CVEs related to bugs in OpenStack Security Notes

Open bugs

Bug CVE(s)
Bug #1823200: Improper handling of ScaleIO backend credentials CVE-2020-10755
OpenStack Security Notes In progress, assigned to Brian Rosmaita
Bug #1990157: OSSN-0090: Malicious image data modification can happen when using COW CVE-2016-0757
CVE-2022-4134
OpenStack Security Notes In progress, assigned to Brian Rosmaita

Resolved bugs

Bug CVE(s)
Bug #1155566: Note: Keystone Request / Header Size Limits Required to Avoid DoS CVE-2013-2014
OpenStack Security Notes Fix released, assigned to Robert Clark
Bug #1168252: keystone.conf should not be world-readable (to keep LDAP password and admin_token secret) CVE-2013-1977
OpenStack Security Notes Fix released, assigned to Robert Clark
Bug #1179955: Disabling a tenant would not disable a user token CVE-2013-4222
OpenStack Security Notes Fix released, assigned to Robert Clark
Bug #1188189: Some server-side 'SSL' communication fails to check certificates (use of HTTPSConnection) CVE-2013-2255
OpenStack Security Notes Fix released, assigned to Robert Clark
Bug #1226078: Glance allows user to create images and add other tenants as members (CVE-2013-4354) CVE-2013-4354
OpenStack Security Notes Fix released, assigned to Nathan Kinder
Bug #1237989: user can update his password without knowing the old password CVE-2013-4471
OpenStack Security Notes Fix released, assigned to Nathan Kinder
Bug #1341954: suds client subject to cache poisoning by local attacker CVE-2013-2217
OpenStack Security Notes Fix released, assigned to Tim Kelsey
Bug #1436082: VMWare and HTTP stores do not verify HTTPS Connections as they use httplib.HTTPSConnection CVE-2013-2255
OpenStack Security Notes Fix released, assigned to Grant Murphy
Bug #1490804: [OSSA 2016-005] PKI Token Revocation Bypass (CVE-2015-7546) CVE-2015-7546
OpenStack Security Notes Fix released, assigned to Nathan Kinder
Bug #1545092: Images v2 api image-create vulnerability CVE-2016-8611
OpenStack Security Notes Fix released, assigned to Luke Hinds
Bug #1699573: ScaleIO volumes contain previous data CVE-2017-15139
OpenStack Security Notes Fix released (unassigned)
Bug #1721063: vulnerability in dnsmasq CVE-2017-13704
CVE-2017-14491
CVE-2017-14492
CVE-2017-14493
CVE-2017-14494
CVE-2017-14495
CVE-2017-14496
OpenStack Security Notes Fix released, assigned to Luke Hinds
Bug #2004555: [OSSA-2023-003] Unauthorized volume access through deleted volume attachments (CVE-2023-2088) CVE-2023-2088
OpenStack Security Notes Fix released, assigned to Jeremy Stanley