Lucene search
K

150 matches found

OSV
OSV
added 2022/05/13 1:7 a.m.8 views

GHSA-J36M-HV43-7W7M OpenStack Identity service (keystone) Incorrect Authorization

An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service keystone. An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles...

8.6CVSS6.7AI score0.02106EPSS
Exploits1References13
OpenVAS
OpenVAS
added 2020/05/08 12:0 a.m.54 views

Debian: Security Advisory (DSA-4679-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.1AI score0.04918EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/12/19 7:28 p.m.57 views

Important: Red Hat Security Advisory: openstack-keystone security update

An update for openstack-keystone is now available for Red Hat OpenStack Platform 15 Stein. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.8CVSS6.8AI score0.0178EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2019/12/04 12:0 a.m.268 views

EulerOS 2.0 SP2 : openssl098e (EulerOS-SA-2019-2509)

According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared...

7.5CVSS7.6AI score0.99999EPSS
Exploits17References19
Veracode
Veracode
added 2019/01/15 8:55 a.m.32 views

Privilege Escalation

openstack-keystone is vulnerable to privilege escalation attacks. The vulnerability exists as the ec2tokens API in OpenStack Identity Keystone before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain...

5.8CVSS6.7AI score0.02239EPSS
Exploits2References10Affected Software1
Veracode
Veracode
added 2019/01/15 8:52 a.m.24 views

Improper Invalidation Of Token

openstack-keystone is vulnerable to access bypass attacks. The vulnerability exists as the memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not inclu...

5CVSS6AI score0.01367EPSS
Exploits1References8Affected Software1
OpenVAS
OpenVAS
added 2018/08/15 12:0 a.m.37 views

Debian: Security Advisory (DSA-4275-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS5.3AI score0.01618EPSS
Exploits0References4
OSV
OSV
added 2018/07/19 1:29 p.m.11 views

PYSEC-2018-152

An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service keystone. An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles...

7.2CVSS6.7AI score0.02106EPSS
Exploits1References6
Cvelist
Cvelist
added 2018/07/19 1:0 p.m.30 views

CVE-2017-2673

An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service keystone. An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles...

6.8CVSS6.7AI score0.02106EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2017/06/14 3:29 p.m.42 views

Moderate: Red Hat Security Advisory: openstack-keystone security, bug fix, and enhancement update

An update for openstack-keystone is now available for Red Hat OpenStack Platform 9.0 Mitaka. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.2CVSS6.8AI score0.02106EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2017/04/27 12:0 a.m.21 views

CVE-2017-2673

An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service keystone. An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles...

7.2CVSS6.8AI score0.02106EPSS
Exploits1References3
OSV
OSV
added 2016/06/13 2:59 p.m.7 views

CVE-2016-4911

The Fernet Token Provider in OpenStack Identity Keystone 9.0.x before 9.0.1 mitaka allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token...

4.3CVSS4.3AI score
Exploits0References6
OSV
OSV
added 2016/06/13 2:59 p.m.9 views

PYSEC-2016-38

The Fernet Token Provider in OpenStack Identity Keystone 9.0.x before 9.0.1 mitaka allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token...

4.3CVSS4.3AI score0.01402EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2016/06/13 2:59 p.m.16 views

CVE-2016-4911

The Fernet Token Provider in OpenStack Identity Keystone 9.0.x before 9.0.1 mitaka allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token...

4.3CVSS5.9AI score0.01402EPSS
Exploits0References1
CVE
CVE
added 2016/06/13 2:0 p.m.49 views

CVE-2016-4911

The CVE-2016-4911 entry affects OpenStack Identity (Keystone) in the Fernet Token Provider (9.0.x prior to 9.0.1, Mitaka). The root cause is a token rescoping flaw that allows remote authenticated users to bypass access restrictions and potentially prevent revocation of a token chain. This could ...

4.3CVSS4.3AI score0.01402EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2016/05/18 9:18 a.m.20 views

CVE-2016-4911

The Fernet Token Provider in OpenStack Identity Keystone 9.0.x before 9.0.1 mitaka allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token...

4.3CVSS5AI score0.01402EPSS
Exploits0References1
CNVD
CNVD
added 2016/02/11 12:0 a.m.4 views

Multiple OpenStack Products Access Bypass Vulnerabilities

OpenStack Identity Keystone is a project developed by the National Aeronautics and Space Administration and Rackspace in the United States for authentication, providing identity, token, directory and policy services. OpenStack keystonemiddleware formerly known as python-keystoneclient is one of t...

7.5CVSS7.2AI score0.01708EPSS
Exploits0References1
NVD
NVD
added 2016/02/03 6:59 p.m.28 views

CVE-2015-7546

The identity service in OpenStack Identity Keystone before 2015.1.3 Kilo and 8.0.x before 8.0.2 Liberty and keystonemiddleware formerly python-keystoneclient before 1.5.4 Kilo and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers,...

7.5CVSS7.3AI score0.01708EPSS
Exploits0References5
OSV
OSV
added 2016/02/03 6:59 p.m.8 views

CVE-2015-7546

The identity service in OpenStack Identity Keystone before 2015.1.3 Kilo and 8.0.x before 8.0.2 Liberty and keystonemiddleware formerly python-keystoneclient before 1.5.4 Kilo and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers,...

7.5CVSS7.3AI score
Exploits0References7
Prion
Prion
added 2016/02/03 6:59 p.m.15 views

Authorization

The identity service in OpenStack Identity Keystone before 2015.1.3 Kilo and 8.0.x before 8.0.2 Liberty and keystonemiddleware formerly python-keystoneclient before 1.5.4 Kilo and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers,...

6CVSS7AI score0.01708EPSS
Exploits0References5Affected Software3
Rows per page
Query Builder