OpenStack PackStack 2012.2.1, when the Open vSwitch (OVS) monolithic plug-in is not used, does not properly set the libvirt_vif_driver configuration option when generating the nova.conf configuration, which causes the firewall to be disabled and allows remote attackers to bypass intended access restrictions.
Max CVSS
5.0
EPSS Score
0.17%
Published
2014-12-02
Updated
2014-12-05
PackStack 2012.2.3 in Red Hat OpenStack Essex and Folsom can create the answer file in insecure directories such as /tmp or the current working directory, which allows local users to modify deployed systems by changing this file.
Max CVSS
4.4
EPSS Score
0.04%
Published
2013-04-10
Updated
2017-08-29
2 vulnerabilities found