SUSE CVE-2013-0282

OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the 1 user, 2 tenant, or 3 domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions...

CVE-2012-6120

CVE-2012-6120 concerns Puppet: Red Hat OpenStack Essex/Folsom created /var/log/puppet with world-readable permissions, enabling local users to access Puppet log files. The Debian DLA-29-1 advisory reiterates the same issue for the Debian puppet package. Affected component: Puppet log directory ha...

bindings: External entity expansion in Python XML libraries inflicts potential security flaws and DoS vulnerabilities

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External...

Fedora 17 : openstack-keystone-2012.1-1.fc17 (2012-4690)

Update to Openstack Essex release Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 ...