Lucene search
+L

4 matches found

OSV
OSV
added 2013/11/02 7:55 p.m.2 views

DEBIAN-CVE-2013-4477

The LDAP backend in OpenStack Identity Keystone Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges...

3.3CVSS6.4AI score0.00444EPSS
Exploits1References1
OSV
OSV
added 2012/12/18 1:55 a.m.4 views

DEBIAN-CVE-2012-5571

A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 Elastic Compute Cloud tokens when a user's role has been removed from a tenant. An attack...

5.4CVSS5.7AI score0.02038EPSS
Exploits0References1
PyPA
PyPA
added 2012/12/18 1:55 a.m.6 views

PYSEC-2012-35

OpenStack Keystone Essex 2012.1 and Folsom 2012.2 does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role...

5.4CVSS6.8AI score0.02038EPSS
Exploits0References15Affected Software1
ATTACKERKB
ATTACKERKB
added 2012/12/18 1:55 a.m.9 views

CVE-2012-5571

A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 Elastic Compute Cloud tokens when a user's role has been removed from a tenant. An attack...

5.4CVSS5.8AI score0.02038EPSS
Exploits0References16
Rows per page
Query Builder