2017 matches found
An admin can revoke a claim even after the end date
Lines of code Vulnerability details From the contest description it seems that the sponsor doesn't intend to allow admin to revoke a claim after it end: our vesting contract is deliberately designed to allow admin revocation in the circumstances of early employment termination before the end of...
Vesting revoke will disallow receiver from receiving already unlocked tokens
Lines of code Vulnerability details Impact Unfair loss of tokens for the receiver. Proof of Concept Vesting is used by employers to align incentives in startups and prevent employees from leaving the company if they want to get the vested tokens. This is why a revoke function was included. From t...
CVE-2022-23950
In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations...
CVE-2022-23950
In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations...
Design/Logic Flaw
In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations...
CVE-2022-23950
In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations...
CVE-2022-23950
In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations...
CVE-2022-23950
In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations...
PT-2022-16361 · Keylime · Keylime
Name of the Vulnerable Software and Affected Versions: Keylime versions prior to 6.3.0 Description: The issue arises from the Revocation Notifier in Keylime using a fixed /tmp path for a UNIX domain socket. This can be exploited by unprivileged users to prohibit Keylime operations. Recommendation...
DEBIAN-CVE-2022-2447
A flaw was found in Keystone. There is a time lag up to one hour in a default configuration between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected...
CVE-2022-2447
A flaw was found in Keystone. There is a time lag up to one hour in a default configuration between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected...
CVE-2022-2447
A flaw was found in Keystone. There is a time lag up to one hour in a default configuration between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected...
CVE-2022-2447
A flaw was found in Keystone. There is a time lag up to one hour in a default configuration between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected...
UBUNTU-CVE-2022-2447
A flaw was found in Keystone. There is a time lag up to one hour in a default configuration between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected...
Default configuration
A flaw was found in Keystone. There is a time lag up to one hour in a default configuration between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected...
CVE-2022-2447
A flaw was found in Keystone. There is a time lag up to one hour in a default configuration between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected...
CVE-2022-2447
CVE-2022-2447 affects OpenStack Keystone. A time lag (up to one hour) between policy revocation and actual revocation could let a remote administrator maintain access longer than expected. Related advisories (e.g., Ubuntu USN-7926-1) reference this CVE and indicate that updates are available; app...
CVE-2022-2447
A flaw was found in Keystone. There is a time lag up to one hour in a default configuration between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected...
CVE-2022-2447
A flaw was found in Keystone. There is a time lag up to one hour in a default configuration between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected...
PT-2022-16707
Name of the Vulnerable Software and Affected Versions Keystone affected versions not specified Description A flaw was found in Keystone, where there is a time lag of up to one hour in the default configuration between when the security policy says a token should be revoked and when it is actually...