Lucene search
K

10 matches found

vulnersOsv
vulnersOsv
added 2022/05/17 1:42 a.m.2 views

a10-octavia (>=1.0.0 <=2.2.0) potentially affected by CVE-2012-4413 via keystone (>=15.0.1 <=18.0.0)

keystone PYPI version =15.0.1, =1.0.0, =2.2.0 Source cves: CVE-2012-4413 Source advisory: OSV:GHSA-MRXV-65RV-6HXQ...

4CVSS5.8AI score0.01881EPSS
Exploits0
Veracode
Veracode
added 2019/05/02 4:43 a.m.21 views

Authorization Bypass

Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. It was found that Keystone incorrectly handled authorization failures. If a client attempted to change their tenant membership to one they are not authorized to join, Keystone correctly returned a...

7.5CVSS6AI score0.03965EPSS
Exploits0References10Affected Software1
Veracode
Veracode
added 2019/05/02 4:43 a.m.28 views

Arbitrary Code Execution

Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. It was found that Keystone incorrectly handled authorization failures. If a client attempted to change their tenant membership to one they are not authorized to join, Keystone correctly returned a...

7.5CVSS6AI score0.03965EPSS
Exploits0References16Affected Software1
Veracode
Veracode
added 2019/05/02 4:43 a.m.25 views

Privilege Escalation

Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. It was found that Keystone incorrectly handled authorization failures. If a client attempted to change their tenant membership to one they are not authorized to join, Keystone correctly returned a...

7.5CVSS6AI score0.03965EPSS
Exploits0References12Affected Software1
OpenVAS
OpenVAS
added 2012/12/11 12:0 a.m.25 views

Fedora Update for openstack-keystone FEDORA-2012-19341

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

5.4CVSS5.8AI score0.02038EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2012/10/16 5:17 p.m.43 views

Important: Red Hat Security Advisory: openstack-keystone security update

Updated openstack-keystone packages that fix multiple security issues are now available for Red Hat OpenStack Essex. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

7.5CVSS5.8AI score0.03965EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2012/10/05 12:0 a.m.33 views

Fedora Update for openstack-keystone FEDORA-2012-13075

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

4.3CVSS6.4AI score0.0248EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2012/10/04 12:0 a.m.32 views

Fedora 17 : openstack-keystone-2012.1.2-4.fc17 (2012-13075)

Require authz to update user's tenant CVE-2012-3542 - Delete user tokens after role grant/revoke CVE-2012-4413 - Fails to validate tokens in Admin API CVE-2012-4456 - Fails to raise Unauthorized user error for disabled tenant CVE-2012-4457 Note that Tenable Network Security has extracted the...

7.5CVSS5.3AI score0.03965EPSS
Exploits0References8
CVE
CVE
added 2012/09/18 5:0 p.m.75 views

CVE-2012-4413

CVE-2012-4413 affects OpenStack Keystone before 2012.1.3. The vulnerability occurs because Keystone does not invalidate existing tokens when roles are granted or revoked, allowing remote authenticated users to retain privileges associated with revoked roles. The issue has been acknowledged in mul...

4CVSS6.1AI score0.01881EPSS
Exploits0References7Affected Software1
Debian CVE
Debian CVE
added 2012/09/18 5:0 p.m.28 views

CVE-2012-4413

OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles...

4CVSS6.1AI score0.01881EPSS
Exploits0
Rows per page
Query Builder