Lucene search
K

1557 matches found

Tenable Nessus
Tenable Nessus
added 2012/09/04 12:0 a.m.27 views

Ubuntu 12.04 LTS : keystone vulnerabilities (USN-1552-1)

Dolph Mathews discovered that OpenStack Keystone did not properly restrict to administrative users the ability to update users' tenants. A remote attacker that can reach the administrative API can use this to add any user to any tenant. CVE-2012-3542 Derek Higgins discovered that OpenStack Keysto...

4.9CVSS5.4AI score0.0248EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2012/09/04 12:0 a.m.33 views

Ubuntu Update for keystone USN-1552-1

Ubuntu Update for Linux kernel vulnerabilities USN-1552-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN15521.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for keystone USN-1552-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net Thi...

4.9CVSS6.4AI score0.0248EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2012/09/03 5:3 p.m.54 views

USN-1552-1: OpenStack Keystone vulnerabilities

Dolph Mathews discovered that OpenStack Keystone did not properly restrict to administrative users the ability to update users' tenants. A remote attacker that can reach the administrative API can use this to add any user to any tenant. CVE-2012-3542 Derek Higgins discovered that OpenStack Keysto...

4.9CVSS5.3AI score0.0248EPSS
Exploits1
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.88 views

[USN-1552-1] OpenStack Keystone vulnerabilities

========================================================================== Ubuntu Security Notice USN-1552-1 September 03, 2012 keystone vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives...

4.9CVSS0.9AI score0.0248EPSS
Exploits1
securityvulns
securityvulns
added 2012/09/03 12:0 a.m.39 views

OpenStack Keystone limitations bypass

Administrative user limitations and token lifetime limitations bypass...

4.9CVSS2.2AI score0.0248EPSS
Exploits1References1Affected Software1
OpenVAS
OpenVAS
added 2012/08/30 12:0 a.m.30 views

Fedora Update for openstack-keystone FEDORA-2012-4690

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

7.5CVSS7.6AI score0.01199EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2012/08/30 12:0 a.m.30 views

CVE-2012-3542

OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex 2012.1, allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly...

4.3CVSS6AI score0.0248EPSS
Exploits0References4
NVD
NVD
added 2012/07/31 10:45 a.m.27 views

CVE-2012-3426

OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by 1 creating new tokens through token chaining, 2 leveraging...

4.9CVSS6.1AI score0.02266EPSS
Exploits1References14
OSV
OSV
added 2012/07/31 10:45 a.m.2 views

DEBIAN-CVE-2012-3426

OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by 1 creating new tokens through token chaining, 2 leveraging...

4.9CVSS6.4AI score0.02266EPSS
Exploits1References1
OSV
OSV
added 2012/07/31 10:45 a.m.8 views

CVE-2012-3426

OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by 1 creating new tokens through token chaining, 2 leveraging...

6.1AI score
Exploits0References16
Prion
Prion
added 2012/07/31 10:45 a.m.15 views

Authorization

OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by 1 creating new tokens through token chaining, 2 leveraging...

4.9CVSS6.4AI score0.02266EPSS
Exploits1References14Affected Software2
PyPA
PyPA
added 2012/07/31 10:45 a.m.6 views

PYSEC-2012-34

OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by 1 creating new tokens through token chaining, 2 leveraging...

4.9CVSS6.8AI score0.02266EPSS
Exploits1References17Affected Software1
Cvelist
Cvelist
added 2012/07/31 10:0 a.m.33 views

CVE-2012-3426

OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by 1 creating new tokens through token chaining, 2 leveraging...

6AI score0.02266EPSS
Exploits1References14
Debian CVE
Debian CVE
added 2012/07/31 10:0 a.m.34 views

CVE-2012-3426

OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by 1 creating new tokens through token chaining, 2 leveraging...

4.9CVSS6.2AI score0.02266EPSS
Exploits1
CVE
CVE
added 2012/07/31 10:0 a.m.84 views

CVE-2012-3426

OpenStack Keystone before version 2012.1.1 (as used in Folsom before Folsom-1 and Essex) does not properly enforce token expiration, allowing remote authenticated users to bypass authorization by: (1) chaining tokens to create new ones, (2) using a token from a disabled account, or (3) using a to...

4.9CVSS6.1AI score0.02266EPSS
Exploits1References14Affected Software3
UbuntuCve
UbuntuCve
added 2012/07/27 3:0 p.m.26 views

CVE-2012-3426

OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by 1 creating new tokens through token chaining, 2 leveraging...

4.9CVSS5.9AI score0.02266EPSS
Exploits1References2
OSV
OSV
added 2012/06/05 10:55 p.m.1 views

DEBIAN-CVE-2012-0805

Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the 1 limit or 2 offset keyword to the select function, or unspecified vectors to the 3 select.limit or 4 select.offset function...

7.5CVSS8.8AI score0.02862EPSS
Exploits2References1
NVD
NVD
added 2012/06/05 10:55 p.m.13 views

CVE-2012-0805

Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the 1 limit or 2 offset keyword to the select function, or unspecified vectors to the 3 select.limit or 4 select.offset function...

7.5CVSS8.2AI score0.02862EPSS
Exploits2References10
OSV
OSV
added 2012/06/05 10:55 p.m.5 views

CVE-2012-0805

Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the 1 limit or 2 offset keyword to the select function, or unspecified vectors to the 3 select.limit or 4 select.offset function...

8.2AI score
Exploits0References11
PyPA
PyPA
added 2012/06/05 10:55 p.m.5 views

PYSEC-2012-9

Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the 1 limit or 2 offset keyword to the select function, or unspecified vectors to the 3 select.limit or 4 select.offset function...

7.5CVSS8.8AI score0.02862EPSS
Exploits2References11Affected Software1
Rows per page
Query Builder