Openstack platform

This hub aggregates every CVE we track for Openstack platform, a product in the cloud saas space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Openstack platform.

• CVE-2023-1932Hibernate-validator: rendering of invalid html with safehtml leads to html injection and xss6.1Nov 7, 2024
• CVE-2024-8007Openstack-tripleo-common: rhosp director disables tls verification for registry mirrors8.1Aug 21, 2024
• CVE-2024-7319Openstack-heat: incomplete fix for cve-2023-16255.0Aug 2, 2024
• CVE-2023-6725Tripleo-ansible: bind keys are world readable5.5Mar 15, 2024
• CVE-2023-48795The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (fr...5.9Dec 18, 2023
• CVE-2023-5625Python-eventlet: patch regression for cve-2021-21419 in some red hat builds5.3Nov 1, 2023
• CVE-2023-44487The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.KEV7.5Oct 10, 2023
• CVE-2023-1633Insecure barbican configuration file leaking credential6.6Sep 24, 2023
• CVE-2023-1636Incomplete container isolation6.0Sep 24, 2023
• CVE-2023-1625Information leak in api7.4Sep 24, 2023
• CVE-2022-3596Instack-undercloud: rsync leaks information to undercloud7.5Sep 20, 2023
• CVE-2022-3261Plain-text passwords saved in /var/log/messages4.4Sep 15, 2023
• CVE-2023-1108Undertow: infinite loop in sslconduit during close7.5Sep 14, 2023
• CVE-2023-3637Openstack-neutron: unrestricted creation of security groups (fix for cve-2022-3277)4.3Jul 25, 2023
• CVE-2023-3354Improper i/o watch removal in tls handshake can lead to remote unauthenticated denial of service7.5Jul 11, 2023