GHSA-C4P9-87H3-7VR4 OpenStack Identity Keystone Improper Privilege Management

OpenStack Identity Keystone before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID...

GHSA-JWPW-PPJ5-7H4W OpenStack Keystone Logs Passwords

OpenStack Identity Keystone before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backendargument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs...

GHSA-8V8F-VC72-PMHC OpenStack Identity Keystone Exposure of Sensitive Information

The catalog url replacement in OpenStack Identity Keystone before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$admintoken" in the publicurl endpoint field...

OpenStack Identity (Keystone) Denial of Service

OpenStack Identity Keystone before 2013.1 allows remote attackers to cause a denial of service memory consumption and crash via multiple long requests...

OpenStack Identity Keystone is vulnerable to Block delegation escalation of privilege

OpenStack Identity Keystone before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a 1 trust or 2 OAuth token with impersonation enabled to create a new token with...

GHSA-274V-R947-V34R OpenStack Identity Keystone is vulnerable to Block delegation escalation of privilege

OpenStack Identity Keystone before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a 1 trust or 2 OAuth token with impersonation enabled to create a new token with...

OpenStack Identity service (keystone) Incorrect Authorization

An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service keystone. An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles...

GHSA-8833-QRVM-WC3H OpenStack Keystone allows context-dependent attackers to bypass access restrictions

OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the 1 user, 2 tenant, or 3 domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions...

OpenStack Keystone allows context-dependent attackers to bypass access restrictions

OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the 1 user, 2 tenant, or 3 domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions...

OpenStack Keystone Denial of Service vulnerability via a large HTTP request

OpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier allows remote attackers to cause a denial of service CPU and memory consumption via a large HTTP request, as demonstrated by a long tenantname when requesting a token...

GHSA-4PPJ-4P4V-JF4P OpenStack Keystone Denial of Service vulnerability via a large HTTP request

OpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier allows remote attackers to cause a denial of service CPU and memory consumption via a large HTTP request, as demonstrated by a long tenantname when requesting a token...

OpenStack Keystone and other components vulnerable to Improper Certificate Validation

HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates...

GHSA-QH2X-HPF9-CF2G OpenStack Keystone and other components vulnerable to Improper Certificate Validation

HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates...

Patching - An Interactive Binary Patching Plugin For IDA Pro

Patching assembly code to change the behavior of an existing program is not uncommon in malware analysis, software reverse engineering, and broader domains of security research. This project extends the popular IDA Pro disassembler to create a more robust interactive binary patching workflow...

Cross-site Scripting (XSS)

@keystone-6/auth is vulnerable to cross-site scripting. The vulnerability exists in the pageMiddleware function in index.ts as it does not properly set pathname, allowing an attacker to gain sensitive information by redirecting to malicious websites...

Reflected cross-site scripting (XSS) vulnerability

This security advisory relates to a capability for an attacker to exploit a reflected cross-site scripting vulnerability when using the @keystone-6/auth package. Impact The vulnerability can impact users of the administration user interface when following an untrusted link to the signin or init...

GHSA-HRGX-7J6V-XJ82 Reflected cross-site scripting (XSS) vulnerability

This security advisory relates to a capability for an attacker to exploit a reflected cross-site scripting vulnerability when using the @keystone-6/auth package. Impact The vulnerability can impact users of the administration user interface when following an untrusted link to the signin or init...

CVE-2022-0087

keystone is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

CVE-2022-0087

keystone is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

Cross site scripting

keystone is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...