CVE-2019-19687

OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforcescope is false. Users with a role on a project are able to view any other users' credentials,...

CVE-2019-19687

OpenStack Keystone CVE-2019-19687 affects Keystone 15.0.0 and 16.0.0. The /v3/credentials API can leak credentials when enforce_scope is false, enabling a user with a project role to list/view other users’ credentials (potentially exposing sign-on data such as TOTP). Affected deployments are thos...

CVE-2019-19687

OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforcescope is false. Users with a role on a project are able to view any other users' credentials,...

OpenStack Keystone CVE-2019-19687 Information Disclosure Vulnerability

Description OpenStack Keystone is prone to an information-disclosure vulnerability. An attacker may leverage this issue to obtain potentially sensitive information that may aid in further attacks. Technologies Affected OpenStack Keystone 15.0.0 OpenStack Keystone 16.0.0 Recommendations Block...

CVE-2012-1572

OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space...

CVE-2012-1572

OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space...

DEBIAN-CVE-2012-1572

OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space...

Stack overflow

OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space...

CVE-2012-1572

OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space...

CVE-2012-1572

OpenStack Keystone is affected by CVE-2012-1572: extremely long passwords can exhaust Keystone’s stack space and crash the service. The connected sources confirm this behavior but do not provide a specific remediation or patched version in the supplied documents.

CVE-2012-1572

OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space...

CVE-2013-2255

HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates...

DEBIAN-CVE-2013-2255

HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates...

Code injection

HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates...

CVE-2013-2255

OpenStack CVE-2013-2255 affects HTTPSConnections in Keystone (2013) and OpenStack Compute (2013.1), and possibly other OpenStack components. Root cause: server-side SSL certificate validation is not performed, allowing potential impersonation or man-in-the-middle scenarios where untrusted certifi...

CVE-2013-2255

HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates...

47pages-keystone (>=0.0.1 <=0.0.5), @bigteam/node-aot (>=0.0.0-alpha.1 <=0.0.0-alpha.8.c) +1248 more potentially affected by CVE-2019-17426 via mongoose (>=1.0.0 <=4.13.20)

mongoose NPM version =1.0.0, =0.0.1, =0.0.0-alpha.1, =2.0.8, =0.5.10, =0.2.0, =0.0.5, =0.0.1, =0.3.21-3, =1.2.3, =1.0.0, =1.0.1, =1.0.0, =1.2.0 and more Source cves: CVE-2019-17426 Source advisory: OSV:GHSA-8687-VV9J-HGPH...

CVE-2019-10138

A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens...

CVE-2019-10138

A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens...

Design/Logic Flaw

A flaw was discovered in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens...