Lucene search
K

1561 matches found

OSV
OSV
added 2014/08/15 12:0 a.m.3 views

UBUNTU-CVE-2014-5251

The MySQL token driver in OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token...

4.9CVSS5.8AI score0.01592EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2014/08/08 12:0 a.m.32 views

Fedora 20 : openstack-keystone-2013.2.3-5.fc20 (2014-5497)

Sanitizes authentication methods received in requests CVE-2014-2828 - Privilege escalation through trust chained delegation CVE-2014-3476 - Keystone V2 trusts privilege escalation through user supplied project id CVE-2014-3520 Note that Tenable Network Security has extracted the preceding...

7.8CVSS5.3AI score0.03129EPSS
Exploits3References7
OpenVAS
OpenVAS
added 2014/08/08 12:0 a.m.27 views

Fedora Update for openstack-keystone FEDORA-2014-5497

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.5AI score0.03129EPSS
Exploits7References2
Fedora
Fedora
added 2014/08/07 3:24 p.m.55 views

[SECURITY] Fedora 20 Update: openstack-keystone-2013.2.3-5.fc20

Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. This package contains the Keystone daemon...

7.8CVSS1.1AI score0.03129EPSS
Exploits7
RedHat Linux
RedHat Linux
added 2014/07/31 3:18 p.m.3 views

openstack-keystone: privilege escalation through trust chained delegation

A flaw was found in keystone's chained delegation. A trustee able to create a delegation from a trust or an OAuth token could misuse identity impersonation to bypass the enforced scope, possibly allowing them to obtain elevated privileges to the trustor's projects and roles...

6CVSS5.7AI score0.02308EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2014/07/31 3:18 p.m.2 views

openstack-keystone: Keystone V2 trusts privilege escalation through user supplied project id

A flaw was found in the way keystone handled trusts. A trustee could use an out-of-scope project ID to gain unauthorized access to a project if the trustor had the required roles for that requested project...

6.5CVSS5.7AI score0.01907EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2014/07/31 3:18 p.m.3 views

Important: Red Hat Security Advisory: openstack-keystone security update

Updated openstack-keystone packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 3.0 and 4.0. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which...

6.5CVSS5.8AI score0.02308EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2014/07/02 12:0 a.m.4 views

PT-2014-5370 · Openstack +1 · Openstack Identity +1

Name of the Vulnerable Software and Affected Versions: OpenStack Identity Keystone versions before 2013.2.4 OpenStack Identity Keystone versions 2014.x before 2014.1.2 OpenStack Identity Keystone versions Juno before Juno-2 Description: The issue allows remote authenticated trustees to gain...

6.5CVSS6.2AI score0.02308EPSS
Exploits2References22
UbuntuCve
UbuntuCve
added 2014/07/02 12:0 a.m.25 views

CVE-2014-3520

OpenStack Identity Keystone before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust token request...

6.5CVSS5.9AI score0.01907EPSS
Exploits1References3
OSV
OSV
added 2014/07/02 12:0 a.m.7 views

UBUNTU-CVE-2014-3520

OpenStack Identity Keystone before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust token request...

6.5CVSS5.8AI score0.01907EPSS
Exploits1References4
NVD
NVD
added 2014/06/17 2:55 p.m.19 views

CVE-2014-3476

OpenStack Identity Keystone before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a 1 trust or 2 OAuth token with impersonation enabled to create a new token with...

6CVSS6.3AI score0.02308EPSS
Exploits1References6
OSV
OSV
added 2014/06/17 2:55 p.m.1 views

DEBIAN-CVE-2014-3476

OpenStack Identity Keystone before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a 1 trust or 2 OAuth token with impersonation enabled to create a new token with...

6CVSS6.7AI score0.02308EPSS
Exploits1References1
Prion
Prion
added 2014/06/17 2:55 p.m.22 views

Design/Logic Flaw

OpenStack Identity Keystone before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a 1 trust or 2 OAuth token with impersonation enabled to create a new token with...

6CVSS6.9AI score0.02308EPSS
Exploits1References6Affected Software2
Cvelist
Cvelist
added 2014/06/17 2:0 p.m.35 views

CVE-2014-3476

OpenStack Identity Keystone before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a 1 trust or 2 OAuth token with impersonation enabled to create a new token with...

6.2AI score0.02308EPSS
Exploits1References6
CVE
CVE
added 2014/06/17 2:0 p.m.74 views

CVE-2014-3476

CVE-2014-3476 affects the OpenStack Keystone (Identity) service. The vulnerability arises from improper handling of chained delegation, where a trustee could use a trust or impersonation-enabled OAuth token to create a new token with additional roles, enabling remote authenticated privilege escal...

6CVSS6.4AI score0.02308EPSS
Exploits1References6Affected Software1
Debian CVE
Debian CVE
added 2014/06/17 2:0 p.m.23 views

CVE-2014-3476

OpenStack Identity Keystone before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a 1 trust or 2 OAuth token with impersonation enabled to create a new token with...

6CVSS6.3AI score0.02308EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2014/06/17 12:0 a.m.23 views

CVE-2014-3476

OpenStack Identity Keystone before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a 1 trust or 2 OAuth token with impersonation enabled to create a new token with...

6CVSS5.9AI score0.02308EPSS
Exploits1References3
OSV
OSV
added 2014/06/17 12:0 a.m.4 views

UBUNTU-CVE-2014-3476

OpenStack Identity Keystone before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a 1 trust or 2 OAuth token with impersonation enabled to create a new token with...

6CVSS5.8AI score0.02308EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.34 views

openSUSE Security Update : openstack-keystone (openSUSE-SU-2013:0949-1)

OpenStack Keystone was updated to fix bnc818596, CVE-2013-2059: Keystone tokens not immediately invalidated when user is deleted. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

6CVSS6.6AI score0.02468EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.57 views

openSUSE Security Update : openstack (openSUSE-2013-237)

The Openstack Stack components were updated to Folsom level as of March 5th. Changes in openstack-cinder : - Update 12.3 packages to Folsom as of March 5th. This comes with security fixes and bug fixes that we need to have OpenStack work nicely. Fix bnc802278. - Update cinder-config-update.diff:...

6.5CVSS8.2AI score0.04863EPSS
Exploits3References12
Rows per page
Query Builder