CVE-2013-2104

python-keystoneclient before 0.2.4, as used in OpenStack Keystone Folsom, does not properly check expiry for PKI tokens, which allows remote authenticated users to 1 retain use of a token after it has expired, or 2 use a revoked token once it expires...

CVE-2013-2104

CVE-2013-2104 affects Python-keystoneclient = 0.2.4) as part of OpenStack/Keystone updates; multiple advisories reference this fix (e.g., RHSA-2013:0944, openSUSE/SUSE patches). Technical details and affected environments are corroborated across Nessus, OSV, and OSV.DEBIAN entries in the connecte...

CVE-2013-2104

python-keystoneclient before 0.2.4, as used in OpenStack Keystone Folsom, does not properly check expiry for PKI tokens, which allows remote authenticated users to 1 retain use of a token after it has expired, or 2 use a revoked token once it expires...

PT-2014-2551 · Openstack · Python-Keystoneclient

Name of the Vulnerable Software and Affected Versions: python-keystoneclient versions prior to 0.2.4 Description: The issue allows remote authenticated users to retain use of a token after it has expired or use a revoked token once it expires, due to improper checking of expiry for PKI tokens...

Fedora 20 : openstack-nova-2013.2.1-2.fc20 (2013-23524)

Update to stable/havana 2013.2.1 release Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...

DEBIAN-CVE-2013-6419

Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by 1...

CVE-2013-6419

Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by 1...

CVE-2013-6419

Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by 1...

Design/Logic Flaw

Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by 1...

Critical: Red Hat Security Advisory: ruby193-ruby security update

Updated ruby193-ruby packages that fix one security issue are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2013-6419

Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by 1...

CVE-2013-6419

Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by 1...

CVE-2013-6419

CVE-2013-6419 affects OpenStack Nova and Neutron. The vulnerability arises from an missing authorization check on the device ID bound to a port, allowing remote tenants to retrieve metadata by spoofing that device ID. Affected components include Nova’s api/metadata/handler.py and Neutron’s neutro...

[SECURITY] Fedora 20 Update: openstack-nova-2013.2.1-2.fc20

OpenStack Compute codename Nova is open source software designed to provision and manage large networks of virtual machines, creating a redundant and scalable cloud computing platform. It gives you the software, control panels, and APIs required to orchestrate a cloud, including running instances...

Fedora 20 : openstack-keystone-2013.2.1-1.fc20 (2013-23589)

Update to Havana stable release 2013.2.1 - Havana GA Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Fedora 20 : openstack-glance-2013.2.1-1.fc20 (2013-23680)

Update to Havana stable release 2013.2.1 Fixes 956815 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

[SECURITY] Fedora 20 Update: openstack-glance-2013.2.1-1.fc20

OpenStack Image Service code-named Glance provides discovery, registratio n, and delivery services for virtual disk images. The Image Service API server provides a standard REST interface for querying information about virtual d isk images stored in a variety of back-end stores, including OpenSta...

[SECURITY] Fedora 20 Update: openstack-keystone-2013.2.1-1.fc20

Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. This package contains the Keystone daemon...

CVE-2013-2030

keystone/middleware/authtoken.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova...

PYSEC-2013-45

keystone/middleware/authtoken.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova...