476 matches found
PYSEC-2019-29
OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforcescope is false. Users with a role on a project are able to view any other users' credentials,...
CVE-2019-19687
OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforcescope is false. Users with a role on a project are able to view any other users' credentials,...
UBUNTU-CVE-2019-19687
OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforcescope is false. Users with a role on a project are able to view any other users' credentials,...
OpenStack Keystone CVE-2019-19687 Information Disclosure Vulnerability
Description OpenStack Keystone is prone to an information-disclosure vulnerability. An attacker may leverage this issue to obtain potentially sensitive information that may aid in further attacks. Technologies Affected OpenStack Keystone 15.0.0 OpenStack Keystone 16.0.0 Recommendations Block...
CVE-2012-1572
OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space...
CVE-2012-1572
OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space...
CVE-2012-1572
OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space...
CVE-2013-2255
HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates...
DEBIAN-CVE-2013-2255
HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates...
Authentication Bypass
openstack-keystone is vulnerable to authentication bypass. The vulnerability exists as the V3 API updates the issuedat value for UUID v2 tokens, and allows authenticated users to bypass the token expiration to retain access...
Privilege Escalation
Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. It was found that Keystone incorrectly handled authorization failures. If a client attempted to change their tenant membership to one they are not authorized to join, Keystone correctly returned a...
Arbitrary Code Execution
Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. It was found that Keystone incorrectly handled authorization failures. If a client attempted to change their tenant membership to one they are not authorized to join, Keystone correctly returned a...
Information Disclosure
openstack-keystone is vulnerable to information disclosure. An authorization bypass on the listing projects via an authenticated GET /v3/OS-FEDERATION/projects request allows authenticated users to discover projects they have no authority to access, disclosing the project and attributes informati...
Information Disclosure
openstack-keystone is vulnerable to information disclosure attacks. The vulnerability exists as the catalog url replacement in OpenStack Identity Keystone before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint,...
Denial Of Service (DoS)
openstack-keystone is vulnerable to denial of service DoS attacks. The vulnerability exists as the V3 API in OpenStack Identity Keystone 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service CPU consumption via a large number of the same...
Denial Of Service (DoS)
openstack-nova is vulnerable to denial of service DoS attacks. The vulnerability exists as the XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute Nova Essex and Folsom; Cinder Folsom; Django; and possibly other products all...
Authentication Bypass
openstack-keystone is vulnerable to authentication bypass. Remote authenticated users are able to retain access via an expired token due to the token driver storing timestamps with incorrect precision, which causes timestamp expiration time comparisons for tokens to fail...
Authorization Bypass
openstack-keystone is vulnerable to authorization bypass attacks. The vulnerability exists as the 1 mamcache and 2 KVS token backends in OpenStack Identity Keystone Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remot...
Privilege Escalation
openstack-keystone is vulnerable to privilege escalation attacks. The vulnerability exists as OpenStack Identity Keystone before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by...
Denial Of Service (DoS)
openstack-keystone is vulnerable to denial of service DoS attacks. The vulnerability exists as OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service disk consumption via many invalid token...