Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for SUSE OpenStack Cloud 9 by SUSE

    CVE-2018-17954 (GCVE-0-2018-17954)

    Vulnerability from nvd – Published: 2020-04-03 07:05 – Updated: 2024-09-16 20:02
    VLAI
    Title
    crowbar provision leaks admin password to all nodes in cleartext
    Summary
    An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUSE OpenStack Cloud 7 crowbar-core versions prior to 4.0+git.1578392992.fabfd186c-9.63.1, crowbar-. SUSE OpenStack Cloud 8 ardana-cinder versions prior to 8.0+git.1579279939.ee7da88-3.39.3, ardana-. SUSE OpenStack Cloud 9 ardana-ansible versions prior to 9.0+git.1581611758.f694f7d-3.16.1, ardana-. SUSE OpenStack Cloud Crowbar 8 crowbar-core versions prior to 5.0+git.1582968668.1a55c77c5-3.35.4, crowbar-. SUSE OpenStack Cloud Crowbar 9 crowbar-core versions prior to 6.0+git.1582892022.cbd70e833-3.19.3, crowbar-.
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    References
    Impacted products
    Vendor Product Version
    SUSE SUSE OpenStack Cloud 7 Affected: crowbar-core , < 4.0+git.1578392992.fabfd186c-9.63.1, crowbar- (custom)
    Create a notification for this product.
    SUSE SUSE OpenStack Cloud 8 Affected: ardana-cinder , < 8.0+git.1579279939.ee7da88-3.39.3, ardana- (custom)
    Create a notification for this product.
    SUSE SUSE OpenStack Cloud 9 Affected: ardana-ansible , < 9.0+git.1581611758.f694f7d-3.16.1, ardana- (custom)
    Create a notification for this product.
    SUSE SUSE OpenStack Cloud Crowbar 8 Affected: crowbar-core , < 5.0+git.1582968668.1a55c77c5-3.35.4, crowbar- (custom)
    Create a notification for this product.
    SUSE SUSE OpenStack Cloud Crowbar 9 Affected: crowbar-core , < 6.0+git.1582892022.cbd70e833-3.19.3, crowbar- (custom)
    Create a notification for this product.
    Date Public
    2020-04-03 00:00
    Credits
    Dirk Mueller of SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:01:14.743Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1117080"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SUSE OpenStack Cloud 7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.0+git.1578392992.fabfd186c-9.63.1, crowbar-",
                  "status": "affected",
                  "version": "crowbar-core",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE OpenStack Cloud 8",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "8.0+git.1579279939.ee7da88-3.39.3, ardana-",
                  "status": "affected",
                  "version": "ardana-cinder",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE OpenStack Cloud 9",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0+git.1581611758.f694f7d-3.16.1, ardana-",
                  "status": "affected",
                  "version": "ardana-ansible",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE OpenStack Cloud Crowbar 8",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "5.0+git.1582968668.1a55c77c5-3.35.4, crowbar-",
                  "status": "affected",
                  "version": "crowbar-core",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE OpenStack Cloud Crowbar 9",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "6.0+git.1582892022.cbd70e833-3.19.3, crowbar-",
                  "status": "affected",
                  "version": "crowbar-core",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Dirk Mueller of SUSE"
            }
          ],
          "datePublic": "2020-04-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUSE OpenStack Cloud 7 crowbar-core versions prior to 4.0+git.1578392992.fabfd186c-9.63.1, crowbar-. SUSE OpenStack Cloud 8 ardana-cinder versions prior to 8.0+git.1579279939.ee7da88-3.39.3, ardana-. SUSE OpenStack Cloud 9 ardana-ansible versions prior to 9.0+git.1581611758.f694f7d-3.16.1, ardana-. SUSE OpenStack Cloud Crowbar 8 crowbar-core versions prior to 5.0+git.1582968668.1a55c77c5-3.35.4, crowbar-. SUSE OpenStack Cloud Crowbar 9 crowbar-core versions prior to 6.0+git.1582892022.cbd70e833-3.19.3, crowbar-."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269: Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-13T00:00:00.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1117080"
            }
          ],
          "source": {
            "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1117080",
            "defect": [
              "1117080"
            ],
            "discovery": "INTERNAL"
          },
          "title": "crowbar provision leaks admin password to all nodes in cleartext",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2018-17954",
        "datePublished": "2020-04-03T07:05:13.265Z",
        "dateReserved": "2018-10-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:02:21.821Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-17954 (GCVE-0-2018-17954)

    Vulnerability from cvelistv5 – Published: 2020-04-03 07:05 – Updated: 2024-09-16 20:02
    VLAI
    Title
    crowbar provision leaks admin password to all nodes in cleartext
    Summary
    An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUSE OpenStack Cloud 7 crowbar-core versions prior to 4.0+git.1578392992.fabfd186c-9.63.1, crowbar-. SUSE OpenStack Cloud 8 ardana-cinder versions prior to 8.0+git.1579279939.ee7da88-3.39.3, ardana-. SUSE OpenStack Cloud 9 ardana-ansible versions prior to 9.0+git.1581611758.f694f7d-3.16.1, ardana-. SUSE OpenStack Cloud Crowbar 8 crowbar-core versions prior to 5.0+git.1582968668.1a55c77c5-3.35.4, crowbar-. SUSE OpenStack Cloud Crowbar 9 crowbar-core versions prior to 6.0+git.1582892022.cbd70e833-3.19.3, crowbar-.
    CWE
    • CWE-269 - Improper Privilege Management
    Assigner
    References
    Impacted products
    Vendor Product Version
    SUSE SUSE OpenStack Cloud 7 Affected: crowbar-core , < 4.0+git.1578392992.fabfd186c-9.63.1, crowbar- (custom)
    Create a notification for this product.
    SUSE SUSE OpenStack Cloud 8 Affected: ardana-cinder , < 8.0+git.1579279939.ee7da88-3.39.3, ardana- (custom)
    Create a notification for this product.
    SUSE SUSE OpenStack Cloud 9 Affected: ardana-ansible , < 9.0+git.1581611758.f694f7d-3.16.1, ardana- (custom)
    Create a notification for this product.
    SUSE SUSE OpenStack Cloud Crowbar 8 Affected: crowbar-core , < 5.0+git.1582968668.1a55c77c5-3.35.4, crowbar- (custom)
    Create a notification for this product.
    SUSE SUSE OpenStack Cloud Crowbar 9 Affected: crowbar-core , < 6.0+git.1582892022.cbd70e833-3.19.3, crowbar- (custom)
    Create a notification for this product.
    Date Public
    2020-04-03 00:00
    Credits
    Dirk Mueller of SUSE
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:01:14.743Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.suse.com/show_bug.cgi?id=1117080"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SUSE OpenStack Cloud 7",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "4.0+git.1578392992.fabfd186c-9.63.1, crowbar-",
                  "status": "affected",
                  "version": "crowbar-core",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE OpenStack Cloud 8",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "8.0+git.1579279939.ee7da88-3.39.3, ardana-",
                  "status": "affected",
                  "version": "ardana-cinder",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE OpenStack Cloud 9",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "9.0+git.1581611758.f694f7d-3.16.1, ardana-",
                  "status": "affected",
                  "version": "ardana-ansible",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE OpenStack Cloud Crowbar 8",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "5.0+git.1582968668.1a55c77c5-3.35.4, crowbar-",
                  "status": "affected",
                  "version": "crowbar-core",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "SUSE OpenStack Cloud Crowbar 9",
              "vendor": "SUSE",
              "versions": [
                {
                  "lessThan": "6.0+git.1582892022.cbd70e833-3.19.3, crowbar-",
                  "status": "affected",
                  "version": "crowbar-core",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Dirk Mueller of SUSE"
            }
          ],
          "datePublic": "2020-04-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node. This issue affects: SUSE OpenStack Cloud 7 crowbar-core versions prior to 4.0+git.1578392992.fabfd186c-9.63.1, crowbar-. SUSE OpenStack Cloud 8 ardana-cinder versions prior to 8.0+git.1579279939.ee7da88-3.39.3, ardana-. SUSE OpenStack Cloud 9 ardana-ansible versions prior to 9.0+git.1581611758.f694f7d-3.16.1, ardana-. SUSE OpenStack Cloud Crowbar 8 crowbar-core versions prior to 5.0+git.1582968668.1a55c77c5-3.35.4, crowbar-. SUSE OpenStack Cloud Crowbar 9 crowbar-core versions prior to 6.0+git.1582892022.cbd70e833-3.19.3, crowbar-."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "CWE-269: Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-13T00:00:00.000Z",
            "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
            "shortName": "microfocus"
          },
          "references": [
            {
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1117080"
            }
          ],
          "source": {
            "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1117080",
            "defect": [
              "1117080"
            ],
            "discovery": "INTERNAL"
          },
          "title": "crowbar provision leaks admin password to all nodes in cleartext",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "assignerShortName": "microfocus",
        "cveId": "CVE-2018-17954",
        "datePublished": "2020-04-03T07:05:13.265Z",
        "dateReserved": "2018-10-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:02:21.821Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }