PYSEC-2012-20

OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression...

PYSEC-2012-20

OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression...

PYSEC-2012-35

OpenStack Keystone Essex 2012.1 and Folsom 2012.2 does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role...

CVE-2012-5571

A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 Elastic Compute Cloud tokens when a user's role has been removed from a tenant. An attack...

PYSEC-2012-35

OpenStack Keystone Essex 2012.1 and Folsom 2012.2 does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role...

Authorization

OpenStack Keystone Essex 2012.1 and Folsom 2012.2 does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role...

CVE-2012-5563

CVE-2012-5563 affects OpenStack Keystone as used in OpenStack Folsom 2012.2. Keystone does not properly enforce token expiration, allowing remote authenticated users to bypass authorization by creating new tokens via token chaining. This issue is noted as a regression of CVE-2012-3426. Red Hat RH...

CVE-2012-5563

OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression...

CVE-2012-5571 Openstack keystone: openstack keystone: authorization bypass via improper ec2 token handling

A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 Elastic Compute Cloud tokens when a user's role has been removed from a tenant. An attack...

CVE-2012-5571

A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 Elastic Compute Cloud tokens when a user's role has been removed from a tenant. An attack...

CVE-2012-5571

OpenStack Keystone is affected by CVE-2012-5571: EC2-style credentials can bypass authorization when a user’s role is removed from a tenant, allowing remote authenticated access. Root cause: improper handling of EC2 tokens tied to removed roles. Impact: unauthorized access to resources. Affected ...

CVE-2012-5563

OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression...

PT-2012-6028 · Openstack · Openstack Keystone

Name of the Vulnerable Software and Affected Versions: OpenStack Keystone version 2012.2 Description: The issue is related to the improper implementation of token expiration in OpenStack Keystone, allowing remote authenticated users to bypass intended authorization restrictions. This is achieved ...

[USN-1663-1] Nova vulnerability

========================================================================== Ubuntu Security Notice USN-1663-1 December 12, 2012 nova vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

CVE-2012-5625

OpenStack Compute Nova Folsom before 2012.2.2 and Grizzly, when using libvirt and LVM backed instances, does not properly clear physical volume PV content when reallocating for instances, which allows attackers to obtain sensitive information by reading the memory of the previous logical volume L...

[SECURITY] Fedora 18 Update: openstack-keystone-2012.2.1-1.fc18

Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. This package contains the Keystone daemon...

[SECURITY] Fedora 17 Update: openstack-keystone-2012.1.3-3.fc17

Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. This package contains the Keystone daemon...

Fedora Update for openstack-keystone FEDORA-2012-19341

Check for the Version of openstack-keystone OpenVAS Vulnerability Test Fedora Update for openstack-keystone FEDORA-2012-19341 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

Fedora 17 : openstack-keystone-2012.1.3-3.fc17 (2012-19341)

EC2-style credentials invalidation issue CVE-2012-5571 - Fix /etc/keystone directory permission CVE-2012-5483 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as...

Fedora Update for openstack-keystone FEDORA-2012-19341

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...