43 matches found
Ubuntu 12.04 LTS / 12.10 : keystone vulnerability (USN-1715-1)
Dan Prince discovered that Keystone did not properly perform input validation when handling certain error conditions. An unauthenticated user could exploit this to cause a denial of service in Keystone API servers via disk space exhaustion. Note that Tenable Network Security has extracted the...
gadgetfinder (>=0.0.1 <=1.0.0), keystone-keycloak-backend (=0.1.1) +2 more potentially affected by CVE-2012-3542 via keystone (=29.0.1)
keystone PYPI version =29.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on keystone and may be impacted: - gadgetfinder =0.0.1, =0.1.0, =0.1.0, =1.12.0 Source cves: CVE-2012-3542 Source advisory: OSV:PYSEC-2012-19...
CVE-2012-3426
OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by 1 creating new tokens through token chaining, 2 leveraging...