150 matches found
RHEL 6 : python-keystoneclient (RHSA-2013:0944)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:0944 advisory. Python-keystoneclient is the client library and command line utility for interacting with the OpenStack identity API. A flaw in Keystone allowed an...
Linux Distros Unpatched Vulnerability : CVE-2014-3476
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenStack Identity Keystone before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote...
Linux Distros Unpatched Vulnerability : CVE-2015-7546
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The identity service in OpenStack Identity Keystone before 2015.1.3 Kilo and 8.0.x before 8.0.2 Liberty and keystonemiddleware formerly python-keystoneclient...
Linux Distros Unpatched Vulnerability : CVE-2014-3520
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenStack Identity Keystone before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthoriz...
RHEL 6 : openstack-keystone (RHSA-2014:0580)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:0580 advisory. The OpenStack Identity service keystone authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The...
RHEL 6 : openstack-keystone (RHSA-2014:0994)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0994 advisory. The OpenStack Identity service keystone authenticates and authorizes OpenStack users by keeping track of users and their permitted activitie...
GHSA-5QPP-V56F-MQFM OpenStack Identity (Keystone) allows remote attackers to bypass intended access restrictions via revoked PKI token
The 1 mamcache and 2 KVS token backends in OpenStack Identity Keystone Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token...
OpenStack Identity (Keystone) allows remote attackers to bypass intended access restrictions via revoked PKI token
The 1 mamcache and 2 KVS token backends in OpenStack Identity Keystone Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token...
GHSA-V8FQ-GQ9J-3V7H OpenStack Identity (Keystone) UUID v2 tokens does not expire with revocation events
The V3 API in OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issuedat value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification 1 GET or 2 HEAD request to v3/auth/tokens/...
OpenStack Identity (Keystone) UUID v2 tokens does not expire with revocation events
The V3 API in OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issuedat value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification 1 GET or 2 HEAD request to v3/auth/tokens/...
GHSA-GMVP-5RF9-MXCM OpenStack Identity (Keystone) Multiple vulnerabilities in revocation events
The MySQL token driver in OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token...
GHSA-6MV3-P2GR-WGQF OpenStack Identity (Keystone) DoS through V3 API authentication chaining
The V3 API in OpenStack Identity Keystone 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service CPU consumption via a large number of the same authentication method in a request, aka "authentication chaining."...
OpenStack Identity (Keystone) DoS through V3 API authentication chaining
The V3 API in OpenStack Identity Keystone 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service CPU consumption via a large number of the same authentication method in a request, aka "authentication chaining."...
GHSA-F82M-W3P3-CGP3 OpenStack Identity Keystone Improper Access Control
The Fernet Token Provider in OpenStack Identity Keystone 9.0.x before 9.0.1 mitaka allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token...
GHSA-HJ89-QMX9-8QMH OpenStack Identity (Keystone) improper revoking of the authentication token when deleting a user
OpenStack Identity Keystone Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token...
GHSA-C4P9-87H3-7VR4 OpenStack Identity Keystone Improper Privilege Management
OpenStack Identity Keystone before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID...
GHSA-8C4W-V65P-JVCV OpenStack Identity Keystone and keystonemiddleware Insufficiently Protected Credentials
The identity service in OpenStack Identity Keystone before 2015.1.3 Kilo and 8.0.x before 8.0.2 Liberty and keystonemiddleware formerly python-keystoneclient before 1.5.4 Kilo and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers,...
GHSA-8V8F-VC72-PMHC OpenStack Identity Keystone Exposure of Sensitive Information
The catalog url replacement in OpenStack Identity Keystone before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$admintoken" in the publicurl endpoint field...
GHSA-7332-36H8-8JH8 OpenStack Identity (Keystone) Denial of Service
OpenStack Identity Keystone before 2013.1 allows remote attackers to cause a denial of service memory consumption and crash via multiple long requests...
GHSA-274V-R947-V34R OpenStack Identity Keystone is vulnerable to Block delegation escalation of privilege
OpenStack Identity Keystone before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a 1 trust or 2 OAuth token with impersonation enabled to create a new token with...