1561 matches found
UBUNTU-CVE-2014-5251
The MySQL token driver in OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token...
Fedora 20 : openstack-keystone-2013.2.3-5.fc20 (2014-5497)
Sanitizes authentication methods received in requests CVE-2014-2828 - Privilege escalation through trust chained delegation CVE-2014-3476 - Keystone V2 trusts privilege escalation through user supplied project id CVE-2014-3520 Note that Tenable Network Security has extracted the preceding...
Fedora Update for openstack-keystone FEDORA-2014-5497
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 20 Update: openstack-keystone-2013.2.3-5.fc20
Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. This package contains the Keystone daemon...
openstack-keystone: privilege escalation through trust chained delegation
A flaw was found in keystone's chained delegation. A trustee able to create a delegation from a trust or an OAuth token could misuse identity impersonation to bypass the enforced scope, possibly allowing them to obtain elevated privileges to the trustor's projects and roles...
openstack-keystone: Keystone V2 trusts privilege escalation through user supplied project id
A flaw was found in the way keystone handled trusts. A trustee could use an out-of-scope project ID to gain unauthorized access to a project if the trustor had the required roles for that requested project...
Important: Red Hat Security Advisory: openstack-keystone security update
Updated openstack-keystone packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 3.0 and 4.0. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which...
PT-2014-5370 · Openstack +1 · Openstack Identity +1
Name of the Vulnerable Software and Affected Versions: OpenStack Identity Keystone versions before 2013.2.4 OpenStack Identity Keystone versions 2014.x before 2014.1.2 OpenStack Identity Keystone versions Juno before Juno-2 Description: The issue allows remote authenticated trustees to gain...
CVE-2014-3520
OpenStack Identity Keystone before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust token request...
UBUNTU-CVE-2014-3520
OpenStack Identity Keystone before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust token request...
CVE-2014-3476
OpenStack Identity Keystone before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a 1 trust or 2 OAuth token with impersonation enabled to create a new token with...
DEBIAN-CVE-2014-3476
OpenStack Identity Keystone before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a 1 trust or 2 OAuth token with impersonation enabled to create a new token with...
Design/Logic Flaw
OpenStack Identity Keystone before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a 1 trust or 2 OAuth token with impersonation enabled to create a new token with...
CVE-2014-3476
OpenStack Identity Keystone before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a 1 trust or 2 OAuth token with impersonation enabled to create a new token with...
CVE-2014-3476
CVE-2014-3476 affects the OpenStack Keystone (Identity) service. The vulnerability arises from improper handling of chained delegation, where a trustee could use a trust or impersonation-enabled OAuth token to create a new token with additional roles, enabling remote authenticated privilege escal...
CVE-2014-3476
OpenStack Identity Keystone before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a 1 trust or 2 OAuth token with impersonation enabled to create a new token with...
CVE-2014-3476
OpenStack Identity Keystone before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a 1 trust or 2 OAuth token with impersonation enabled to create a new token with...
UBUNTU-CVE-2014-3476
OpenStack Identity Keystone before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a 1 trust or 2 OAuth token with impersonation enabled to create a new token with...
openSUSE Security Update : openstack-keystone (openSUSE-SU-2013:0949-1)
OpenStack Keystone was updated to fix bnc818596, CVE-2013-2059: Keystone tokens not immediately invalidated when user is deleted. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...
openSUSE Security Update : openstack (openSUSE-2013-237)
The Openstack Stack components were updated to Folsom level as of March 5th. Changes in openstack-cinder : - Update 12.3 packages to Folsom as of March 5th. This comes with security fixes and bug fixes that we need to have OpenStack work nicely. Fix bnc802278. - Update cinder-config-update.diff:...