Openstack Luki w zabezpieczeniach

Oś czasu

Rodzaj

Cloud Software	187

Produkt

OpenStack Compute	26
OpenStack Keystone	23
OpenStack Horizon	13
OpenStack Neutron	13
OpenStack Swift	9

Przeciwdziałanie

Official Fix	132
Temporary Fix	0
Workaround	0
Unavailable	0
Not Defined	55

Wykorzystywanie

High	0
Functional	0
Proof-of-Concept	1
Unproven	3
Not Defined	183

Wektor dostępu

Not Defined	0
Physical	0
Local	21
Adjacent	15
Network	151

Uwierzytelnianie

Not Defined	0
High	0
Low	104
None	83

Interakcja z użytkownikiem

Not Defined	0
Required	17
None	170

C3BM Index

CVSSv3 Base

≤1	0
≤2	0
≤3	1
≤4	24
≤5	54
≤6	47
≤7	34
≤8	19
≤9	7
≤10	1

CVSSv3 Temp

≤1	0
≤2	0
≤3	3
≤4	23
≤5	53
≤6	62
≤7	24
≤8	18
≤9	3
≤10	1

VulDB

≤1	0
≤2	0
≤3	2
≤4	28
≤5	51
≤6	48
≤7	32
≤8	22
≤9	3
≤10	1

NVD

≤1	0
≤2	0
≤3	0
≤4	2
≤5	5
≤6	9
≤7	6
≤8	8
≤9	3
≤10	8

CNA

≤1	0
≤2	0
≤3	0
≤4	0
≤5	1
≤6	2
≤7	0
≤8	0
≤9	1
≤10	0

Sprzedawca

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Research

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Exploit 0-day

<1k	53
<2k	61
<5k	73
<10k	0
<25k	0
<50k	0
<100k	0
≥100k	0

Wykorzystaj dzisiaj

<1k	183
<2k	2
<5k	2
<10k	0
<25k	0
<50k	0
<100k	0
≥100k	0

Wykorzystaj wielkość rynku

🔴 CTI Zajęcia

Affected Products (57): Barbican (2), Ceilometer (1), Cinder (3), Compute (26), Compute (Nova) (1), Dashboard (3), Delivery Service (1), Designate (1), Diablo (1), Essex (1), Folsom (8), Glance (5), Grizzly (8), Havana (5), Heat (4), Horizon (13), Identity (2), Image Registry (1), Image Registry And Delivery Service (7), Image Registry And Delivery Service (glance) (1), Image Service (3), Ironic (2), Ironic Inspector (1), Keystone (23), Keystone Folsom (1), Manila (2), Murano (2), Neutron (13), Newton (1), Nova (6), Nova-LXD (1), Object Storage (3), Ocata (1), OpenStack Keystone (1), Orchestration (1), Puppet Module for Gerrit (1), PyCADF (1), Storlets yoga-eom (1), Sushy-Tools (1), Swauth (1), Swift (9), Swift-on-File (1), Trove (2), Undercloud (1), VirtualBMC (1), Workflow (1), blazar-dashboard (1), devstack (1), horizon (2), icehouse (1), keystonemiddleware (2), magnum yoga-eom (1), neutron (1), os-vif (1), python-keystoneclient (3), rabbitmq (1), swift (1)

Link to Vendor Website: https://www.openstack.org/

Opublikowano	Base	Temp	Słaby punkt	Prod	Wyk	Prz	EPSS	CTI	CVE
2024-04-22	6.3	6.3	OpenStack Storlets yoga-eom gateway.py memory corruption	Cloud Software	Not Defined	Not Defined	0.00043	0.05	CVE-2024-28717
2024-04-12	6.3	6.3	OpenStack magnum yoga-eom cert_manager.py memory corruption	Cloud Software	Not Defined	Not Defined	0.00045	0.04	CVE-2024-28718
2024-03-18	2.6	2.5	OpenStack Murano YAQL information disclosure	Cloud Software	Not Defined	Official Fix	0.00045	0.04	CVE-2024-29156
2023-09-21	7.1	7.1	OpenStack Undercloud information disclosure	Cloud Software	Not Defined	Not Defined	0.00236	0.00	CVE-2022-3596
2023-08-23	4.5	4.5	OpenStack Horizon Web Dashboard Redirect	Cloud Software	Not Defined	Official Fix	0.00052	0.06	CVE-2022-45582
2023-04-22	3.5	3.5	OpenStack Barbican Configuration File information disclosure	Cloud Software	Not Defined	Not Defined	0.00042	0.02	CVE-2023-1633
2023-04-22	5.5	5.5	OpenStack Barbican Container Isolation privilege escalation	Cloud Software	Not Defined	Not Defined	0.00045	0.06	CVE-2023-1636
2023-01-18	5.4	5.3	OpenStack Swift XML File information disclosure	Cloud Software	Not Defined	Official Fix	0.00080	0.02	CVE-2022-47950
2022-10-31	5.0	5.0	OpenStack Sushy-Tools/VirtualBMC Boot Configuration privilege escalation	Cloud Software	Not Defined	Not Defined	0.00048	0.00	CVE-2022-44020
2022-08-26	7.3	7.3	OpenStack Keystone Application Secret memory corruption	Cloud Software	Not Defined	Not Defined	0.00445	0.00	CVE-2021-3563
2022-08-03	3.4	3.4	OpenStack Nova Neutron Port denial of service	Cloud Software	Not Defined	Official Fix	0.00047	0.00	CVE-2022-37394
2022-03-03	4.9	4.7	OpenStack Nova noVNC Redirect	Cloud Software	Not Defined	Official Fix	0.92596	0.04	CVE-2021-3654
2021-09-09	4.3	4.1	OpenStack Neutron API Worker denial of service	Cloud Software	Not Defined	Official Fix	0.00118	0.00	CVE-2021-40797
2021-09-01	5.5	5.3	OpenStack Neutron dnsmasq Privilege Escalation	Cloud Software	Not Defined	Official Fix	0.00112	0.00	CVE-2021-40085
2021-08-23	6.3	6.0	OpenStack Neutron Linuxbridge Driver privilege escalation	Cloud Software	Not Defined	Official Fix	0.00084	0.00	CVE-2021-38598
2021-08-07	3.1	3.0	OpenStack Keystone Account Lockout information disclosure	Cloud Software	Not Defined	Official Fix	0.00171	0.03	CVE-2021-38155
2021-06-02	3.5	3.5	OpenStack Swift Proxy-Server Log information disclosure	Cloud Software	Not Defined	Not Defined	0.00054	0.00	CVE-2017-8761
2020-10-16	7.7	7.4	OpenStack blazar-dashboard privilege escalation	Cloud Software	Not Defined	Official Fix	0.00233	0.03	CVE-2020-26943
2020-05-07	7.5	7.2	OpenStack OpenStack Keystone EC2 Credential Masquerade weak encryption	Cloud Software	Not Defined	Official Fix	0.00765	0.00	CVE-2020-12691
2020-03-12	8.2	7.8	OpenStack Manila privilege escalation	Cloud Software	Not Defined	Official Fix	0.00167	0.04	CVE-2020-9543
2019-11-22	6.4	6.4	OpenStack Designate DNS Protocol denial of service	Cloud Software	Not Defined	Not Defined	0.00527	0.02	CVE-2015-5694
2019-08-28	8.2	7.8	OpenStack os-vif linuxbridge impl_pyroute2.py PyRoute2.add denial of service	Cloud Software	Not Defined	Official Fix	0.00267	0.00	CVE-2019-15753
2018-09-10	7.3	7.3	OpenStack rabbitmq privilege escalation	Cloud Software	Not Defined	Not Defined	0.00317	0.03	CVE-2018-14620
2018-07-27	4.9	4.9	OpenStack Workflow Service Log Directory information disclosure	Cloud Software	Not Defined	Not Defined	0.00044	0.00	CVE-2017-2622
2018-07-27	4.9	4.9	OpenStack Orchestration Access information disclosure	Cloud Software	Not Defined	Official Fix	0.00057	0.03	CVE-2017-2621

162 więcej wpisów nie jest pokazywanych

🔒 Login Required

You need to signup and login to see more of the remaining 162 results.

◂ PoprzedniPrzeglądKolejny ▸

Do you need the next level of professionalism?

Upgrade your account now!