Lucene search

GitHub Advisory DatabaseGHSA-7332-36H8-8JH8

HistoryMay 13, 2022 - 1:26 a.m.

OpenStack Identity (Keystone) Denial of Service

2022-05-1301:26:09

CWE-20

GitHub Advisory Database

github.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.8 Medium

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.0%

JSON

OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests.

Affected configurations

Vulners

Node

keystone-enginekeystoneRange<8.0.0a0

CPENameOperatorVersion
keystonelt8.0.0a0

CPE	Name	Operator	Version
	keystone	lt	8.0.0a0

References

lists.fedoraproject.org/pipermail/package-announce/2013-July/111914.html

secunia.com/advisories/53397

www.securityfocus.com/bid/59936

bugs.launchpad.net/keystone/+bug/1098177

bugs.launchpad.net/keystone/+bug/1099025

exchange.xforce.ibmcloud.com/vulnerabilities/84347

github.com/advisories/GHSA-7332-36h8-8jh8

github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8

nvd.nist.gov/vuln/detail/CVE-2013-2014

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

6.8 Medium

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.0%

JSON

Related for GHSA-7332-36H8-8JH8