Red Hat OpenStack 16.2

CPE Details

Red Hat OpenStack 16.2
redhat
openstack
16.2
2022-02-25
14h11 +00:00
2022-02-25
17h32 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:redhat:openstack:16.2:-:*:*:*:*:*:*

Informations

Vendor

redhat

Product

openstack

Version

16.2

Update

-

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-3101 2023-03-23 00h00 +00:00 A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file, leading to information disclosure of important configuration details from the OpenStack deployment.
5.5
Medium
CVE-2022-3146 2023-03-23 00h00 +00:00 A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information disclosure of important configuration details from the OpenStack deployment.
5.5
Medium
CVE-2022-4134 2023-03-06 00h00 +00:00 A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images.
2.8
Low
CVE-2022-3100 2023-01-17 23h00 +00:00 A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API.
5.9
Medium
CVE-2022-2447 2022-09-01 18h30 +00:00 A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected.
6.6
Medium
CVE-2022-1655 2022-07-22 12h54 +00:00 An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat OpenStack. Horizon session cookies are created without the HttpOnly flag despite HorizonSecureCookies being set to true in the environmental files, possibly leading to a loss of confidentiality and integrity.
6.5
Medium
CVE-2021-4180 2022-03-23 18h46 +00:00 An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would give sensitive information which may aid in additional system exploitation. This flaw affects openstack-tripleo-heat-templates versions prior to 11.6.1.
4.3
Medium
CVE-2016-2124 2022-02-17 23h00 +00:00 A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.
5.9
Medium
CVE-2020-25717 2022-02-17 23h00 +00:00 A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.
8.1
High