OPENSTACK : Horizon 2013.2
 OPENSTACK : Glance 2013.2
 OPENSTACK : Neutron 2013.2
 OPENSTACK : Swift 1.10
 OPENSTACK : Oslo 2013.2
 OPENSTACK : Quantum 2012.2
CVE:CVE-2014-0162 (The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location.)
 CVE-2014-0157 (Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to inject arbitrary web script or HTML via the description field of a Heat template.)
 CVE-2014-0056 (The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command.)
 CVE-2014-0006 (The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack.)
 CVE-2013-6491 (The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network.)
Оригинальный текстdocumentUBUNTU, [USN-2208-2] OpenStack Quantum vulnerability (07.05.2014)
 documentUBUNTU, [USN-2208-1] OpenStack Cinder vulnerability (07.05.2014)
 documentUBUNTU, [USN-2193-1] OpenStack Glance vulnerability (07.05.2014)
 documentUBUNTU, [USN-2194-1] OpenStack Neutron vulnerability (07.05.2014)
 documentUBUNTU, [USN-2206-1] OpenStack Horizon vulnerability (07.05.2014)
 documentUBUNTU, [USN-2207-1] OpenStack Swift vulnerability (07.05.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород