Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2014-3520HistoryOct 26, 2014 - 8:55 p.m.
CVE-2014-3520
2014-10-2620:55:02
Debian Security Bug Tracker
security-tracker.debian.org
10
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
78.0%
OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust token request.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | keystone | < 2014.1.1-3 | keystone_2014.1.1-3_all.deb |
| Debian | 11 | all | keystone | < 2014.1.1-3 | keystone_2014.1.1-3_all.deb |
| Debian | 10 | all | keystone | < 2014.1.1-3 | keystone_2014.1.1-3_all.deb |
| Debian | 999 | all | keystone | < 2014.1.1-3 | keystone_2014.1.1-3_all.deb |
| Debian | 13 | all | keystone | < 2014.1.1-3 | keystone_2014.1.1-3_all.deb |
Related
nessus
nessus
Oracle Solaris Third-Party Patch Update : keystone (cve_2014_3520_privilege_escalation)
2015-01-19 00:00:00
Fedora 20 : openstack-keystone-2013.2.3-5.fc20 (2014-5497)
2014-08-08 00:00:00
Ubuntu 14.04 LTS : OpenStack Keystone vulnerabilities (USN-2324-1)
2014-08-22 00:00:00
veracode
veracode
Privilege Escalation
2019-05-02 05:05:14
cvelist
cvelist
CVE-2014-3520
2014-10-26 20:00:00
ibm
ibm
nvd
nvd
CVE-2014-3520
2014-10-26 20:55:02
cve
cve
CVE-2014-3520
2014-10-26 20:55:02
ubuntucve
ubuntucve
CVE-2014-3520
2014-07-02 00:00:00
prion
prion
Cross site request forgery (csrf)
2014-10-26 20:55:00
redhat
redhat
(RHSA-2014:0994) Important: openstack-keystone security update
2014-07-31 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-2324-1)
2014-08-22 00:00:00
Fedora Update for openstack-keystone FEDORA-2014-5497
2014-08-08 00:00:00
ubuntu
ubuntu
OpenStack Keystone vulnerabilities
2014-08-21 00:00:00
securityvulns
securityvulns
[USN-2324-1] OpenStack Keystone vulnerabilities
2014-08-24 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: openstack-keystone-2013.2.3-5.fc20
2014-08-07 15:24:24
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
78.0%
Related for DEBIANCVE:CVE-2014-3520