Vulnerabilities in OpenStack
37 resultsCVE-2017-12155—A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as worldEPSS 0.3%CVE-2026-44917MEDIUMOpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pEPSS 0.3%CVE-2026-46448MEDIUMIn OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation.EPSS 0.3%CVE-2026-46447MEDIUMOpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_infoEPSS 0.3%CVE-2026-50266LOWIn OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set devicEPSS 0.3%CVE-2026-42999MEDIUMAn issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforce_call unconditionally merges the raEPSS 0.3%CVE-2026-43000MEDIUMAn issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an atEPSS 0.2%CVE-2026-44394MEDIUMAn issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the originaEPSS 0.2%CVE-2026-33551LOWAn issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials caEPSS 0.2%CVE-2026-40212MEDIUMOpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting (XSS) vulnerability in the console because document.wrEPSS 0.2%CVE-2022-38060HIGHA privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sEPSS 0.2%CVE-2026-40214MEDIUMIn OpenStack Cyborg before 16.0.1, the Accelerator Request (ARQ) API does not enforce project ownership at any layer. The project_id column EPSS 0.2%CVE-2026-40213HIGHOpenStack Cyborg before 16.0.1 uses rule:allow (check_str='@') as the default policy for multiple API endpoints. This unconditionally authorEPSS 0.2%CVE-2026-34881MEDIUMOpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affected by Server-Side Request Forgery (SSRF). By use of HTTP redirects, EPSS 0.2%CVE-2025-65073HIGHOpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide KeEPSS 0.2%CVE-2026-55748MEDIUMOpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharaEPSS 0.2%CVE-2025-44021LOWOpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling (if a deployment was performed via theEPSS 0.1%