UBUNTU-CVE-2014-5252

The V3 API in OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issuedat value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification 1 GET or 2 HEAD request to v3/auth/tokens/...

UBUNTU-CVE-2014-5253

OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain...

Fedora 20 : openstack-keystone-2013.2.3-5.fc20 (2014-5497)

Sanitizes authentication methods received in requests CVE-2014-2828 - Privilege escalation through trust chained delegation CVE-2014-3476 - Keystone V2 trusts privilege escalation through user supplied project id CVE-2014-3520 Note that Tenable Network Security has extracted the preceding...

Fedora Update for openstack-keystone FEDORA-2014-5497

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openstack-keystone: privilege escalation through trust chained delegation

A flaw was found in keystone's chained delegation. A trustee able to create a delegation from a trust or an OAuth token could misuse identity impersonation to bypass the enforced scope, possibly allowing them to obtain elevated privileges to the trustor's projects and roles...

PT-2014-5370 · Openstack +1 · Openstack Identity +1

Name of the Vulnerable Software and Affected Versions: OpenStack Identity Keystone versions before 2013.2.4 OpenStack Identity Keystone versions 2014.x before 2014.1.2 OpenStack Identity Keystone versions Juno before Juno-2 Description: The issue allows remote authenticated trustees to gain...

openSUSE Security Update : openstack-keystone (openSUSE-SU-2013:0565-1)

Openstack keystone was updated to version 2012.2.4+git.1363796849.255b1d4 : + validate from backend lp1129713, bnc809590, CVE-2013-1865 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

openSUSE Security Update : openstack-keystone (openSUSE-SU-2013:0949-1)

OpenStack Keystone was updated to fix bnc818596, CVE-2013-2059: Keystone tokens not immediately invalidated when user is deleted. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

openSUSE Security Update : openstack-keystone (openSUSE-SU-2013:1089-1)

This update of openstack-keystone fixes two security vulnerabilities. - Add CVE-2013-2104.patch: fix missing expiration check in Keystone PKI token validation CVE-2013-2104, bnc821201 - Add CVE-2013-2157.patch: fix authentication bypass when using LDAP backend CVE-2013-2157, bnc823783 %NASLMINLEV...

Fedora Update for openstack-keystone FEDORA-2014-4903

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 20 : openstack-keystone-2013.2.3-2.fc20 (2014-4903)

updated to stable havana 2013.2.3 release Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVE...

CVE-2014-0105

The authtoken middleware in the OpenStack Python client library for Keystone aka python-keystoneclient before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, relat...

UBUNTU-CVE-2014-2828

The V3 API in OpenStack Identity Keystone 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service CPU consumption via a large number of the same authentication method in a request, aka "authentication chaining."...

UBUNTU-CVE-2014-0105

The authtoken middleware in the OpenStack Python client library for Keystone aka python-keystoneclient before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, relat...

Fedora Update for openstack-keystone FEDORA-2014-4210

Check for the Version of openstack-keystone OpenVAS Vulnerability Test Fedora Update for openstack-keystone FEDORA-2014-4210 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

Fedora Update for openstack-keystone FEDORA-2014-4210

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2014-2237

The memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being...

PYSEC-2014-105

The memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being...

UBUNTU-CVE-2014-2237

The memcache token backend in OpenStack Identity Keystone 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being...

OpenStack Keystone Trustee令牌吊销失败安全绕过漏洞

Bugtraq ID:65895 CVE ID:CVE-2014-2237 Keystone是Openstack中用于身份验证的项目，任何服务请求需要经过它的验证获得服务的endpoint。 OpenStack Keystone Keystone内存令牌后端存在漏洞，当委托人提交启用模拟的可信令牌时，令牌仅添加到委托人令牌列表，但没添加到受托人令牌列表。这会导致受托人吊销令牌时不能使信任令牌正确失效。 使用memcache后端的Keystone受此漏洞影响。 0 Openstack Keystone 2013.1 - 2013.1.4 Openstack Keystone 2013.2 ...