Fedora 17 : openstack-keystone-2012.1.2-4.fc17 (2012-13075)

Require authz to update user's tenant CVE-2012-3542 - Delete user tokens after role grant/revoke CVE-2012-4413 - Fails to validate tokens in Admin API CVE-2012-4456 - Fails to raise Unauthorized user error for disabled tenant CVE-2012-4457 Note that Tenable Network Security has extracted the...

[SECURITY] Fedora 17 Update: openstack-keystone-2012.1.2-4.fc17

Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. This package contains the Keystone daemon...

OpenStack Keystone Default Credentials

It is possible to log into the remote OpenStack Keystone instance by providing default credentials. Knowing these, an attacker can gain administrative control of the affected application and would then be able to read and write to Keystone, which is used as an identity provider by other services...

OpenStack Glance Detection

OpenStack Glance, a Python application that provides services for managing virtual machine images, was found on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid62352; scriptversion"1.4"; scriptcvsdate"Date: 2019/11/22"; scriptnameenglish:"OpenStack...

OpenStack Keystone Detection

OpenStack Keystone, a Python application that provides identity, token, catalog and policy services to other OpenStack components was found on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid62353; scriptversion"1.3"; scriptcvsdate"Date: 2019/11/22";...

CVE-2012-4413

OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles...

DEBIAN-CVE-2012-4413

OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles...

CVE-2012-4413

OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles...

Design/Logic Flaw

OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles...

CVE-2012-4413

OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles...

CVE-2012-4413

OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles...

CVE-2012-4413

CVE-2012-4413 affects OpenStack Keystone before 2012.1.3. The vulnerability occurs because Keystone does not invalidate existing tokens when roles are granted or revoked, allowing remote authenticated users to retain privileges associated with revoked roles. The issue has been acknowledged in mul...

PT-2012-5384 · Openstack · Openstack Keystone

Name of the Vulnerable Software and Affected Versions: OpenStack Keystone versions prior to 2012.1.3 Description: The issue allows remote authenticated users to retain the privileges of revoked roles because existing tokens are not invalidated when roles are granted or revoked. Recommendations: F...

Ubuntu: Security Advisory (USN-1565-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu Update for horizon USN-1565-1

Ubuntu Update for Linux kernel vulnerabilities USN-1565-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN15651.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for horizon USN-1565-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...

USN-1565-1: OpenStack Horizon vulnerability

Thomas Biege discovered that the Horizon authentication mechanism did not validate the next parameter. An attacker could use this to construct a link to legitimate OpenStack web dashboard that redirected the user to a malicious website after authentication...

USN-1564-1: OpenStack Keystone vulnerability

Dolph Mathews discovered that when roles are granted and revoked to users in Keystone, pre-existing tokens were not updated or invalidated to take the new roles into account. An attacker could use this to continue to access resources that have been revoked...

CVE-2012-4413

OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles...

Ubuntu 12.04 LTS : horizon vulnerability (USN-1565-1)

Thomas Biege discovered that the Horizon authentication mechanism did not validate the next parameter. An attacker could use this to construct a link to legitimate OpenStack web dashboard that redirected the user to a malicious website after authentication. Note that Tenable Network Security has...

DEBIAN-CVE-2012-3540

Open redirect vulnerability in views/authforms.py in OpenStack Dashboard Horizon Essex 2012.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by...