DEBIAN-CVE-2012-3542

OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex 2012.1, allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly...

CVE-2012-3542

OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex 2012.1, allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly...

PYSEC-2012-19

OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex 2012.1, allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly...

Open redirect

Open redirect vulnerability in views/authforms.py in OpenStack Dashboard Horizon Essex 2012.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by...

CVE-2012-3540

The CVE-2012-3540 issue is an open redirect flaw in OpenStack Horizon Essex (2012.1) affecting the login flow. The vulnerability occurs in views/auth_forms.py (auth/login/) where a next parameter can redirect victims to arbitrary sites, enabling phishing after login. Affected Horizon versions req...

CVE-2012-3542

CVE-2012-3542 affects OpenStack Keystone as used in OpenStack Folsom (before folsom-rc1) and Essex (2012.1). The vulnerability arises in the identity service API where a remote attacker can cause an arbitrary user to be added to an arbitrary tenant by updating the user’s default tenant via the ad...

CVE-2012-3540

Open redirect vulnerability in views/authforms.py in OpenStack Dashboard Horizon Essex 2012.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by...

CVE-2012-3540

Open redirect vulnerability in views/authforms.py in OpenStack Dashboard Horizon Essex 2012.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by...

CVE-2012-3542

OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex 2012.1, allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly...

PT-2012-4796 · Openstack · Openstack Keystone +1

Name of the Vulnerable Software and Affected Versions: OpenStack Keystone versions prior to folsom-rc1 OpenStack Essex 2012.1 Description: The issue allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API...

Ubuntu: Security Advisory (USN-1552-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu Update for keystone USN-1552-1

Ubuntu Update for Linux kernel vulnerabilities USN-1552-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN15521.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for keystone USN-1552-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net Thi...

USN-1552-1: OpenStack Keystone vulnerabilities

Dolph Mathews discovered that OpenStack Keystone did not properly restrict to administrative users the ability to update users' tenants. A remote attacker that can reach the administrative API can use this to add any user to any tenant. CVE-2012-3542 Derek Higgins discovered that OpenStack Keysto...

OpenStack Keystone limitations bypass

Administrative user limitations and token lifetime limitations bypass...

Fedora Update for python-django-horizon FEDORA-2012-7369

Check for the Version of python-django-horizon OpenVAS Vulnerability Test Fedora Update for python-django-horizon FEDORA-2012-7369 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

USN-1545-1: Nova vulnerability

Padraig Brady discovered that the fix for CVE-2012-3361 was incomplete and an authenticated user could still corrupt arbitrary files on the host running Nova. A remote attacker could use this to cause a denial of service or possibly gain privileges...

Fedora 17 : openstack-nova-2012.1.1-15.fc17 (2012-11756)

Fix package dependencies for updates - Fix CA cert permissions issue introduced in 2012.1.1-10 - Split out into more sub packages - Update from stable upstream including... - Fix metadata file injection with xen - Fix affinity filters when hints is None - Fix marker behavior for flavors - Handle...

CVE-2012-3447

OpenStack Compute (Nova) vulnerability affecting the 2012.1.x branch prior to 2012.1.2 and Folsom prior to Folsom-3. A remote authenticated user can overwrite arbitrary files via a symlink attack on a file inside an image that uses a symlink readable only by root. The issue stems from an incomple...

CVE-2012-3447

virt/disk/api.py in OpenStack Compute Nova 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. NOTE: this vulnerability exists because of an...

CVE-2012-1585

OpenStack Compute Nova Essex before 2011.3 allows remote authenticated users to cause a denial of service Nova-API log file and disk consumption via a long server name...