Lucene search
K
OpenstackKeystone

7 matches found

CVE
CVE
added 2022/09/01 8:30 p.m.108 views

CVE-2022-2447

CVE-2022-2447 affects OpenStack Keystone. A time lag (up to one hour) between policy revocation and actual revocation could let a remote administrator maintain access longer than expected. Related advisories (e.g., Ubuntu USN-7926-1) reference this CVE and indicate that updates are available; app...

6.6CVSS6.4AI score0.00607EPSS
CVE
CVE
added 2013/09/30 8:0 p.m.88 views

CVE-2013-4222

CVE-2013-4222 affects OpenStack Keystone (Folsom, Grizzly 2013.1.3 and earlier, Havana before havana-3). The vulnerability arises because Keystone does not properly revoke user tokens when a tenant is disabled, allowing remote authenticated users to continue accessing resources via their tokens. ...

6.5CVSS6.1AI score0.01892EPSS
CVE
CVE
added 2013/04/12 10:0 p.m.80 views

CVE-2013-0270

OpenStack Keystone CVE-2013-0270 affects Grizzly before 2013.1 (Folsom and possibly earlier). The vulnerability allows remote attackers to trigger a denial of service by sending a large HTTP request, demonstrated by an oversized tenant_name during token requests. Supported sources across multiple...

6.5CVSS5.8AI score0.03067EPSS
CVE
CVE
added 2013/05/21 6:0 p.m.77 views

CVE-2013-2059

OpenStack Keystone vulnerability CVE-2013-2059 affects Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana. The root cause is that authentication tokens are not immediately revoked when deleting a user via the Keystone v2 API, allowing remote authenticated users to retain access via ...

6CVSS6.3AI score0.02468EPSS
CVE
CVE
added 2014/06/17 2:0 p.m.75 views

CVE-2014-3476

CVE-2014-3476 affects the OpenStack Keystone (Identity) service. The vulnerability arises from improper handling of chained delegation, where a trustee could use a trust or impersonation-enabled OAuth token to create a new token with additional roles, enabling remote authenticated privilege escal...

6CVSS6.4AI score0.02308EPSS
CVE
CVE
added 2014/10/26 8:0 p.m.73 views

CVE-2014-3520

CVE-2014-3520 affects OpenStack Identity (Keystone) where, in V2 API trust handling, a remote authenticated trustee can gain access to an unauthorized project by supplying the project ID in a trust token request. Affected versions include Keystone before 2013.2.4, 2014.x before 2014.1.2, and Juno...

6.5CVSS6.4AI score0.01907EPSS
CVE
CVE
added 2014/11/03 11:0 p.m.60 views

CVE-2014-0204

The CVE-2014-0204 issue affects OpenStack Keystone where a role assigned to a group sharing the same ID as a user can allow remote authenticated users to gain privileges tied to that group ID. Context from connected documents confirms this is rooted in Keystone before 2014.1.1, causing privilege ...

6.5CVSS7.4AI score0.01386EPSS