tripleo

CVEs related to bugs in tripleo

Open bugs

Bug CVE(s)
Bug #1880947: No sVirt protection for VMs due to disabled SELinux in 'nova_libvirt' container. CVE-2020-10731
tripleo In progress, assigned to Piotr Kopec

Resolved bugs

Bug CVE(s)
Bug #1494896: tripleo-heat-templates: unsafe pipeline ordering of swift staticweb middleware CVE-2015-5271
tripleo Fix released, assigned to Emilien Macchi
Bug #1651831: [CVE-2016-9599] undercloud firewall opening all ports with ssl enabled CVE-2016-9599
tripleo Fix released, assigned to Emilien Macchi
Bug #1677315: openstack-tripleo-common: sudoers file is too permissive CVE-2017-2627
tripleo Expired (unassigned)
Bug #1730370: Potential privilege escalation with the default libvirtd TLS config CVE-2017-15114
tripleo Fix released, assigned to Juan Antonio Osorio Robles
Bug #1754607: CVE-2018-1000115 memcached: UDP server support allows spoofed traffic amplification DoS CVE-2018-1000115
tripleo Fix released, assigned to Emilien Macchi
Bug #1777140: ntpd on undercloud is not configured CVE-2013-5211
tripleo Fix released, assigned to Alex Schultz
Bug #1859137: Possible DoS via dbus socket available in containers CVE-2020-1690
tripleo Fix released (unassigned)