CVE-2017-2673

An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service keystone. An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles...

CVE-2017-2673

An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service keystone. An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles...

CVE-2017-2673

An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service keystone. An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles...

CVE-2017-2673

The CVE-2017-2673 entry concerns an authorization-check flaw in OpenStack Keystone federation configurations. An authenticated federated user could request permissions to a project and be unintentionally granted all related roles, including administrative roles, due to inadequate authorization ch...

django-saml2-auth (>=1.0.2 <=1.1.4), django-saml2-auth-custom (>=1.0.0 <=1.0.4) +5 more potentially affected by CVE-2017-1000246 via pysaml2 (>=4.0.2 <=4.5.0)

pysaml2 PYPI version =4.0.2, =1.0.2, =1.0.0, =0.16.11, =1.2.1, =12.0.2, =0.6.1, =3.4.8 Source cves: CVE-2017-1000246 Source advisory: OSV:GHSA-CQ94-QF6Q-MF2H...

django-saml2-auth (>=1.0.2 <=1.1.4), django-saml2-auth-custom (>=1.0.0 <=1.0.4) +4 more potentially affected by CVE-2016-10149 via pysaml2 (>=4.0.2 <=4.4.0)

pysaml2 PYPI version =4.0.2, =1.0.2, =1.0.0, =12.0.2, =0.6.1, =3.4.8 Source cves: CVE-2016-10149 Source advisory: OSV:GHSA-C2VX-49JM-H3F6...

oslo.middleware Information Disclosure vulnerability

python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component...

Juniper Networks CSO Information Disclosure Vulnerability

Juniper Contrail Service Orchestration CSO is a Juniper Networks suite of products for designing and deploying network services in a centralized cloud CPE deployment model. An information disclosure vulnerability exists in Juniper CSO versions prior to 3.3.0 that stems from the program's use of...

Contrail Service Orchestration: Hardcoded credentials for Keystone service.

Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 use hardcoded credentials to access Keystone service. These credentials allow network based attackers unauthorized access to information stored in keystone...

Hardcoded credentials

Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 use hardcoded credentials to access Keystone service. These credentials allow network based attackers unauthorized access to information stored in keystone...

CVE-2018-0041

Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 use hardcoded credentials to access Keystone service. These credentials allow network based attackers unauthorized access to information stored in keystone...

CVE-2018-0041

Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 use hardcoded credentials to access Keystone service. These credentials allow network based attackers unauthorized access to information stored in keystone...

CVE-2018-0041 Contrail Service Orchestration: Hardcoded credentials for Keystone service.

Juniper Networks Contrail Service Orchestration releases prior to 3.3.0 use hardcoded credentials to access Keystone service. These credentials allow network based attackers unauthorized access to information stored in keystone...

CVE-2018-0041

The CVE-2018-0041 entry concerns Juniper Networks Contrail Service Orchestration (CSO) prior to version 3.3.0, where hard-coded credentials grant network-based attackers unauthorized access to Keystone service data. Root cause: hard-coded credentials in CSO access to Keystone. Affected product: C...

Security Bulletin: Vulnerability in Keystone affects IBM SmartCloud Orchestrator (CVE-2014-3520)

Summary Vulnerability in Keystone affects IBM SmartCloud Orchestrator CVE-2014-3520. Vulnerability Details Keystone V2 trusts privilege escalation through user supplied project ID. By using an out-of-scope project ID, a trustee might gain unauthorized access if the trustor has the required roles ...

Security Bulletin: Vulnerability in Keystone affects IBM SmartCloud Orchestrator (CVE-2014-3476)

Summary Vulnerability in Keystone affects IBM SmartCloud Orchestrator CVE-2014-3476. Vulnerability Details By creating a delegation from a trust or OAuth token, a trustee might abuse the identity impersonation against keystone and circumvent the enforced scope, which results in potential elevated...

Security Bulletin: IBM SmartCloud Orchestrator - Keystone DoS through V3 API authentication chaining (CVE-2014-2828)

Summary By sending a single request with the same authentication method multiple times, a remote attacker might generate unwanted load on the Keystone host, which might potentially result in a Denial of Service against a Keystone service. Only Keystone setups enabling V3 API are affected...

Security Bulletin: IBM SmartCloud Orchestartor - Trustee token revocation does not work with memcache backend (CVE-2014-2237)

Summary When a trustor issues a trust token with impersonation enabled, the token is only added to the trustor's token list and not to the trustee's token list. This scenario results in the trust token not being invalidated by the trustee's token revocation bulk revocation. It is most noticeable...

keystone node module authentication bypass vulnerability

The keystone node module is a set of web application frameworks. A security vulnerability exists in keystone node module versions prior to 0.3.16. The vulnerability can be exploited to bypass authentication by providing the correct password and a partial e-mail address...

d-pac.cms (=0.5.7), keystone-db-shortcuts (>=0.0.9 <=0.1.15) +12 more potentially affected by CVE-2015-9240 via keystone (>=0.2.26 <=0.2.42)

keystone NPM version =0.2.26, =0.0.9, =0.0.1, =1.0.2, =0.0.0, =0.0.8, =0.0.8, =0.0.3, =0.0.4, =0.0.30 Source cves: CVE-2015-9240 Source advisory: OSV:GHSA-39PJ-GQ8Q-9PFJ...