Search
Total
49 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-27827 | 5 Fedoraproject, Lldpd Project, Openvswitch and 2 more | 27 Fedora, Lldpd, Openvswitch and 24 more | 2023-11-26 | 7.1 HIGH | 7.5 HIGH |
| A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2018-1000807 | 3 Canonical, Pyopenssl, Redhat | 6 Ubuntu Linux, Pyopenssl, Enterprise Linux Desktop and 3 more | 2023-11-17 | 6.8 MEDIUM | 8.1 HIGH |
| Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0. | |||||
| CVE-2018-2755 | 6 Canonical, Debian, Mariadb and 3 more | 15 Ubuntu Linux, Debian Linux, Mariadb and 12 more | 2022-07-19 | 3.7 LOW | 7.7 HIGH |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). | |||||
| CVE-2018-2562 | 6 Canonical, Debian, Mariadb and 3 more | 15 Ubuntu Linux, Debian Linux, Mariadb and 12 more | 2022-07-01 | 7.5 HIGH | 7.1 HIGH |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H). | |||||
| CVE-2019-11287 | 5 Debian, Fedoraproject, Pivotal Software and 2 more | 5 Debian Linux, Fedora, Rabbitmq and 2 more | 2022-05-15 | 5.0 MEDIUM | 7.5 HIGH |
| Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing. | |||||
| CVE-2020-25717 | 5 Canonical, Debian, Fedoraproject and 2 more | 25 Ubuntu Linux, Debian Linux, Fedora and 22 more | 2022-02-25 | 8.5 HIGH | 8.1 HIGH |
| A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. | |||||
| CVE-2020-10684 | 3 Debian, Fedoraproject, Redhat | 5 Debian Linux, Fedora, Ansible and 2 more | 2021-12-20 | 3.6 LOW | 7.1 HIGH |
| A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection. | |||||
| CVE-2019-14818 | 3 Dpdk, Fedoraproject, Redhat | 5 Data Plane Development Kit, Fedora, Enterprise Linux Fast Datapath and 2 more | 2021-11-02 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING_SET_NUM messages, resulting in a memory leak including file descriptors. This flaw could lead to a denial of service condition. | |||||
| CVE-2019-10192 | 5 Canonical, Debian, Oracle and 2 more | 10 Ubuntu Linux, Debian Linux, Communications Operations Monitor and 7 more | 2021-10-28 | 6.5 MEDIUM | 7.2 HIGH |
| A heap-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By carefully corrupting a hyperloglog using the SETRANGE command, an attacker could trick Redis interpretation of dense HLL encoding to write up to 3 bytes beyond the end of a heap-allocated buffer. | |||||
| CVE-2019-10193 | 5 Canonical, Debian, Oracle and 2 more | 9 Ubuntu Linux, Debian Linux, Communications Operations Monitor and 6 more | 2021-10-28 | 6.5 MEDIUM | 7.2 HIGH |
| A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer. | |||||
| CVE-2016-9587 | 2 Ansible, Redhat | 3 Ansible, Ansible, Openstack | 2021-09-13 | 9.3 HIGH | 8.1 HIGH |
| Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges. | |||||
| CVE-2019-14846 | 3 Debian, Opensuse, Redhat | 6 Debian Linux, Backports Sle, Leap and 3 more | 2021-08-07 | 2.1 LOW | 7.8 HIGH |
| In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process. | |||||
| CVE-2016-4474 | 1 Redhat | 1 Openstack | 2021-08-04 | 3.3 LOW | 8.8 HIGH |
| The image build process for the overcloud images in Red Hat OpenStack Platform 8.0 (Liberty) director and Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) director (aka overcloud-full) use a default root password of ROOTPW, which allows attackers to gain access via unspecified vectors. | |||||
| CVE-2016-4985 | 2 Canonical, Redhat | 2 Openstack Ironic, Openstack | 2021-08-04 | 5.0 MEDIUM | 7.5 HIGH |
| The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and 5.x before 5.1.2 (Mitaka) allows remote attackers to obtain sensitive information about a registered node by leveraging knowledge of the MAC address of a network card belonging to that node and sending a crafted POST request to the v1/drivers/$DRIVER_NAME/vendor_passthru resource. | |||||
| CVE-2017-7539 | 2 Qemu, Redhat | 4 Qemu, Enterprise Linux, Openstack and 1 more | 2021-08-04 | 5.0 MEDIUM | 7.5 HIGH |
| An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service. | |||||
| CVE-2017-2673 | 1 Redhat | 1 Openstack | 2021-08-04 | 6.5 MEDIUM | 7.2 HIGH |
| An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles. | |||||
| CVE-2017-7466 | 1 Redhat | 2 Ansible, Openstack | 2021-08-04 | 8.5 HIGH | 8.0 HIGH |
| Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges. | |||||
| CVE-2018-11806 | 4 Canonical, Debian, Qemu and 1 more | 12 Ubuntu Linux, Debian Linux, Qemu and 9 more | 2021-08-04 | 7.2 HIGH | 8.2 HIGH |
| m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. | |||||
| CVE-2016-9599 | 2 Openstack, Redhat | 2 Puppet-tripleo, Openstack | 2021-08-04 | 6.0 MEDIUM | 7.5 HIGH |
| puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gain access to unauthorized resources. | |||||
| CVE-2018-1000115 | 4 Canonical, Debian, Memcached and 1 more | 4 Ubuntu Linux, Debian Linux, Memcached and 1 more | 2021-08-04 | 5.0 MEDIUM | 7.5 HIGH |
| Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default. | |||||
| CVE-2017-10664 | 3 Debian, Qemu, Redhat | 11 Debian Linux, Qemu, Enterprise Linux and 8 more | 2021-08-04 | 5.0 MEDIUM | 7.5 HIGH |
| qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which allows remote attackers to cause a denial of service (daemon crash) by disconnecting during a server-to-client reply attempt. | |||||
| CVE-2016-5126 | 5 Canonical, Debian, Oracle and 2 more | 13 Ubuntu Linux, Debian Linux, Linux and 10 more | 2021-08-04 | 4.6 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service (QEMU process crash) or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call. | |||||
| CVE-2016-3710 | 7 Canonical, Citrix, Debian and 4 more | 15 Ubuntu Linux, Xenserver, Debian Linux and 12 more | 2021-08-04 | 7.2 HIGH | 8.8 HIGH |
| The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue. | |||||
| CVE-2017-7980 | 4 Canonical, Debian, Qemu and 1 more | 12 Ubuntu Linux, Debian Linux, Qemu and 9 more | 2021-08-04 | 4.6 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation. | |||||
| CVE-2017-8309 | 3 Debian, Qemu, Redhat | 3 Debian Linux, Qemu, Openstack | 2021-08-04 | 7.8 HIGH | 7.5 HIGH |
| Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows remote attackers to cause a denial of service (memory consumption) by repeatedly starting and stopping audio capture. | |||||
| CVE-2016-2857 | 4 Canonical, Debian, Qemu and 1 more | 12 Ubuntu Linux, Debian Linux, Qemu and 9 more | 2021-08-04 | 3.6 LOW | 8.4 HIGH |
| The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet. | |||||
| CVE-2017-2627 | 2 Openstack, Redhat | 2 Tripleo-common, Openstack | 2021-08-04 | 7.2 HIGH | 8.2 HIGH |
| A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. The sudoers file as installed with OSP's openstack-tripleo-common package is much too permissive. It contains several lines for the mistral user that have wildcards that allow directory traversal with '..' and it grants full passwordless root access to the validations user. | |||||
| CVE-2018-16856 | 2 Openstack, Redhat | 2 Octavia, Openstack | 2021-08-04 | 5.0 MEDIUM | 7.5 HIGH |
| In a default Red Hat Openstack Platform Director installation, openstack-octavia before versions openstack-octavia 2.0.2-5 and openstack-octavia-3.0.1-0.20181009115732 creates log files that are readable by all users. Sensitive information such as private keys can appear in these log files allowing for information exposure. | |||||
| CVE-2019-3895 | 2 Openstack, Redhat | 2 Octavia, Openstack | 2021-08-04 | 6.8 MEDIUM | 8.0 HIGH |
| An access-control flaw was found in the Octavia service when the cloud platform was deployed using Red Hat OpenStack Platform Director. An attacker could cause new amphorae to run based on any arbitrary image. This meant that a remote attacker could upload a new amphorae image and, if requested to spawn new amphorae, Octavia would then pick up the compromised image. | |||||
| CVE-2018-10898 | 2 Openstack, Redhat | 2 Tripleo Heat Templates, Openstack | 2021-08-04 | 5.8 MEDIUM | 8.8 HIGH |
| A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials. | |||||
| CVE-2018-10874 | 1 Redhat | 4 Ansible Engine, Openstack, Virtualization and 1 more | 2021-08-04 | 4.6 MEDIUM | 7.8 HIGH |
| In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result. | |||||
| CVE-2018-17205 | 3 Canonical, Openvswitch, Redhat | 3 Ubuntu Linux, Openvswitch, Openstack | 2021-08-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the flow action is a go-to for a group id that does not exist), OvS tries to revert back all previous flows that were successfully applied from the same bundle. This is possible since OvS maintains list of old flows that were replaced by flows from the bundle. While reinserting old flows, OvS has an assertion failure due to a check on rule state != RULE_INITIALIZED. This would work for new flows, but for an old flow the rule state is RULE_REMOVED. The assertion failure causes an OvS crash. | |||||
| CVE-2018-10875 | 4 Canonical, Debian, Redhat and 1 more | 11 Ubuntu Linux, Debian Linux, Ansible Engine and 8 more | 2021-08-04 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in ansible. ansible.cfg is read from the current working directory which can be altered to make it point to a plugin or a module path under the control of an attacker, thus allowing the attacker to execute arbitrary code. | |||||
| CVE-2017-15139 | 2 Openstack, Redhat | 2 Cinder, Openstack | 2021-08-04 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants. | |||||
| CVE-2018-10915 | 4 Canonical, Debian, Postgresql and 1 more | 9 Ubuntu Linux, Debian Linux, Postgresql and 6 more | 2021-08-04 | 6.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected. | |||||
| CVE-2018-10903 | 3 Canonical, Cryptography, Redhat | 3 Ubuntu Linux, Python-cryptography, Openstack | 2021-08-04 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage. | |||||
| CVE-2018-10899 | 2 Jolokia, Redhat | 2 Jolokia, Openstack | 2021-08-04 | 6.8 MEDIUM | 8.8 HIGH |
| A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affected versions are vulnerable to a system-wide CSRF. This holds true for properly configured instances with strict checking for origin and referrer headers. This could result in a Remote Code Execution attack. | |||||
| CVE-2021-31918 | 1 Redhat | 1 Openstack | 2021-05-17 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in tripleo-ansible version as shipped in Red Hat Openstack 16.1. The Ansible log file is readable to all users during stack update and creation. The highest threat from this vulnerability is to data confidentiality. | |||||
| CVE-2019-9514 | 12 Apache, Apple, Canonical and 9 more | 29 Traffic Server, Mac Os X, Swiftnio and 26 more | 2020-12-09 | 7.8 HIGH | 7.5 HIGH |
| Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both. | |||||
| CVE-2019-9515 | 11 Apache, Apple, Canonical and 8 more | 23 Traffic Server, Mac Os X, Swiftnio and 20 more | 2020-10-22 | 7.8 HIGH | 7.5 HIGH |
| Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. | |||||
| CVE-2019-3830 | 2 Openstack, Redhat | 2 Ceilometer, Openstack | 2020-10-22 | 2.1 LOW | 7.8 HIGH |
| A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated. | |||||
| CVE-2016-1568 | 3 Debian, Qemu, Redhat | 5 Debian Linux, Qemu, Enterprise Linux and 2 more | 2020-10-15 | 6.9 MEDIUM | 8.8 HIGH |
| Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary code via an invalid AHCI Native Command Queuing (NCQ) AIO command. | |||||
| CVE-2018-1000127 | 4 Canonical, Debian, Memcached and 1 more | 4 Ubuntu Linux, Debian Linux, Memcached and 1 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to the memcached service. This vulnerability appears to have been fixed in 1.4.37 and later. | |||||
| CVE-2012-6685 | 2 Nokogiri, Redhat | 8 Nokogiri, Cloudforms Management Engine, Enterprise Mrg and 5 more | 2020-02-25 | 5.0 MEDIUM | 7.5 HIGH |
| Nokogiri before 1.5.4 is vulnerable to XXE attacks | |||||
| CVE-2016-1714 | 3 Oracle, Qemu, Redhat | 3 Linux, Qemu, Openstack | 2019-12-27 | 6.9 MEDIUM | 8.1 HIGH |
| The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAP_SYS_RAWIO privilege to cause a denial of service (out-of-bounds read or write access and process crash) or possibly execute arbitrary code via an invalid current entry value in a firmware configuration. | |||||
| CVE-2013-1793 | 1 Redhat | 2 Openstack, Openstack Essex | 2019-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| openstack-utils openstack-db has insecure password creation | |||||
| CVE-2017-18191 | 2 Openstack, Redhat | 2 Nova, Openstack | 2019-10-03 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses their own data.) All Nova setups supporting encrypted volumes are affected. | |||||
| CVE-2015-5271 | 2 Openstack, Redhat | 2 Tripleo Heat Templates, Openstack | 2016-04-21 | 5.0 MEDIUM | 7.5 HIGH |
| The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive information from private containers via unspecified vectors. | |||||
| CVE-2015-5329 | 1 Redhat | 1 Openstack | 2016-04-13 | 7.5 HIGH | 7.3 HIGH |
| The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed overclouds by leveraging knowledge of the default credentials. | |||||