CVE-2013-0270

A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected...

CVE-2013-0270

A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected...

Design/Logic Flaw

OpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier allows remote attackers to cause a denial of service CPU and memory consumption via a large HTTP request, as demonstrated by a long tenantname when requesting a token...

Authentication flaw

OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the 1 user, 2 tenant, or 3 domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions...

CVE-2013-0282

OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the 1 user, 2 tenant, or 3 domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions...

CVE-2013-0270 Keystone: openstack keystone: denial of service via large http request with long tenant name

A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected...

CVE-2013-0270

OpenStack Keystone CVE-2013-0270 affects Grizzly before 2013.1 (Folsom and possibly earlier). The vulnerability allows remote attackers to trigger a denial of service by sending a large HTTP request, demonstrated by an oversized tenant_name during token requests. Supported sources across multiple...

CVE-2013-0270

A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected...

CVE-2013-0282

CVE-2013-0282 affects OpenStack Keystone (Grizzly 2013.1, Folsom 2012.1.3, Essex). The root cause is that EC2-style authentication did not properly verify that the (1) user, (2) tenant, or (3) domain is enabled, enabling context-dependent attackers to bypass access restrictions. Public documents ...

CVE-2013-0282

OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the 1 user, 2 tenant, or 3 domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions...

CVE-2013-1815

A flaw was found in PackStack. This vulnerability allows a local user to modify deployed systems by changing the answer file, which is created in insecure directories such as /tmp or the current working directory. This insecure file creation could lead to unauthorized system modifications...

CVE-2012-6120

Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files...

CVE-2012-6120

Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files...

DEBIAN-CVE-2012-6120

Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files...

Design/Logic Flaw

PackStack 2012.2.3 in Red Hat OpenStack Essex and Folsom can create the answer file in insecure directories such as /tmp or the current working directory, which allows local users to modify deployed systems by changing this file...

Code injection

Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files...

CVE-2012-6120

Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files...

CVE-2012-6120

CVE-2012-6120 concerns Puppet: Red Hat OpenStack Essex/Folsom created /var/log/puppet with world-readable permissions, enabling local users to access Puppet log files. The Debian DLA-29-1 advisory reiterates the same issue for the Debian puppet package. Affected component: Puppet log directory ha...

CVE-2013-1815 Packstack: red hat openstack: packstack: unauthorized system modification via insecure answer file creation

A flaw was found in PackStack. This vulnerability allows a local user to modify deployed systems by changing the answer file, which is created in insecure directories such as /tmp or the current working directory. This insecure file creation could lead to unauthorized system modifications...

CVE-2013-1815

CVE-2013-1815 affects PackStack 2012.2.3 in Red Hat OpenStack Essex/Folsom, where the answer file could be created in insecure directories (e.g., /tmp or cwd), enabling local modification of deployed systems. The RHSA-2013:0671 advisory documents the fix: after the update, PackStack creates the a...