Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Veracode
Veracodeadded 2019/05/02 4:43 a.m.24 views

Privilege Escalation

Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. It was found that Keystone incorrectly handled authorization failures. If a client attempted to change their tenant membership to one they are not authorized to join, Keystone correctly returned a...

7.5CVSS6AI score0.03965EPSS
Exploits0References12Affected Software1
Veracode
Veracodeadded 2019/05/02 4:43 a.m.27 views

Arbitrary Code Execution

Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. It was found that Keystone incorrectly handled authorization failures. If a client attempted to change their tenant membership to one they are not authorized to join, Keystone correctly returned a...

7.5CVSS6AI score0.03965EPSS
Exploits0References16Affected Software1
Veracode
Veracodeadded 2019/05/02 4:43 a.m.21 views

Authorization Bypass

Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. It was found that Keystone incorrectly handled authorization failures. If a client attempted to change their tenant membership to one they are not authorized to join, Keystone correctly returned a...

7.5CVSS6AI score0.03965EPSS
Exploits0References10Affected Software1
RedHat Linux
RedHat Linuxadded 2012/10/16 5:17 p.m.40 views

Important: Red Hat Security Advisory: openstack-keystone security update

Updated openstack-keystone packages that fix multiple security issues are now available for Red Hat OpenStack Essex. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

7.5CVSS5.8AI score0.03965EPSS
Exploits0References5
OSV
OSVadded 2012/10/09 3:55 p.m.7 views

CVE-2012-4457

OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant...

6AI score
Exploits0References10
CVE
CVEadded 2012/10/09 3:0 p.m.61 views

CVE-2012-4457

OpenStack Keystone (Essex) before 2012.1.2 and (Folsom) before folsom-3 has a flaw in token authorization for disabled tenants, enabling remote authenticated users to obtain a token for a disabled tenant and access its resources. Root cause: improper handling of authorization tokens for disabled ...

4CVSS6.2AI score0.02267EPSS
Exploits0References8Affected Software1
OpenVAS
OpenVASadded 2012/10/05 12:0 a.m.33 views

Fedora Update for openstack-keystone FEDORA-2012-13075

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

4.3CVSS6.4AI score0.0248EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2012/10/04 12:0 a.m.32 views

Fedora 17 : openstack-keystone-2012.1.2-4.fc17 (2012-13075)

Require authz to update user's tenant CVE-2012-3542 - Delete user tokens after role grant/revoke CVE-2012-4413 - Fails to validate tokens in Admin API CVE-2012-4456 - Fails to raise Unauthorized user error for disabled tenant CVE-2012-4457 Note that Tenable Network Security has extracted the...

7.5CVSS5.3AI score0.03965EPSS
Exploits0References8
Rows per page
Query Builder