Known Vulnerabilities for products from Openstack
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Openstack".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-34881 | Not Provided | 2026-03-31 | 2026-03-31 | |
| CVE-2022-23452 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 4.9 - MEDIUM | 2022-09-01 | 2023-02-12 |
| CVE-2022-23451 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.1 - HIGH | 2022-09-06 | 2023-02-12 |
| CVE-2021-40797 | An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1... | 6.5 - MEDIUM | 2021-09-08 | 2021-09-15 |
| CVE-2021-40085 | An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attacke... | 6.5 - MEDIUM | 2021-08-31 | 2022-06-13 |
| CVE-2021-38598 | OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge dr... | 9.1 - CRITICAL | 2021-08-23 | 2023-08-08 |
| CVE-2021-38155 | OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows inf... | 7.5 - HIGH | 2021-08-06 | 2024-01-21 |
| CVE-2021-20267 | A flaw was found in openstack-neutron's default Open vSwitch firewall rules. By sending carefully crafted packets, anyone in ... | 7.1 - HIGH | 2021-05-28 | 2022-10-07 |
| CVE-2021-3654 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.1 - MEDIUM | 2022-03-02 | 2023-05-03 |
| CVE-2021-3585 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.5 - MEDIUM | 2022-08-26 | 2022-09-01 |
| CVE-2021-3563 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.4 - HIGH | 2022-08-26 | 2024-01-21 |
| CVE-2020-29565 | An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5... | 6.1 - MEDIUM | 2020-12-04 | 2021-03-09 |
| CVE-2020-26943 | An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar das... | 9.9 - CRITICAL | 2020-10-16 | 2020-10-27 |
| CVE-2020-17376 | An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21... | 8.3 - HIGH | 2020-08-26 | 2020-09-14 |
| CVE-2020-12692 | An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for A... | 5.4 - MEDIUM | 2020-05-07 | 2022-04-27 |
| CVE-2020-12691 | An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential ... | 8.8 - HIGH | 2020-05-07 | 2023-11-07 |
| CVE-2020-12690 | An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access toke... | 8.8 - HIGH | 2020-05-07 | 2023-11-07 |
| CVE-2020-12689 | An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust... | 8.8 - HIGH | 2020-05-07 | 2023-11-07 |
| CVE-2020-9543 | OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows attackers to view, update, delete, or share resources that... | 8.3 - HIGH | 2020-03-12 | 2020-07-14 |
| CVE-2019-19687 | OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a proje... | 8.8 - HIGH | 2019-12-09 | 2019-12-20 |
Known software with vulnerabilities from Openstack
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Openstack | Blazar-dashboard | 0.3.0 |
| Application | Openstack | Ceilometer | 0.1 |
| Application | Openstack | Cinder | 7.0.0 |
| Application | Openstack | Compute | - |
| Application | Openstack | Devstack | - |
| Application | Openstack | Diablo | 2011.3 |
| Application | Openstack | Essex | 2012.1 |
| Application | Openstack | Folsom | - |
| Application | Openstack | Glance | 0.1.7 |
| Application | Openstack | Grizzly | 2013.1 |
| Application | Openstack | Havana | 2013.2.1 |
| Application | Openstack | Heat | 5.0.0 |
| Application | Openstack | Horizon | 10.0.1 |
| Application | Openstack | Icehouse | - |
| Application | Openstack | Image Registry And Delivery Service Glance | - |
| Application | Openstack | Ironic | 4.2.0 |
| Application | Openstack | Ironic-inspector | - |
| Application | Openstack | Juno | 2014.2 |
| Application | Openstack | Keystone | - |
| Application | Openstack | Keystone Essex | - |