7801 matches found
Authorization Bypass
openstack-nova allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port...
Authentication Bypass
openstack-keystone is vulnerable to authentication bypass. This is due to the way PKI tokens are revoked, which allow users with revoked tokens to retain access to resources that should no longer be accessible...
Information Disclosure
openstack-glance is vulnerable to information disclosure. A flaw in the way certain image requests are handled allowed an authenticated user to obtain Glance's OpenStack Swift or Amazon S3 credentials...
Authorization Bypass
openstack-glance is vulnerable to authorization bypass. The API allows remote authenticated users are able to delete arbitrary, non-protected images from Glance servers via an image deletion request...
Authentication Bypass
openstack-keystone is vulnerable to authentication bypass. Access to the web and network interfaces are permitted using chained tokens even after the linked tokens have expired, granting an attacker continued access to the openstack services...
Authorization Bypass
openstack-keystone is vulnerable to authorization bypass. This is due to the way users are removed from tenants when using Amazon EC2 credentials. Users retain privileges after being removed from tenants and will still be able to access resources which would have not been permitted...
Arbitrary Code Execution
OpenStack Object Storage swift is vulnerable to arbitrary code execution attack. It unsafely uses python pickle to load and store metadata in memcached,allowing the attacker to execute arbitrary code via a malicious serialized object...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Manager with OpenStack
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition affects IBM Cloud Manager with OpenStack. These issues were disclosed as part of the IBM Java SDK updates in July 2018. IBM Cloud Manager with OpenStack has addressed the applicable CVEs. Vulnerability Details CVEID:...
OpenStack Keystone Information Disclosure Vulnerability (CNVD-2018-25881)
OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration and Rackspace, Inc. in the U.S. OpenStack Keystone is one of the projects used for authentication, providing identity, token, directory, and policy services. A security vulnerability...
PYSEC-2018-9
DISPUTED OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should ha...
Design/Logic Flaw
DISPUTED OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should ha...
CVE-2018-20170
OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should have an...
CVE-2018-20170
OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should have an...
PYSEC-2018-9
DISPUTED OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should ha...
UBUNTU-CVE-2018-20170
OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should have an...
CVE-2018-20170
OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should have an...
CVE-2018-20170
OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should have an...
CVE-2018-20170
OpenStack Keystone up to 14.0.1 is affected by a user enumeration vulnerability where invalid usernames yield faster responses than valid ones for POST /v3/auth/tokens. The root cause is a timing discrepancy in authentication processing. The vendor characterizes this as a hardening opportunity, n...
CVE-2018-20170
OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should have an...
PT-2018-15283 · Openstack · Openstack Keystone
Name of the Vulnerable Software and Affected Versions: OpenStack Keystone versions through 14.0.1 Description: The issue allows for user enumeration due to the difference in response times for valid and invalid usernames when making a POST request to the "/v3/auth/tokens" endpoint. The vendor vie...