Lucene search
K

5 matches found

CVE
CVE
added 2012/07/31 10:0 a.m.87 views

CVE-2012-3426

OpenStack Keystone before version 2012.1.1 (as used in Folsom before Folsom-1 and Essex) does not properly enforce token expiration, allowing remote authenticated users to bypass authorization by: (1) chaining tokens to create new ones, (2) using a token from a disabled account, or (3) using a to...

4.9CVSS6.1AI score0.02266EPSS
CVE
CVE
added 2012/09/18 5:0 p.m.77 views

CVE-2012-4413

CVE-2012-4413 affects OpenStack Keystone before 2012.1.3. The vulnerability occurs because Keystone does not invalidate existing tokens when roles are granted or revoked, allowing remote authenticated users to retain privileges associated with revoked roles. The issue has been acknowledged in mul...

4CVSS6.1AI score0.01881EPSS
CVE
CVE
added 2012/10/09 3:0 p.m.69 views

CVE-2012-4456

CVE-2012-4456 affects OpenStack Keystone: the OS-KSADM/services and tenant APIs in Keystone Essex before 2012.1.2 and Folsom before folsom-2 fail to validate X-Auth-Token, allowing remote attackers to read the roles for an arbitrary user or to get, create, or delete arbitrary services. This is do...

7.5CVSS6.6AI score0.03965EPSS
CVE
CVE
added 2012/12/26 10:0 p.m.65 views

CVE-2012-5483

CVE-2012-5483 affects OpenStack Keystone 2012.1.3 where /etc/keystone/ec2rc is world-readable when EC2 access is configured, allowing local users to read admin access and secret values and potentially access EC2 services. Root cause: insecure file permissions on ec2rc. Impact: local privilege/cre...

2.1CVSS6.1AI score0.00341EPSS
CVE
CVE
added 2012/10/09 3:0 p.m.64 views

CVE-2012-4457

OpenStack Keystone (Essex) before 2012.1.2 and (Folsom) before folsom-3 has a flaw in token authorization for disabled tenants, enabling remote authenticated users to obtain a token for a disabled tenant and access its resources. Root cause: improper handling of authorization tokens for disabled ...

4CVSS6.2AI score0.02267EPSS