Lucene search
K

13 matches found

Github Security Blog
Github Security Blog
added 2022/05/17 4:31 a.m.23 views

OpenStack Keystone Domain-scoped tokens don't get revoked

OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain...

4.9CVSS6.8AI score0.01488EPSS
Exploits0References12Affected Software1
OSV
OSV
added 2022/05/17 4:31 a.m.7 views

GHSA-77W8-QV8M-386H OpenStack Keystone Domain-scoped tokens don't get revoked

OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain...

7.1CVSS6AI score0.01488EPSS
Exploits0References12
NVD
NVD
added 2022/02/01 11:15 a.m.18 views

CVE-2022-23607

treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request methods treq.get, treq.post, etc. and treq.client.HTTPClient constructor accept cookies as a dictionary. Such cookies are not bound to a single domain, and are therefore sent to every domain...

6.5CVSS0.01083EPSS
Exploits0References2
PyPA
PyPA
added 2022/02/01 11:15 a.m.5 views

PYSEC-2022-26

treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request methods treq.get, treq.post, etc. and treq.client.HTTPClient constructor accept cookies as a dictionary. Such cookies are not bound to a single domain, and are therefore sent to every domain...

6.5CVSS6.6AI score0.01083EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/02/01 12:0 a.m.2 views

PT-2022-16122 · Treq +1 · Treq +1

Name of the Vulnerable Software and Affected Versions: treq versions prior to 2021.1.0 Description: The treq library's request methods treq.get, treq.post, etc. and treq.client.HTTPClient constructor accept cookies as a dictionary. These cookies are not bound to a single domain and are sent to...

7.1CVSS6.1AI score0.01083EPSS
Exploits0References27
RedHat Linux
RedHat Linux
added 2014/09/02 5:58 p.m.3 views

openstack-keystone: domain-scoped tokens don't get revoked

It was discovered that domain-scoped tokens were not revoked when a domain was disabled. Only OpenStack Identity setups configured to make use of revocation events were affected...

4.9CVSS5.8AI score0.01488EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/09/02 5:58 p.m.11 views

openstack-keystone: domain-scoped tokens don't get revoked

It was discovered that domain-scoped tokens were not revoked when a domain was disabled. Only OpenStack Identity setups configured to make use of revocation events were affected...

4.9CVSS5.8AI score0.01488EPSS
Exploits0References4
NVD
NVD
added 2014/08/25 2:55 p.m.32 views

CVE-2014-5253

OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain...

4.9CVSS6.1AI score0.01488EPSS
Exploits0References5
OSV
OSV
added 2014/08/25 2:55 p.m.3 views

DEBIAN-CVE-2014-5253

OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain...

4.9CVSS6.8AI score0.01488EPSS
Exploits0References1
Prion
Prion
added 2014/08/25 2:55 p.m.20 views

Design/Logic Flaw

OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain...

4.9CVSS6.6AI score0.01488EPSS
Exploits0References5Affected Software2
Cvelist
Cvelist
added 2014/08/25 2:0 p.m.32 views

CVE-2014-5253

OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain...

6.1AI score0.01488EPSS
Exploits0References5
CVE
CVE
added 2014/08/25 2:0 p.m.63 views

CVE-2014-5253

CVE-2014-5253 affects OpenStack Keystone (2014.1.x before 2014.1.2.1 and Juno before Juno-3). The issue is that domain invalidation does not properly revoke tokens, allowing remote authenticated users to retain access via a domain-scoped token for that domain. Connected sources (e.g., GHSA-77W8-Q...

4.9CVSS6.2AI score0.01488EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2014/08/15 12:0 a.m.3 views

UBUNTU-CVE-2014-5253

OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain...

4.9CVSS5.8AI score0.01488EPSS
Exploits0References5
Rows per page
Query Builder