473 matches found
Fedora 20 : openstack-keystone-2013.2.3-2.fc20 (2014-4903)
updated to stable havana 2013.2.3 release Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVE...
CVE-2014-0105
The authtoken middleware in the OpenStack Python client library for Keystone aka python-keystoneclient before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, relat...
UBUNTU-CVE-2014-0105
The authtoken middleware in the OpenStack Python client library for Keystone aka python-keystoneclient before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, relat...
UBUNTU-CVE-2014-2828
The V3 API in OpenStack Identity Keystone 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service CPU consumption via a large number of the same authentication method in a request, aka "authentication chaining."...
Fedora Update for openstack-keystone FEDORA-2014-4210
Check for the Version of openstack-keystone OpenVAS Vulnerability Test Fedora Update for openstack-keystone FEDORA-2014-4210 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...
Fedora Update for openstack-keystone FEDORA-2014-4210
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DEBIAN-CVE-2014-2237
The memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being...
PYSEC-2014-105
The memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being...
UBUNTU-CVE-2014-2237
The memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being...
OpenStack Keystone Trustee令牌吊销失败安全绕过漏洞
Bugtraq ID:65895 CVE ID:CVE-2014-2237 Keystone是Openstack中用于身份验证的项目,任何服务请求需要经过它的验证获得服务的endpoint。 OpenStack Keystone Keystone内存令牌后端存在漏洞,当委托人提交启用模拟的可信令牌时,令牌仅添加到委托人令牌列表,但没添加到受托人令牌列表。这会导致受托人吊销令牌时不能使信任令牌正确失效。 使用memcache后端的Keystone受此漏洞影响。 0 Openstack Keystone 2013.1 - 2013.1.4 Openstack Keystone 2013.2 ...
Fedora Update for openstack-keystone FEDORA-2013-23589
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for openstack-keystone FEDORA-2013-23589
Check for the Version of openstack-keystone OpenVAS Vulnerability Test Fedora Update for openstack-keystone FEDORA-2013-23589 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...
Moderate: Red Hat Security Advisory: openstack-keystone security update
Updated openstack-keystone packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...
CVE-2013-2104
python-keystoneclient before 0.2.4, as used in OpenStack Keystone Folsom, does not properly check expiry for PKI tokens, which allows remote authenticated users to 1 retain use of a token after it has expired, or 2 use a revoked token once it expires...
CVE-2013-2104
python-keystoneclient before 0.2.4, as used in OpenStack Keystone Folsom, does not properly check expiry for PKI tokens, which allows remote authenticated users to 1 retain use of a token after it has expired, or 2 use a revoked token once it expires...
Code injection
python-keystoneclient before 0.2.4, as used in OpenStack Keystone Folsom, does not properly check expiry for PKI tokens, which allows remote authenticated users to 1 retain use of a token after it has expired, or 2 use a revoked token once it expires...
PYSEC-2014-69
python-keystoneclient before 0.2.4, as used in OpenStack Keystone Folsom, does not properly check expiry for PKI tokens, which allows remote authenticated users to 1 retain use of a token after it has expired, or 2 use a revoked token once it expires...
PYSEC-2014-69
python-keystoneclient before 0.2.4, as used in OpenStack Keystone Folsom, does not properly check expiry for PKI tokens, which allows remote authenticated users to 1 retain use of a token after it has expired, or 2 use a revoked token once it expires...
CVE-2013-2104
python-keystoneclient before 0.2.4, as used in OpenStack Keystone Folsom, does not properly check expiry for PKI tokens, which allows remote authenticated users to 1 retain use of a token after it has expired, or 2 use a revoked token once it expires...
CVE-2013-2104
CVE-2013-2104 affects Python-keystoneclient = 0.2.4) as part of OpenStack/Keystone updates; multiple advisories reference this fix (e.g., RHSA-2013:0944, openSUSE/SUSE patches). Technical details and affected environments are corroborated across Nessus, OSV, and OSV.DEBIAN entries in the connecte...