Lucene search
K

1573 matches found

OSV
OSV
added 2014/10/02 12:0 a.m.4 views

UBUNTU-CVE-2014-3621

The catalog url replacement in OpenStack Identity Keystone before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$admintoken" in the publicurl endpoint field...

4CVSS5.8AI score0.02109EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2014/09/02 5:58 p.m.44 views

Low: Red Hat Security Advisory: openstack-keystone security and bug fix update

Updated openstack-keystone packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring Syst...

4.9CVSS5.8AI score0.01592EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2014/09/02 5:58 p.m.3 views

openstack-keystone: token expiration date stored incorrectly

A flaw was found in keystone revocation events that resulted in the "issuedat" time being updated when a token created by the V2 API was processed by the V3 API. This could allow a user to evade token revocation. Only OpenStack Identity setups configured to make use of revocation events and UUID...

4.9CVSS5.7AI score0.01515EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/09/02 5:58 p.m.44 views

Low: Red Hat Security Advisory: openstack-keystone security and bug fix update

Updated openstack-keystone packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring Syst...

4.9CVSS5.8AI score0.01592EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2014/09/02 5:58 p.m.7 views

openstack-keystone: revocation events are broken with mysql

It was found that the MySQL token driver did not correctly store token expiration times, which prevented manual token revocation. Only OpenStack Identity setups configured to make use of revocation events were affected...

4.9CVSS5.7AI score0.01592EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/09/02 5:58 p.m.7 views

openstack-keystone: token expiration date stored incorrectly

A flaw was found in keystone revocation events that resulted in the "issuedat" time being updated when a token created by the V2 API was processed by the V3 API. This could allow a user to evade token revocation. Only OpenStack Identity setups configured to make use of revocation events and UUID...

4.9CVSS5.7AI score0.01515EPSS
Exploits0References4
NVD
NVD
added 2014/08/25 2:55 p.m.28 views

CVE-2014-5252

The V3 API in OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issuedat value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification 1 GET or 2 HEAD request to v3/auth/tokens/...

4.9CVSS6.1AI score0.01515EPSS
Exploits0References5
NVD
NVD
added 2014/08/25 2:55 p.m.33 views

CVE-2014-5251

The MySQL token driver in OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token...

4.9CVSS6.1AI score0.01592EPSS
Exploits0References5
OSV
OSV
added 2014/08/25 2:55 p.m.3 views

DEBIAN-CVE-2014-5253

OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain...

4.9CVSS6.8AI score0.01488EPSS
Exploits0References1
OSV
OSV
added 2014/08/25 2:55 p.m.2 views

DEBIAN-CVE-2014-5252

The V3 API in OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issuedat value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification 1 GET or 2 HEAD request to v3/auth/tokens/...

4.9CVSS6.8AI score0.01515EPSS
Exploits0References1
OSV
OSV
added 2014/08/25 2:55 p.m.9 views

CVE-2014-5252

The V3 API in OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issuedat value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification 1 GET or 2 HEAD request to v3/auth/tokens/...

6AI score
Exploits0References5
OSV
OSV
added 2014/08/25 2:55 p.m.3 views

DEBIAN-CVE-2014-5251

The MySQL token driver in OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token...

4.9CVSS6.7AI score0.01592EPSS
Exploits0References1
PyPA
PyPA
added 2014/08/25 2:55 p.m.6 views

PYSEC-2014-107

The MySQL token driver in OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token...

4.9CVSS6.7AI score0.01592EPSS
Exploits0References5Affected Software1
PyPA
PyPA
added 2014/08/25 2:55 p.m.5 views

PYSEC-2014-108

The V3 API in OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issuedat value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification 1 GET or 2 HEAD request to v3/auth/tokens/...

4.9CVSS6.8AI score0.01515EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2014/08/25 2:55 p.m.24 views

Cross site request forgery (csrf)

The V3 API in OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issuedat value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification 1 GET or 2 HEAD request to v3/auth/tokens/...

4.9CVSS6.6AI score0.01515EPSS
Exploits0References5Affected Software2
Prion
Prion
added 2014/08/25 2:55 p.m.21 views

Design/Logic Flaw

OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain...

4.9CVSS6.6AI score0.01488EPSS
Exploits0References5Affected Software2
PyPA
PyPA
added 2014/08/25 2:55 p.m.6 views

PYSEC-2014-109

OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain...

4.9CVSS6.8AI score0.01488EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2014/08/25 2:55 p.m.22 views

Code injection

The MySQL token driver in OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token...

4.9CVSS6.6AI score0.01592EPSS
Exploits0References5Affected Software2
CVE
CVE
added 2014/08/25 2:0 p.m.86 views

CVE-2014-5251

The CVE describes a vulnerability in the OpenStack Keystone MySQL token driver: versions of OpenStack Identity (Keystone) 2014.1.x prior to 2014.1.2.1 and the Juno series prior to Juno-3 store timestamps with incorrect precision. This causes the token expiration check to fail, allowing remote aut...

4.9CVSS6.1AI score0.01592EPSS
Exploits0References5Affected Software2
Cvelist
Cvelist
added 2014/08/25 2:0 p.m.35 views

CVE-2014-5252

The V3 API in OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issuedat value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification 1 GET or 2 HEAD request to v3/auth/tokens/...

6AI score0.01515EPSS
Exploits0References5
Rows per page
Query Builder