CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2013-0017

Malware in sbrugna...

5CVSS6AI score0.008EPSS

Exploits0References14

OSV•added 2022/05/17 4:58 a.m.•32 views

GHSA-5QPP-V56F-MQFM OpenStack Identity (Keystone) allows remote attackers to bypass intended access restrictions via revoked PKI token

The 1 mamcache and 2 KVS token backends in OpenStack Identity Keystone Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token...

6.9CVSS6.1AI score0.008EPSS

Exploits0References10

Github Security Blog•added 2022/05/17 4:58 a.m.•32 views

OpenStack Identity (Keystone) allows remote attackers to bypass intended access restrictions via revoked PKI token

5CVSS5.8AI score0.008EPSS

Exploits0References10Affected Software1

Github Security Blog•added 2022/05/17 4:54 a.m.•38 views

python-keystoneclient missing expiration check in PKI token validation

python-keystoneclient before 0.2.4, as used in OpenStack Keystone Folsom, does not properly check expiry for PKI tokens, which allows remote authenticated users to 1 retain use of a token after it has expired, or 2 use a revoked token once it expires...

5.5CVSS6.2AI score0.0065EPSS

Exploits0References12Affected Software1

OSV•added 2022/05/17 4:54 a.m.•23 views

GHSA-4RRR-J7FF-R844 python-keystoneclient missing expiration check in PKI token validation

8.7CVSS9AI score0.0065EPSS

Exploits0References12

Prion•added 2016/02/03 6:59 p.m.•14 views

Authorization

The identity service in OpenStack Identity Keystone before 2015.1.3 Kilo and 8.0.x before 8.0.2 Liberty and keystonemiddleware formerly python-keystoneclient before 1.5.4 Kilo and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers,...

6CVSS7AI score0.00105EPSS

Exploits0References5Affected Software3

Tenable Nessus•added 2014/06/13 12:0 a.m.•30 views

openSUSE Security Update : openstack-keystone (openSUSE-SU-2013:1089-1)

This update of openstack-keystone fixes two security vulnerabilities. - Add CVE-2013-2104.patch: fix missing expiration check in Keystone PKI token validation CVE-2013-2104, bnc821201 - Add CVE-2013-2157.patch: fix authentication bypass when using LDAP backend CVE-2013-2157, bnc823783 %NASLMINLEV...

5.5CVSS5.3AI score0.0065EPSS

Exploits0References5

NVD•added 2013/09/23 8:55 p.m.•15 views

CVE-2013-4294

5CVSS6.4AI score0.008EPSS

Exploits0References6

OSV•added 2013/09/23 8:55 p.m.•4 views

CVE-2013-4294

6.3AI score

Exploits0References6

Prion•added 2013/09/23 8:55 p.m.•22 views

Design/Logic Flaw

5CVSS7AI score0.008EPSS

Exploits0References6Affected Software1

OSV•added 2013/09/23 8:55 p.m.•7 views

PYSEC-2013-42

5CVSS6.3AI score0.008EPSS

Exploits0References6

CVE•added 2013/09/23 8:0 p.m.•71 views

CVE-2013-4294

OpenStack Keystone (Identity) on Folsom 2012.2.x and Grizzly up to 2013.1.3/pre-2013.1.4 is affected where the memcache and KVS token back ends do not properly compare the PKI token revocation list with PKI tokens, allowing revoked tokens to bypass access controls. Red Hat advisory RHSA-2013:1285...

5CVSS6.4AI score0.008EPSS

Exploits0References6Affected Software1

Ubuntu•added 2013/06/14 2:48 a.m.•66 views

USN-1875-1: OpenStack Keystone vulnerabilities

Eoghan Glynn and Alex Meade discovered that Keystone did not properly perform expiry checks for the PKI tokens used in Keystone. If Keystone were setup to use PKI tokens, a previously authenticated user could continue to use a PKI token for longer than intended. This issue only affected Ubuntu...

5.5CVSS5.4AI score0.0065EPSS

Exploits0

RedHat Linux•added 2013/06/12 4:37 p.m.•4 views

Keystone: Missing expiration check in Keystone PKI token validation

5.5CVSS5.9AI score0.0065EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by