CVE-2013-2059

OpenStack Keystone vulnerability CVE-2013-2059 affects Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana. The root cause is that authentication tokens are not immediately revoked when deleting a user via the Keystone v2 API, allowing remote authenticated users to retain access via ...

CVE-2013-1977

OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admintoken secret by reading the file...

CVE-2013-1977

OpenStack CVE-2013-1977 affects Keystone.conf handling in devstack/OpenStack deployments. The root cause is world-readable permissions on keystone.conf, enabling local users to read sensitive data such as LDAP passwords and the admin_token. Multiple connected sources corroborate this issue across...

USN-1831-1: OpenStack Nova vulnerability

Loganathan Parthipan discovered that Nova did not verify the size of QCOW2 instance storage. An authenticated attacker could exploit this to cause a denial of service by creating an image with a large virtual size with little data, then filling the virtual disk...

USN-1830-1: OpenStack Keystone vulnerability

Sam Stoelinga discovered that Keystone would not immediately invalidate tokens when deleting users via the v2 API. A deleted user would be able to continue to use resources until the token lifetime expired...

CVE-2013-2096

OpenStack Compute Nova Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service host file system disk consumption by creating an image with a large virtual size that does not contain a large amount of data...

Low: Red Hat Security Advisory: openstack-keystone security and bug fix update

Updated openstack-keystone packages that fix one security issue and various bugs are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

CVE-2013-2030

keystone/middleware/authtoken.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova...

CVE-2013-2059

OpenStack Identity Keystone Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token...

OpenStack Keystone 密码信息泄露漏洞(CVE-2013-2013)

BUGTRAQ ID: 59504 CVECAN ID: CVE-2013-2013 OpenStack Keystone为OpenStack系列计划提供身份、令牌、目录和策略服务的项目。 Keystone通过CLI更新密码时，在命令行输入了文本形式的用户名和密码，攻击者通过列出进程利用此漏洞可获取凭证等敏感信息。 0 openstack Keystone 厂商补丁： openstack --------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...

OpenStack Keystone不安全文件权限漏洞(CVE-2013-1977)

BUGTRAQ ID: 59310 CVECAN ID: CVE-2013-1977 OpenStack Keystone为OpenStack系列计划提供身份、令牌、目录和策略服务的项目。 Keystone.conf管理方式上存在安全漏洞，本地攻击者可利用此漏洞获取LDAP密码配置和admintoken。 0 openstack Keystone 厂商补丁： openstack --------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://lists.openstack.org/pipermail/openstack-announce/...

OpenStack Keystone 验证绕过漏洞(CVE-2013-0282)

CVE ID:CVE-2013-0282 OpenStack Keystone为OpenStack系列计划提供身份、令牌、目录和策略服务的项目。 在使用EC2-Style验证时OpenStack Keystone Grizzly，Folsom, Essex没有正确检查用户，租户或域是否启用，允许远程攻击者利用漏洞绕过访问限制。 仅设置了启用EC2-Style验证的系统受此漏洞影响。 0 OpenStack Keystone Grizzly 2013.1之前版本 OpenStack Keystone Folsom 2012.1.3之前版本 OpenStack Keystone Essex...

Fedora Update for openstack-keystone FEDORA-2013-4590

Check for the Version of openstack-keystone OpenVAS Vulnerability Test Fedora Update for openstack-keystone FEDORA-2013-4590 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

Fedora Update for openstack-keystone FEDORA-2013-4590

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2013-0282

OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the 1 user, 2 tenant, or 3 domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions...

CVE-2013-0270

A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected...

DEBIAN-CVE-2013-0282

OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the 1 user, 2 tenant, or 3 domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions...

DEBIAN-CVE-2013-0270

A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected...

CVE-2013-0270

OpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier allows remote attackers to cause a denial of service CPU and memory consumption via a large HTTP request, as demonstrated by a long tenantname when requesting a token...

CVE-2013-0282

OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the 1 user, 2 tenant, or 3 domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions...