Lucene search
K

150 matches found

Prion
Prion
added 2014/04/01 6:35 a.m.17 views

Authentication flaw

The memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being...

5CVSS6.8AI score0.01367EPSS
Exploits1References4Affected Software1
UbuntuCve
UbuntuCve
added 2014/04/01 6:35 a.m.26 views

CVE-2014-2237

The memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being...

5CVSS5.9AI score0.01367EPSS
Exploits1References3
OSV
OSV
added 2014/04/01 6:35 a.m.7 views

PYSEC-2014-105

The memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being...

5CVSS6.1AI score0.01367EPSS
Exploits1References4
Cvelist
Cvelist
added 2014/04/01 1:0 a.m.34 views

CVE-2014-2237

The memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being...

6.1AI score0.01367EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2014/04/01 1:0 a.m.64 views

CVE-2014-2237

The memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being...

5CVSS6.2AI score0.01367EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2014/01/22 6:31 p.m.41 views

Moderate: Red Hat Security Advisory: openstack-keystone security and bug fix update

Updated openstack-keystone packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base scor...

5.8CVSS5.8AI score0.02239EPSS
Exploits2References2
OSV
OSV
added 2013/12/14 5:21 p.m.8 views

CVE-2013-6391

The ec2tokens API in OpenStack Identity Keystone before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2toke...

6.6AI score
Exploits0References11
Prion
Prion
added 2013/12/14 5:21 p.m.23 views

Cross site request forgery (csrf)

The ec2tokens API in OpenStack Identity Keystone before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2toke...

5.8CVSS7.2AI score0.02239EPSS
Exploits2References8Affected Software3
Debian CVE
Debian CVE
added 2013/12/14 5:0 p.m.37 views

CVE-2013-6391

The ec2tokens API in OpenStack Identity Keystone before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2toke...

5.8CVSS6.6AI score0.02239EPSS
Exploits2
UbuntuCve
UbuntuCve
added 2013/12/11 3:0 p.m.30 views

CVE-2013-6391

The ec2tokens API in OpenStack Identity Keystone before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2toke...

5.8CVSS5.9AI score0.02239EPSS
Exploits2References3
securityvulns
securityvulns
added 2013/11/26 12:0 a.m.104 views

[USN-2034-1] OpenStack Keystone vulnerability

========================================================================== Ubuntu Security Notice USN-2034-1 November 25, 2013 keystone vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

3.3CVSS0.3AI score0.00444EPSS
Exploits1
OSV
OSV
added 2013/11/02 7:55 p.m.5 views

CVE-2013-4477

The LDAP backend in OpenStack Identity Keystone Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges...

6.3AI score
Exploits0References4
CVE
CVE
added 2013/11/02 7:0 p.m.92 views

CVE-2013-4477

CVE-2013-4477 affects the LDAP backend of OpenStack Identity (Keystone) in the Grizzly and Havana releases. The issue occurs when removing a role on a tenant for a user who does not have that role; Keystone ends up granting that role to the user, effectively allowing local users to gain privilege...

3.3CVSS6.3AI score0.00444EPSS
Exploits1References4Affected Software2
UbuntuCve
UbuntuCve
added 2013/11/02 12:0 a.m.36 views

CVE-2013-4477

The LDAP backend in OpenStack Identity Keystone Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges...

3.3CVSS5.9AI score0.00444EPSS
Exploits1References4
OSV
OSV
added 2013/09/30 10:55 p.m.9 views

CVE-2013-4222

OpenStack Identity Keystone Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token...

6AI score
Exploits0References5
Cvelist
Cvelist
added 2013/09/30 8:0 p.m.43 views

CVE-2013-4222

OpenStack Identity Keystone Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token...

6AI score0.01892EPSS
Exploits0References4
OSV
OSV
added 2013/09/23 8:55 p.m.12 views

PYSEC-2013-42

The 1 mamcache and 2 KVS token backends in OpenStack Identity Keystone Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token...

5CVSS6.3AI score0.02342EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2013/09/23 8:0 p.m.42 views

CVE-2013-4294

The 1 mamcache and 2 KVS token backends in OpenStack Identity Keystone Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token...

5CVSS6.4AI score0.02342EPSS
Exploits0
OpenVAS
OpenVAS
added 2013/08/20 12:0 a.m.31 views

Fedora Update for python-keystoneclient FEDORA-2013-14302

Check for the Version of python-keystoneclient OpenVAS Vulnerability Test Fedora Update for python-keystoneclient FEDORA-2013-14302 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

5.5CVSS9.6AI score0.02064EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2013/08/12 12:0 a.m.33 views

Fedora Update for openstack-keystone FEDORA-2013-10713

Check for the Version of openstack-keystone OpenVAS Vulnerability Test Fedora Update for openstack-keystone FEDORA-2013-10713 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

6.8CVSS9.8AI score0.04863EPSS
Exploits3References2
Rows per page
Query Builder