SUSE update for openstack-heat, openstack-swift, python-Werkzeug



Published: 2023-06-05
Risk Medium
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2022-47950
CVE-2023-1625
CVE-2023-25577
CWE-ID CWE-611
CWE-200
CWE-400
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		SUSE Linux Enterprise Server 12
Operating systems & Components / Operating system

SUSE OpenStack Cloud Crowbar
Operating systems & Components / Operating system

SUSE OpenStack Cloud
Operating systems & Components / Operating system

openstack-heat-engine
Operating systems & Components / Operating system package or component

venv-openstack-heat-x86_64
Operating systems & Components / Operating system package or component

openstack-swift
Operating systems & Components / Operating system package or component

openstack-swift-proxy
Operating systems & Components / Operating system package or component

openstack-heat-plugin-heat_docker
Operating systems & Components / Operating system package or component

venv-openstack-keystone-x86_64
Operating systems & Components / Operating system package or component

venv-openstack-sahara-x86_64
Operating systems & Components / Operating system package or component

openstack-swift-account
Operating systems & Components / Operating system package or component

openstack-heat-api
Operating systems & Components / Operating system package or component

venv-openstack-swift-x86_64
Operating systems & Components / Operating system package or component

venv-openstack-magnum-x86_64
Operating systems & Components / Operating system package or component

venv-openstack-octavia-x86_64
Operating systems & Components / Operating system package or component

venv-openstack-designate-x86_64
Operating systems & Components / Operating system package or component

openstack-heat
Operating systems & Components / Operating system package or component

python-swift
Operating systems & Components / Operating system package or component

python-heat
Operating systems & Components / Operating system package or component

python-Werkzeug
Operating systems & Components / Operating system package or component

openstack-swift-container
Operating systems & Components / Operating system package or component

openstack-heat-api-cfn
Operating systems & Components / Operating system package or component

openstack-swift-object
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) XML External Entity injection

EUVDB-ID: #VU71237

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-47950

CWE-ID: CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Exploit availability: No

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied XML input within the S3 XML parser. A remote user can pass a specially crafted XML file to the affected application and view contents of arbitrary files on the system or initiate requests to external systems.

Successful exploitation of the vulnerability may allow an attacker to view contents of arbitrary file on the server or perform network scanning of internal and external infrastructure.

Mitigation

Update the affected package openstack-heat, openstack-swift, python-Werkzeug to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12: SP4

SUSE OpenStack Cloud Crowbar: 9

SUSE OpenStack Cloud: 9

openstack-heat-engine: before 11.0.4~dev4-3.24.4

venv-openstack-heat-x86_64: before 11.0.4~dev4-3.43.2

openstack-swift: before 2.19.3~dev3-3.6.3

openstack-swift-proxy: before 2.19.3~dev3-3.6.3

openstack-heat-plugin-heat_docker: before 11.0.4~dev4-3.24.4

venv-openstack-keystone-x86_64: before 14.2.1~dev9-3.42.2

venv-openstack-sahara-x86_64: before 9.0.2~dev15-3.41.2

openstack-swift-account: before 2.19.3~dev3-3.6.3

openstack-heat-api: before 11.0.4~dev4-3.24.4

venv-openstack-swift-x86_64: before 2.19.3~dev3-2.36.3

venv-openstack-magnum-x86_64: before 7.2.1~dev1-4.41.3

venv-openstack-octavia-x86_64: before 3.2.3~dev7-4.41.2

venv-openstack-designate-x86_64: before 7.0.2~dev2-3.41.2

openstack-heat: before 11.0.4~dev4-3.24.4

python-swift: before 2.19.3~dev3-3.6.3

python-heat: before 11.0.4~dev4-3.24.4

python-Werkzeug: before 0.14.1-3.6.2

openstack-swift-container: before 2.19.3~dev3-3.6.3

openstack-heat-api-cfn: before 11.0.4~dev4-3.24.4

openstack-swift-object: before 2.19.3~dev3-3.6.3

External links

http://www.suse.com/support/update/announcement/2023/suse-su-20232378-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Information disclosure

EUVDB-ID: #VU76912

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1625

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the "stack show" command. A remote user can reveal parameters which are supposed to remain hidden.

Mitigation

Update the affected package openstack-heat, openstack-swift, python-Werkzeug to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12: SP4

SUSE OpenStack Cloud Crowbar: 9

SUSE OpenStack Cloud: 9

openstack-heat-engine: before 11.0.4~dev4-3.24.4

venv-openstack-heat-x86_64: before 11.0.4~dev4-3.43.2

openstack-swift: before 2.19.3~dev3-3.6.3

openstack-swift-proxy: before 2.19.3~dev3-3.6.3

openstack-heat-plugin-heat_docker: before 11.0.4~dev4-3.24.4

venv-openstack-keystone-x86_64: before 14.2.1~dev9-3.42.2

venv-openstack-sahara-x86_64: before 9.0.2~dev15-3.41.2

openstack-swift-account: before 2.19.3~dev3-3.6.3

openstack-heat-api: before 11.0.4~dev4-3.24.4

venv-openstack-swift-x86_64: before 2.19.3~dev3-2.36.3

venv-openstack-magnum-x86_64: before 7.2.1~dev1-4.41.3

venv-openstack-octavia-x86_64: before 3.2.3~dev7-4.41.2

venv-openstack-designate-x86_64: before 7.0.2~dev2-3.41.2

openstack-heat: before 11.0.4~dev4-3.24.4

python-swift: before 2.19.3~dev3-3.6.3

python-heat: before 11.0.4~dev4-3.24.4

python-Werkzeug: before 0.14.1-3.6.2

openstack-swift-container: before 2.19.3~dev3-3.6.3

openstack-heat-api-cfn: before 11.0.4~dev4-3.24.4

openstack-swift-object: before 2.19.3~dev3-3.6.3

External links

http://www.suse.com/support/update/announcement/2023/suse-su-20232378-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Resource exhaustion

EUVDB-ID: #VU72339

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-25577

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when parsing multipart form data with many fields. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Update the affected package openstack-heat, openstack-swift, python-Werkzeug to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Server 12: SP4

SUSE OpenStack Cloud Crowbar: 9

SUSE OpenStack Cloud: 9

openstack-heat-engine: before 11.0.4~dev4-3.24.4

venv-openstack-heat-x86_64: before 11.0.4~dev4-3.43.2

openstack-swift: before 2.19.3~dev3-3.6.3

openstack-swift-proxy: before 2.19.3~dev3-3.6.3

openstack-heat-plugin-heat_docker: before 11.0.4~dev4-3.24.4

venv-openstack-keystone-x86_64: before 14.2.1~dev9-3.42.2

venv-openstack-sahara-x86_64: before 9.0.2~dev15-3.41.2

openstack-swift-account: before 2.19.3~dev3-3.6.3

openstack-heat-api: before 11.0.4~dev4-3.24.4

venv-openstack-swift-x86_64: before 2.19.3~dev3-2.36.3

venv-openstack-magnum-x86_64: before 7.2.1~dev1-4.41.3

venv-openstack-octavia-x86_64: before 3.2.3~dev7-4.41.2

venv-openstack-designate-x86_64: before 7.0.2~dev2-3.41.2

openstack-heat: before 11.0.4~dev4-3.24.4

python-swift: before 2.19.3~dev3-3.6.3

python-heat: before 11.0.4~dev4-3.24.4

python-Werkzeug: before 0.14.1-3.6.2

openstack-swift-container: before 2.19.3~dev3-3.6.3

openstack-heat-api-cfn: before 11.0.4~dev4-3.24.4

openstack-swift-object: before 2.19.3~dev3-3.6.3

External links

http://www.suse.com/support/update/announcement/2023/suse-su-20232378-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###