OpenStack Security Advisory: 2013-036
CVE: CVE-2013-6858
Date: December 11, 2013
Title: Insufficient sanitization of Instance Name in Horizon
Reporter: Cisco PSIRT
Products: Horizon
Affects: All supported releases
Description:
Cisco PSIRT reported a vulnerability in the OpenStack Horizon
dashboard
OpenStack Security Advisory: 2013-035
CVE: CVE-2013-6428
Date: December 11, 2013
Title: Heat ReST API doesn't respect tenant scoping
Reporter: Steven Hardy (Red Hat)
Products: Heat
Affects: All supported releases
Description:
Steven Hardy from Red Hat reported a vulnerability in the Heat ReST
API.
OpenStack Security Advisory: 2013-034
CVE: CVE-2013-6426
Date: December 11, 2013
Title: Heat CFN policy rules not all enforced
Reporter: Steven Hardy (Red Hat)
Products: Heat
Affects: All supported releases
Description:
Steven Hardy from Red Hat reported a vulnerability in Heat's default
API polic
OpenStack Security Advisory: 2013-034
CVE: CVE-2013-6426
Date: December 11, 2013
Title: Heat CFN policy rules not all enforced
Reporter: Steven Hardy (Red Hat)
Products: Heat
Affects: All supported releases
Description:
Steven Hardy from Red Hat reported a vulnerability in Heat's default
API polic
OpenStack Security Advisory: 2013-033
CVE: CVE-2013-6419
Date: December 11, 2013
Title: Metadata queries from Neutron to Nova are not restricted by tenant
Reporter: Aaron Rosen (VMware)
Products: Neutron, Nova
Affects: All supported releases
Description:
Aaron Rosen from VMware reported a vulnerab
OpenStack Security Advisory: 2013-032
CVE: CVE-2013-6391
Date: December 11, 2013
Title: Keystone trust circumvention through EC2-style tokens
Reporter: Steven Hardy (Red Hat)
Products: Keystone
Affects: Havana and later
Description:
Steven Hardy from Red Hat reported a vulnerability in Keystone
tr