7712 matches found
Authorization
OpenStack Keystone Essex 2012.1 and Folsom 2012.2 does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role...
CVE-2012-5571 Openstack keystone: openstack keystone: authorization bypass via improper ec2 token handling
A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 Elastic Compute Cloud tokens when a user's role has been removed from a tenant. An attack...
CVE-2012-5563
CVE-2012-5563 affects OpenStack Keystone as used in OpenStack Folsom 2012.2. Keystone does not properly enforce token expiration, allowing remote authenticated users to bypass authorization by creating new tokens via token chaining. This issue is noted as a regression of CVE-2012-3426. Red Hat RH...
CVE-2012-5563
OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression...
CVE-2012-5571
A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 Elastic Compute Cloud tokens when a user's role has been removed from a tenant. An attack...
CVE-2012-5563
OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression...
CVE-2012-5571
OpenStack Keystone is affected by CVE-2012-5571: EC2-style credentials can bypass authorization when a user’s role is removed from a tenant, allowing remote authenticated access. Root cause: improper handling of EC2 tokens tied to removed roles. Impact: unauthorized access to resources. Affected ...
PT-2012-6028 · Openstack · Openstack Keystone
Name of the Vulnerable Software and Affected Versions: OpenStack Keystone version 2012.2 Description: The issue is related to the improper implementation of token expiration in OpenStack Keystone, allowing remote authenticated users to bypass intended authorization restrictions. This is achieved ...
[USN-1663-1] Nova vulnerability
========================================================================== Ubuntu Security Notice USN-1663-1 December 12, 2012 nova vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
CVE-2012-5625
OpenStack Compute Nova Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume PV content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume L...
[SECURITY] Fedora 18 Update: openstack-keystone-2012.2.1-1.fc18
Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. This package contains the Keystone daemon...
[SECURITY] Fedora 17 Update: openstack-keystone-2012.1.3-3.fc17
Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. This package contains the Keystone daemon...
Fedora Update for openstack-keystone FEDORA-2012-19341
Check for the Version of openstack-keystone OpenVAS Vulnerability Test Fedora Update for openstack-keystone FEDORA-2012-19341 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...
Fedora 17 : openstack-keystone-2012.1.3-3.fc17 (2012-19341)
EC2-style credentials invalidation issue CVE-2012-5571 - Fix /etc/keystone directory permission CVE-2012-5483 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as...
Fedora Update for openstack-keystone FEDORA-2012-19341
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora 18 : openstack-keystone-2012.2.1-1.fc18 (2012-19584)
update to stable folsom release 2012.2.1 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...
OpenStack: Glance Authentication bypass for image deletion
The v1 API in OpenStack Glance Grizzly, Folsom 2012.2, and Essex 2012.1 allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482...
Low: Red Hat Security Advisory: openstack-glance security update
Updated openstack-glance packages that fix multiple bugs and add various enhancements are now available for Red Hat OpenStack Essex. The openstack-glance packages allows virtual machine images to be discovered, registered and retrieved. It also includes a RESTful API to provide these services to...
OpenStack: Keystone extension of token validity through token chaining
OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression...
Moderate: Red Hat Security Advisory: openstack-keystone security, bug fix, and enhancement update
Updated openstack-keystone packages that fix two security issues, multiple bugs, and add enhancements are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores,...