1543 matches found
Low: Red Hat Security Advisory: openstack-glance security update
Updated openstack-glance packages that fix multiple bugs and add various enhancements are now available for Red Hat OpenStack Essex. The openstack-glance packages allows virtual machine images to be discovered, registered and retrieved. It also includes a RESTful API to provide these services to...
OpenStack: Keystone extension of token validity through token chaining
OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression...
Moderate: Red Hat Security Advisory: openstack-keystone security, bug fix, and enhancement update
Updated openstack-keystone packages that fix two security issues, multiple bugs, and add enhancements are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores,...
Moderate: Red Hat Security Advisory: openstack-keystone security, bug fix, and enhancement update
Updated openstack-keystone packages that fix two security issues, multiple bugs, and add enhancements are now available for Red Hat OpenStack Essex. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores,...
OpenStack: Keystone /etc/keystone/ec2rc secret key exposure
tools/sampledata.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elastic Compute Cloud Amazon EC2 is configured, uses world-readable permissions for /etc/keystone/ec2rc, which allows local users to obtain access to EC2 services by reading administrative access and secret values from this...
Ubuntu: Security Advisory (USN-1641-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu Update for keystone USN-1641-1
Ubuntu Update for Linux kernel vulnerabilities USN-1641-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN16411.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for keystone USN-1641-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net Thi...
Ubuntu 12.04 LTS / 12.10 : keystone vulnerabilities (USN-1641-1)
Vijaya Erukala discovered that Keystone did not properly invalidate EC2-style credentials such that if credentials were removed from a tenant, an authenticated and authorized user using those credentials may still be allowed access beyond the account owner's expectations. CVE-2012-5571 It was...
USN-1641-1: OpenStack Keystone vulnerabilities
Vijaya Erukala discovered that Keystone did not properly invalidate EC2-style credentials such that if credentials were removed from a tenant, an authenticated and authorized user using those credentials may still be allowed access beyond the account owner's expectations. CVE-2012-5571 It was...
CVE-2012-5571
A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 Elastic Compute Cloud tokens when a user's role has been removed from a tenant. An attack...
CVE-2012-5563
OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression...
2012.1.1: fails to validate tokens in Admin API
The 1 OS-KSADM/services and 2 tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the roles for an arbitrary user or get, create, or delete arbitrary services...
2012.1.1: fails to raise Unauthorized user error for disabled tenant
OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant...
Keystone: Lack of authorization for adding users to tenants
OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex 2012.1, allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly...
OpenStack-Keystone: role revocation token issues
OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles...
Important: Red Hat Security Advisory: openstack-keystone security update
Updated openstack-keystone packages that fix multiple security issues are now available for Red Hat OpenStack Essex. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
CVE-2012-4457
OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant...
CVE-2012-4456
The 1 OS-KSADM/services and 2 tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the roles for an arbitrary user or get, create, or delete arbitrary services...
DEBIAN-CVE-2012-4457
OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant...
CVE-2012-4457
OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant...