Lucene search
GoogleOSV:PYSEC-2020-56HistoryMay 07, 2020 - 12:15 a.m.
PYSEC-2020-56
2020-05-0700:15:00
Google
osv.dev
10
0.001 Low
EPSS
Percentile
38.1%
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn’t have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times.
Related
debiancve
debiancve
CVE-2020-12692
2020-05-07 00:15:10
nvd
nvd
CVE-2020-12692
2020-05-07 00:15:10
redhatcve
redhatcve
CVE-2020-12692
2020-05-08 00:09:51
github
github
cvelist
cvelist
CVE-2020-12692
2020-05-06 23:42:42
osv
osv
CVE-2020-12692
2020-05-07 00:15:10
OpenStack Keystone does not check signature TTL of the EC2 credential auth method
2022-05-24 17:17:23
keystone - security update
2020-05-06 00:00:00
ubuntucve
ubuntucve
CVE-2020-12692
2020-05-07 00:00:00
cve
cve
CVE-2020-12692
2020-05-07 00:15:10
veracode
veracode
Man-in-the-Middle (MitM)
2020-05-08 05:36:35
prion
prion
Authorization
2020-05-07 00:15:00
redhat
redhat
(RHSA-2020:2732) Important: openstack-keystone security update
2020-06-24 12:25:05
(RHSA-2020:3102) Important: openstack-keystone security update
2020-07-22 12:24:32
(RHSA-2020:3105) Important: openstack-keystone security update
2020-07-22 12:28:32
nessus
nessus
RHEL 7 : openstack-keystone (RHSA-2020:2732)
2020-06-24 00:00:00
RHEL 8 : openstack-keystone (RHSA-2020:3102)
2020-07-22 00:00:00
RHEL 8 : openstack-keystone (RHSA-2020:3105)
2020-07-22 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4480-1)
2020-09-02 00:00:00
Debian: Security Advisory (DSA-4679-1)
2020-05-08 00:00:00
ubuntu
ubuntu
OpenStack Keystone vulnerabilities
2020-09-01 00:00:00
ibm
ibm