CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

473 matches found

SUSE CVE•added 2023/02/15 3:58 a.m.•1 views

SUSE CVE-2020-12692

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times...

5.5CVSS7AI score0.00705EPSS

Exploits0References3

SUSE CVE•added 2023/02/15 3:49 a.m.•4 views

SUSE CVE-2021-3563

A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity...

7.4CVSS6.4AI score0.01272EPSS

Exploits1References3

SUSE CVE•added 2023/02/15 3:38 a.m.•1 views

SUSE CVE-2021-38155

OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking related to PCI DSS features. By guessing the name of an account and failing to authenticate multiple times, any unauthenticated...

7.5CVSS6.1AI score0.02457EPSS

Exploits1References5

Github Security Blog•added 2022/08/27 12:0 a.m.•24 views

Openstack Keystone Incorrect Authorization vulnerability

A flaw was found in openstack-keystone, only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity. A patch is...

7.4CVSS7.2AI score0.01272EPSS

Exploits1References11Affected Software1

OSV•added 2022/08/27 12:0 a.m.•27 views

GHSA-CC99-WHM5-MMQ3 Openstack Keystone Incorrect Authorization vulnerability

9.1CVSS7.3AI score0.01272EPSS

Exploits1References11

NVD•added 2022/08/26 4:15 p.m.•28 views

CVE-2021-3563

7.4CVSS0.01272EPSS

Exploits1References5

OSV•added 2022/08/26 4:15 p.m.•1 views

DEBIAN-CVE-2021-3563

7.4CVSS6.5AI score0.01272EPSS

Exploits1References1

OSV•added 2022/08/26 4:15 p.m.•20 views

CVE-2021-3563

7.4CVSS7.4AI score0.01272EPSS

Exploits1References5

UbuntuCve•added 2022/08/26 4:15 p.m.•24 views

CVE-2021-3563

7.4CVSS6.7AI score0.01272EPSS

Exploits1References2

OSV•added 2022/08/26 4:15 p.m.•1 views

UBUNTU-CVE-2021-3563

7.4CVSS6.6AI score0.01272EPSS

Exploits1References3

Cvelist•added 2022/08/26 3:25 p.m.•35 views

CVE-2021-3563

7.6AI score0.01272EPSS

Exploits1References5

Debian CVE•added 2022/08/26 3:25 p.m.•39 views

CVE-2021-3563

7.4CVSS7.4AI score0.01272EPSS

Exploits1

Positive Technologies•added 2022/08/26 12:0 a.m.•3 views

PT-2022-10472

Name of the Vulnerable Software and Affected Versions openstack-keystone affected versions not specified Description A flaw was found in openstack-keystone, where only the first 72 characters of an application secret are verified. This allows attackers to bypass some password complexity that...

7.5CVSS6.3AI score0.02457EPSS

Exploits3References32

Github Security Blog•added 2022/05/24 7:10 p.m.•19 views

OpenStack Keystone allows information disclosure during account locking

7.5CVSS6.8AI score0.02457EPSS

Exploits1References9Affected Software1

OSV•added 2022/05/24 5:17 p.m.•20 views

GHSA-RQW2-HHRF-7936 OpenStack Keystone does not check signature TTL of the EC2 credential auth method

5.4CVSS6.6AI score0.00705EPSS

Exploits0References9

OSV•added 2022/05/24 5:17 p.m.•2 views

GHSA-4427-7F3W-MQV6 OpenStack Keystone V3 /credentials endpoint policy logic allows to change credentials owner or target project ID

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user...

8.8CVSS8.5AI score0.04918EPSS

Exploits0References13

Github Security Blog•added 2022/05/24 5:17 p.m.•27 views

OpenStack Keystone EC2 and/or credential endpoints are not protected from a scoped context

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope trust/oauth/application credential can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially...

8.8CVSS6.4AI score0.01562EPSS

Exploits0References10Affected Software1

OSV•added 2022/05/24 5:17 p.m.•5 views

GHSA-CHGW-36XV-47CW OpenStack Keystone EC2 and/or credential endpoints are not protected from a scoped context

8.8CVSS8.4AI score0.01562EPSS

Exploits0References10

Github Security Blog•added 2022/05/17 5:22 a.m.•31 views

OpenStack Keystone Allows Remote User Account Creation

OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex 2012.1, allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly...

5.8CVSS6.3AI score0.02895EPSS

Exploits1References12Affected Software1

Github Security Blog•added 2022/05/17 5:9 a.m.•24 views

XML Entity Expansion (XEE) in Django

The XML libraries for Python, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute Nova Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service resource consumption and crash via an XML Entity Expansion XEE attack...

5CVSS6.9AI score0.04863EPSS

Exploits1References14Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by