SUSE CVE-2013-0282

OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the 1 user, 2 tenant, or 3 domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions...

PT-2013-4910 · Openstack · Openstack Identity

Name of the Vulnerable Software and Affected Versions: OpenStack Identity Keystone versions Folsom through Havana before havana-3 OpenStack Identity Keystone version Grizzly 2013.1.3 and earlier Description: The issue allows remote authenticated users to retain access via a token when a tenant is...

Keystone: Missing expiration check in Keystone PKI token validation

python-keystoneclient before 0.2.4, as used in OpenStack Keystone Folsom, does not properly check expiry for PKI tokens, which allows remote authenticated users to 1 retain use of a token after it has expired, or 2 use a revoked token once it expires...

CVE-2012-6120

CVE-2012-6120 concerns Puppet: Red Hat OpenStack Essex/Folsom created /var/log/puppet with world-readable permissions, enabling local users to access Puppet log files. The Debian DLA-29-1 advisory reiterates the same issue for the Debian puppet package. Affected component: Puppet log directory ha...

bindings: External entity expansion in Python XML libraries inflicts potential security flaws and DoS vulnerabilities

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External...