Keystone 输入验证错误漏洞

Keystone is a powerful CMS for OpenStack open source. used to help you build and scale faster than any other Cms or application framework. Keystone versions prior to 7.0.0 have an input validation error vulnerability that stems from the inclusion of an open redirect. An attacker exploiting this...

PT-2023-24771 · Unknown · @Keystone-6/Auth

Name of the Vulnerable Software and Affected Versions: @keystone-6/auth versions 7.0.0 and prior Description: Keystone is a content management system for Node.JS. There is an open redirect in the @keystone-6/auth package, where the redirect leading / filter can be bypassed. Users may be redirecte...

@beemstream/keystone-document-gallery (>=2.0.0 <=2.0.6), @murz/keystone-field-nested-set (=4.0.1-1) +7 more potentially affected by unknown CVE via @keystone-6/core (>=1.1.1 <=5.2.0)

@keystone-6/core NPM version =1.1.1, =2.0.0, =2.1.0, =1.0.0, =6.0.21, =0.0.1, =1.0.0, =0.0.1, =0.1.0, =0.2.0 Source cves: unknown CVE Source advisory: OSV:GHSA-5FP6-4XW3-XQQ3...

GHSA-5FP6-4XW3-XQQ3 @keystone-6/core's bundled cuid package known to be insecure

Summary The cuid package used by @keystone-6/ and upstream dependencies is deprecated and marked as insecure by the author. As reported by the author Cuid and other k-sortable and non-cryptographic ids Ulid, ObjectId, KSUID, all UUIDs are all insecure. Use @paralleldrive/cuid2 instead. What are...

PT-2023-32980 · Cuid +1 · Cuid +2

Name of the Vulnerable Software and Affected Versions: @keystone-6/ versions affected versions not specified Description: The cuid package is deprecated and marked as insecure by its author due to security concerns. It is recommended to use @paralleldrive/cuid2 instead. The issue affects...

SUSE CVE-2012-0805

Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the 1 limit or 2 offset keyword to the select function, or unspecified vectors to the 3 select.limit or 4 select.offset function...

SUSE CVE-2012-3426

OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by 1 creating new tokens through token chaining, 2 leveraging...

SUSE CVE-2012-3542

OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex 2012.1, allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly...

SUSE CVE-2012-4413

OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles...

SUSE CVE-2012-4457

OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant...

SUSE CVE-2012-4456

The 1 OS-KSADM/services and 2 tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the roles for an arbitrary user or get, create, or delete arbitrary services...

SUSE CVE-2012-5483

tools/sampledata.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elastic Compute Cloud Amazon EC2 is configured, uses world-readable permissions for /etc/keystone/ec2rc, which allows local users to obtain access to EC2 services by reading administrative access and secret values from this...

SUSE CVE-2012-5563

OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression...

SUSE CVE-2012-5571

A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 Elastic Compute Cloud tokens when a user's role has been removed from a tenant. An attack...

SUSE CVE-2013-0247

OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service disk consumption via many invalid token requests that trigger excessive generation of log entries...

SUSE CVE-2013-0270

A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected...

SUSE CVE-2013-0282

OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the 1 user, 2 tenant, or 3 domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions...

SUSE CVE-2013-1665

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External...

SUSE CVE-2013-1865

OpenStack Keystone Folsom 2012.2 does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token...

SUSE CVE-2013-1977

OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admintoken secret by reading the file...