7809 matches found
UBUNTU-CVE-2019-19687
OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforcescope is false. Users with a role on a project are able to view any other users' credentials,...
PYSEC-2019-99
OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforcescope is false. Users with a role on a project are able to view any other users' credentials,...
PYSEC-2019-29
OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforcescope is false. Users with a role on a project are able to view any other users' credentials,...
CVE-2019-19687
OpenStack Keystone CVE-2019-19687 affects Keystone 15.0.0 and 16.0.0. The /v3/credentials API can leak credentials when enforce_scope is false, enabling a user with a project role to list/view other users’ credentials (potentially exposing sign-on data such as TOTP). Affected deployments are thos...
CVE-2019-19687
OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforcescope is false. Users with a role on a project are able to view any other users' credentials,...
CVE-2019-19687
OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforcescope is false. Users with a role on a project are able to view any other users' credentials,...
OpenStack Keystone CVE-2019-19687 Information Disclosure Vulnerability
Description OpenStack Keystone is prone to an information-disclosure vulnerability. An attacker may leverage this issue to obtain potentially sensitive information that may aid in further attacks. Technologies Affected OpenStack Keystone 15.0.0 OpenStack Keystone 16.0.0 Recommendations Block...
CVE-2013-0326
OpenStack nova base images permissions are world readable...
CVE-2013-0326
OpenStack nova base images permissions are world readable...
DEBIAN-CVE-2013-0326
OpenStack nova base images permissions are world readable...
CVE-2013-0326
OpenStack nova base images permissions are world readable...
Design/Logic Flaw
OpenStack nova base images permissions are world readable...
CVE-2013-0326
OpenStack nova base images permissions are world readable...
CVE-2013-0326
Technical details about CVE-2013-0326 are not publicly available in the provided connected documents. Monitor for updates.
CVE-2013-0326
OpenStack nova base images permissions are world readable...
EulerOS 2.0 SP2 : openssl098e (EulerOS-SA-2019-2509)
According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared...
SUSE-SU-2019:3068-1 Security update for ardana-db, ardana-keystone, ardana-neutron, ardana-nova, crowbar-core, crowbar-openstack, crowbar-ui, openstack-barbican, openstack-heat-templates, openstack-keystone, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-sahara, python-psutil, release-notes-suse-openstack-cloud
This update for ardana-db, ardana-keystone, ardana-neutron, ardana-nova, crowbar-core, crowbar-openstack, crowbar-ui, openstack-barbican, openstack-heat-templates, openstack-keystone, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia,...
CVE-2011-4076
OpenStack Nova before 2012.1 allows someone with access to an EC2ACCESSKEY equivalent to a username to obtain the EC2SECRETKEY equivalent to a password. Exposing the EC2ACCESSKEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2SECRETKEY. A...
DEBIAN-CVE-2011-4076
OpenStack Nova before 2012.1 allows someone with access to an EC2ACCESSKEY equivalent to a username to obtain the EC2SECRETKEY equivalent to a password. Exposing the EC2ACCESSKEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2SECRETKEY. A...
CVE-2011-4076
OpenStack Nova before 2012.1 allows someone with access to an EC2ACCESSKEY equivalent to a username to obtain the EC2SECRETKEY equivalent to a password. Exposing the EC2ACCESSKEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2SECRETKEY. A...