5 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-12690
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when a...
ROS-20250403-14
Vulnerability in the OpenSearch software package due to a problem in the implementation of Field Level Security FLS. Field Level Security FLS. Exploitation of the vulnerability could allow an attacker to obtain sensitive data Vulnerability in the OpenSearch software package due to missing spaces ...
GHSA-274V-R947-V34R OpenStack Identity Keystone is vulnerable to Block delegation escalation of privilege
OpenStack Identity Keystone before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a 1 trust or 2 OAuth token with impersonation enabled to create a new token with...
DEBIAN-CVE-2020-12690
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. Th...
PYSEC-2020-54
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. Th...