Lucene search
K

12 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-1924

Malicious code in bioql PyPI...

6CVSS6.3AI score0.02308EPSS
Exploits1References10
OSV
OSV
added 2022/05/13 1:26 a.m.7 views

GHSA-274V-R947-V34R OpenStack Identity Keystone is vulnerable to Block delegation escalation of privilege

OpenStack Identity Keystone before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a 1 trust or 2 OAuth token with impersonation enabled to create a new token with...

6CVSS6.3AI score0.02308EPSS
Exploits1References7
securityvulns
securityvulns
added 2014/08/24 12:0 a.m.104 views

[USN-2324-1] OpenStack Keystone vulnerabilities

========================================================================== Ubuntu Security Notice USN-2324-1 August 21, 2014 keystone vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

6CVSS0.7AI score0.02308EPSS
Exploits2
OpenVAS
OpenVAS
added 2014/08/22 12:0 a.m.32 views

Ubuntu: Security Advisory (USN-2324-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.5AI score0.02308EPSS
Exploits2References2
Ubuntu
Ubuntu
added 2014/08/21 9:9 p.m.63 views

USN-2324-1: OpenStack Keystone vulnerabilities

Steven Hardy discovered that OpenStack Keystone did not properly handle chained delegation. A remove authenticated attacker could use this to gain privileges by creating a new token with additional roles. CVE-2014-3476 Jamie Lennox discovered that OpenStack Keystone did not properly validate the...

6.5CVSS5.4AI score0.02308EPSS
Exploits2
OSV
OSV
added 2014/08/21 9:9 p.m.3 views

USN-2324-1 keystone vulnerabilities

Steven Hardy discovered that OpenStack Keystone did not properly handle chained delegation. A remove authenticated attacker could use this to gain privileges by creating a new token with additional roles. CVE-2014-3476 Jamie Lennox discovered that OpenStack Keystone did not properly validate the...

6.5CVSS5.8AI score0.02308EPSS
Exploits2References6
RedHat Linux
RedHat Linux
added 2014/07/31 3:18 p.m.3 views

openstack-keystone: privilege escalation through trust chained delegation

A flaw was found in keystone's chained delegation. A trustee able to create a delegation from a trust or an OAuth token could misuse identity impersonation to bypass the enforced scope, possibly allowing them to obtain elevated privileges to the trustor's projects and roles...

6CVSS5.7AI score0.02308EPSS
Exploits1References4
OSV
OSV
added 2014/06/17 2:55 p.m.1 views

DEBIAN-CVE-2014-3476

OpenStack Identity Keystone before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a 1 trust or 2 OAuth token with impersonation enabled to create a new token with...

6CVSS6.7AI score0.02308EPSS
Exploits1References1
NVD
NVD
added 2014/06/17 2:55 p.m.20 views

CVE-2014-3476

OpenStack Identity Keystone before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a 1 trust or 2 OAuth token with impersonation enabled to create a new token with...

6CVSS6.3AI score0.02308EPSS
Exploits1References6
Prion
Prion
added 2014/06/17 2:55 p.m.23 views

Design/Logic Flaw

OpenStack Identity Keystone before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a 1 trust or 2 OAuth token with impersonation enabled to create a new token with...

6CVSS6.9AI score0.02308EPSS
Exploits1References6Affected Software2
CVE
CVE
added 2014/06/17 2:0 p.m.74 views

CVE-2014-3476

CVE-2014-3476 affects the OpenStack Keystone (Identity) service. The vulnerability arises from improper handling of chained delegation, where a trustee could use a trust or impersonation-enabled OAuth token to create a new token with additional roles, enabling remote authenticated privilege escal...

6CVSS6.4AI score0.02308EPSS
Exploits1References6Affected Software1
UbuntuCve
UbuntuCve
added 2014/06/17 12:0 a.m.24 views

CVE-2014-3476

OpenStack Identity Keystone before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a 1 trust or 2 OAuth token with impersonation enabled to create a new token with...

6CVSS5.9AI score0.02308EPSS
Exploits1References3
Rows per page
Query Builder