Lucene search
K

4 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 10:30 p.m.25 views

Security Bulletin: Vulnerability in Keystone affects IBM SmartCloud Orchestrator (CVE-2014-3476)

Summary Vulnerability in Keystone affects IBM SmartCloud Orchestrator CVE-2014-3476. Vulnerability Details By creating a delegation from a trust or OAuth token, a trustee might abuse the identity impersonation against keystone and circumvent the enforced scope, which results in potential elevated...

6CVSS0.8AI score0.02308EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/08/08 12:0 a.m.32 views

Fedora 20 : openstack-keystone-2013.2.3-5.fc20 (2014-5497)

Sanitizes authentication methods received in requests CVE-2014-2828 - Privilege escalation through trust chained delegation CVE-2014-3476 - Keystone V2 trusts privilege escalation through user supplied project id CVE-2014-3520 Note that Tenable Network Security has extracted the preceding...

7.8CVSS5.3AI score0.03155EPSS
Exploits3References7
OpenVAS
OpenVAS
added 2014/08/08 12:0 a.m.27 views

Fedora Update for openstack-keystone FEDORA-2014-5497

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.5AI score0.03155EPSS
Exploits7References2
CVE
CVE
added 2014/06/17 2:0 p.m.74 views

CVE-2014-3476

CVE-2014-3476 affects the OpenStack Keystone (Identity) service. The vulnerability arises from improper handling of chained delegation, where a trustee could use a trust or impersonation-enabled OAuth token to create a new token with additional roles, enabling remote authenticated privilege escal...

6CVSS6.4AI score0.02308EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder