1543 matches found
PYSEC-2014-69
python-keystoneclient before 0.2.4, as used in OpenStack Keystone Folsom, does not properly check expiry for PKI tokens, which allows remote authenticated users to 1 retain use of a token after it has expired, or 2 use a revoked token once it expires...
PYSEC-2014-69
python-keystoneclient before 0.2.4, as used in OpenStack Keystone Folsom, does not properly check expiry for PKI tokens, which allows remote authenticated users to 1 retain use of a token after it has expired, or 2 use a revoked token once it expires...
CVE-2013-2104
python-keystoneclient before 0.2.4, as used in OpenStack Keystone Folsom, does not properly check expiry for PKI tokens, which allows remote authenticated users to 1 retain use of a token after it has expired, or 2 use a revoked token once it expires...
CVE-2013-2104
CVE-2013-2104 affects Python-keystoneclient = 0.2.4) as part of OpenStack/Keystone updates; multiple advisories reference this fix (e.g., RHSA-2013:0944, openSUSE/SUSE patches). Technical details and affected environments are corroborated across Nessus, OSV, and OSV.DEBIAN entries in the connecte...
Fedora 20 : openstack-keystone-2013.2.1-1.fc20 (2013-23589)
Update to Havana stable release 2013.2.1 - Havana GA Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
[SECURITY] Fedora 20 Update: openstack-keystone-2013.2.1-1.fc20
Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. This package contains the Keystone daemon...
CVE-2013-2030
keystone/middleware/authtoken.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova...
PYSEC-2013-45
keystone/middleware/authtoken.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova...
CVE-2013-2030
keystone/middleware/authtoken.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova...
Ubuntu Update for keystone USN-2061-1
Check for the Version of keystone OpenVAS Vulnerability Test $Id: gbubuntuUSN20611.nasl 8650 2018-02-03 12:16:59Z teissa $ Ubuntu Update for keystone USN-2061-1 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free...
[USN-2061-1] OpenStack Keystone vulnerability
========================================================================== Ubuntu Security Notice USN-2061-1 December 19, 2013 keystone vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Ubuntu: Security Advisory (USN-2061-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 13.10 : keystone vulnerability (USN-2061-1)
Steven Hardy discovered that Keystone did not properly enforce trusts when using the ec2tokens API. An authenticated attacker could exploit this to retrieve a token not scoped to the trust and elevate privileges to the trustor's roles. Note that Tenable Network Security has extracted the precedin...
USN-2061-1: OpenStack Keystone vulnerability
Steven Hardy discovered that Keystone did not properly enforce trusts when using the ec2tokens API. An authenticated attacker could exploit this to retrieve a token not scoped to the trust and elevate privileges to the trustor's roles...
OpenStack Keystone EC2-style令牌校验特权提升漏洞
Bugtraq ID:64253 CVE ID:CVE-2013-6391 Keystone是Openstack中用于身份验证的项目,任何服务请求需要经过它的验证获得服务的endpoint。 OpenStack Keystone在使用trust-scoped令牌生成EC2验证凭据时ec2tokens API存在一个安全漏洞,允许远程利用漏洞访问其他受限委托人角色trustor's roles,提升权限。 要成功利用漏洞需要应用启用了EC2-style验证。 0 OpenStack Keystone 2013.x...
DEBIAN-CVE-2013-6391
The ec2tokens API in OpenStack Identity Keystone before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2toke...
Cross site request forgery (csrf)
The ec2tokens API in OpenStack Identity Keystone before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2toke...
CVE-2013-6391
The ec2tokens API in OpenStack Identity Keystone before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2toke...
CVE-2013-6391
Summary (CVE-2013-6391) OpenStack Keystone’s ec2token API could generate a token not scoped to a specific trust when converting a trust-scoped token, allowing remote trust users to obtain EC2 credentials and potentially elevate privileges. Affected releases include Keystone before Havana 2013.2.1...
CVE-2013-6391
The ec2tokens API in OpenStack Identity Keystone before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2toke...