ID SECURITYVULNS:DOC:31013 Type securityvulns Reporter Securityvulns Modified 2014-08-24T00:00:00
Description
==========================================================================
Ubuntu Security Notice USN-2324-1
August 21, 2014
keystone vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in OpenStack Keystone.
Software Description:
- keystone: OpenStack identity service
Details:
Steven Hardy discovered that OpenStack Keystone did not properly handle
chained delegation. A remove authenticated attacker could use this to
gain privileges by creating a new token with additional roles.
(CVE-2014-3476)
Jamie Lennox discovered that OpenStack Keystone did not properly validate
the project id. A remote authenticated attacker may be able to use this to
access other projects. (CVE-2014-3520)
Brant Knudson and Lance Bragstad discovered that OpenStack Keystone would
not always revoke tokens correctly. If Keystone were configured to use
revocation events, a remote authenticated attacker could continue to have
access to resources. (CVE-2014-5251, CVE-2014-5252, CVE-2014-5253)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
{"id": "SECURITYVULNS:DOC:31013", "bulletinFamily": "software", "title": "[USN-2324-1] OpenStack Keystone vulnerabilities", "description": "\r\n\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2324-1\r\nAugust 21, 2014\r\n\r\nkeystone vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 14.04 LTS\r\n\r\nSummary:\r\n\r\nSeveral security issues were fixed in OpenStack Keystone.\r\n\r\nSoftware Description:\r\n- keystone: OpenStack identity service\r\n\r\nDetails:\r\n\r\nSteven Hardy discovered that OpenStack Keystone did not properly handle\r\nchained delegation. A remove authenticated attacker could use this to\r\ngain privileges by creating a new token with additional roles.\r\n(CVE-2014-3476)\r\n\r\nJamie Lennox discovered that OpenStack Keystone did not properly validate\r\nthe project id. A remote authenticated attacker may be able to use this to\r\naccess other projects. (CVE-2014-3520)\r\n\r\nBrant Knudson and Lance Bragstad discovered that OpenStack Keystone would\r\nnot always revoke tokens correctly. If Keystone were configured to use\r\nrevocation events, a remote authenticated attacker could continue to have\r\naccess to resources. (CVE-2014-5251, CVE-2014-5252, CVE-2014-5253)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 14.04 LTS:\r\n python-keystone 1:2014.1.2.1-0ubuntu1.1\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2324-1\r\n CVE-2014-3476, CVE-2014-3520, CVE-2014-5251, CVE-2014-5252,\r\n CVE-2014-5253\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/keystone/1:2014.1.2.1-0ubuntu1.1\r\n\r\n\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "published": "2014-08-24T00:00:00", "modified": "2014-08-24T00:00:00", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31013", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2014-3520", "CVE-2014-5253", "CVE-2014-3476", "CVE-2014-5252", "CVE-2014-5251"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:53", "edition": 1, "viewCount": 14, "enchantments": {"score": {"value": 6.9, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-3476", "CVE-2014-3520", "CVE-2014-5251", "CVE-2014-5252", "CVE-2014-5253"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-3476", "DEBIANCVE:CVE-2014-3520", "DEBIANCVE:CVE-2014-5251", "DEBIANCVE:CVE-2014-5252", "DEBIANCVE:CVE-2014-5253"]}, {"type": "fedora", "idList": ["FEDORA:8AD7322553"]}, {"type": "ibm", "idList": ["35A6481B684FE5D5D9057BDA71707AAE9A36B603AB27EBA4C069893FEDDC26A5", "6F69E3C53271E80C2BDC3FFC7BDFDF335771E0F78DCA3028CCAA7DDAD9D160CC"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/ORACLE-SOLARIS-CVE-2014-3520/"]}, {"type": "nessus", "idList": ["FEDORA_2014-5497.NASL", "SOLARIS11_KEYSTONE_20140819.NASL", "UBUNTU_USN-2324-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310841938", "OPENVAS:1361412562310868073"]}, {"type": "redhat", "idList": ["RHSA-2014:0994", "RHSA-2014:1121", "RHSA-2014:1122"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13927"]}, {"type": "suse", "idList": ["SUSE-SU-2014:0848-1"]}, {"type": "ubuntu", "idList": ["USN-2324-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-3476", "UB:CVE-2014-3520", "UB:CVE-2014-5251", "UB:CVE-2014-5252", "UB:CVE-2014-5253"]}], "rev": 4}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2014-3476", "CVE-2014-3520", "CVE-2014-5251", "CVE-2014-5252", "CVE-2014-5253"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-5253"]}, {"type": "ibm", "idList": ["35A6481B684FE5D5D9057BDA71707AAE9A36B603AB27EBA4C069893FEDDC26A5"]}, {"type": "nessus", "idList": ["SOLARIS11_KEYSTONE_20140819.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310868073"]}, {"type": "redhat", "idList": ["RHSA-2014:1122"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13927"]}, {"type": "suse", "idList": ["SUSE-SU-2014:0848-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-3476"]}]}, "exploitation": null, "vulnersScore": 6.9}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 0}}
{"openvas": [{"lastseen": "2020-06-09T19:44:48", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-08-22T00:00:00", "type": "openvas", "title": "Ubuntu Update for keystone USN-2324-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3520", "CVE-2014-5253", "CVE-2014-3476", "CVE-2014-5252", "CVE-2014-5251"], "modified": "2020-06-05T00:00:00", "id": "OPENVAS:1361412562310841938", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841938", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for keystone USN-2324-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841938\");\n script_version(\"2020-06-05T10:36:02+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-05 10:36:02 +0000 (Fri, 05 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-08-22 05:57:19 +0200 (Fri, 22 Aug 2014)\");\n script_cve_id(\"CVE-2014-3476\", \"CVE-2014-3520\", \"CVE-2014-5251\", \"CVE-2014-5252\",\n \"CVE-2014-5253\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_name(\"Ubuntu Update for keystone USN-2324-1\");\n\n script_tag(name:\"affected\", value:\"keystone on Ubuntu 14.04 LTS\");\n script_tag(name:\"insight\", value:\"Steven Hardy discovered that OpenStack Keystone did not\nproperly handle chained delegation. A remove authenticated attacker could use\nthis to gain privileges by creating a new token with additional roles.\n(CVE-2014-3476)\n\nJamie Lennox discovered that OpenStack Keystone did not properly validate\nthe project id. A remote authenticated attacker may be able to use this to\naccess other projects. (CVE-2014-3520)\n\nBrant Knudson and Lance Bragstad discovered that OpenStack Keystone would\nnot always revoke tokens correctly. If Keystone were configured to use\nrevocation events, a remote authenticated attacker could continue to have\naccess to resources. (CVE-2014-5251, CVE-2014-5252, CVE-2014-5253)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2324-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2324-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'keystone'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-keystone\", ver:\"1:2014.1.2.1-0ubuntu1.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:40", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-08-08T00:00:00", "type": "openvas", "title": "Fedora Update for openstack-keystone FEDORA-2014-5497", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3520", "CVE-2014-2237", "CVE-2013-4477", "CVE-2014-3476", "CVE-2014-2828", "CVE-2013-6391"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868073", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868073", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openstack-keystone FEDORA-2014-5497\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868073\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-08 06:01:34 +0200 (Fri, 08 Aug 2014)\");\n script_cve_id(\"CVE-2014-2828\", \"CVE-2014-3476\", \"CVE-2014-3520\", \"CVE-2014-2237\",\n \"CVE-2013-6391\", \"CVE-2013-4477\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_name(\"Fedora Update for openstack-keystone FEDORA-2014-5497\");\n script_tag(name:\"affected\", value:\"openstack-keystone on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-5497\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-August/136283.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openstack-keystone'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"openstack-keystone\", rpm:\"openstack-keystone~2013.2.3~5.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "ubuntu": [{"lastseen": "2022-01-04T12:49:17", "description": "Steven Hardy discovered that OpenStack Keystone did not properly handle \nchained delegation. A remove authenticated attacker could use this to \ngain privileges by creating a new token with additional roles. \n(CVE-2014-3476)\n\nJamie Lennox discovered that OpenStack Keystone did not properly validate \nthe project id. A remote authenticated attacker may be able to use this to \naccess other projects. (CVE-2014-3520)\n\nBrant Knudson and Lance Bragstad discovered that OpenStack Keystone would \nnot always revoke tokens correctly. If Keystone were configured to use \nrevocation events, a remote authenticated attacker could continue to have \naccess to resources. (CVE-2014-5251, CVE-2014-5252, CVE-2014-5253)\n", "cvss3": {}, "published": "2014-08-21T00:00:00", "type": "ubuntu", "title": "OpenStack Keystone vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5251", "CVE-2014-3476", "CVE-2014-5253", "CVE-2014-5252", "CVE-2014-3520"], "modified": "2014-08-21T00:00:00", "id": "USN-2324-1", "href": "https://ubuntu.com/security/notices/USN-2324-1", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-08-19T12:48:49", "description": "Steven Hardy discovered that OpenStack Keystone did not properly handle chained delegation. A remove authenticated attacker could use this to gain privileges by creating a new token with additional roles.\n(CVE-2014-3476)\n\nJamie Lennox discovered that OpenStack Keystone did not properly validate the project id. A remote authenticated attacker may be able to use this to access other projects. (CVE-2014-3520)\n\nBrant Knudson and Lance Bragstad discovered that OpenStack Keystone would not always revoke tokens correctly. If Keystone were configured to use revocation events, a remote authenticated attacker could continue to have access to resources. (CVE-2014-5251, CVE-2014-5252, CVE-2014-5253).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-08-22T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : keystone vulnerabilities (USN-2324-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3476", "CVE-2014-3520", "CVE-2014-5251", "CVE-2014-5252", "CVE-2014-5253"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:python-keystone", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2324-1.NASL", "href": "https://www.tenable.com/plugins/nessus/77324", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2324-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77324);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-3476\", \"CVE-2014-3520\", \"CVE-2014-5251\", \"CVE-2014-5252\", \"CVE-2014-5253\");\n script_xref(name:\"USN\", value:\"2324-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : keystone vulnerabilities (USN-2324-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Steven Hardy discovered that OpenStack Keystone did not properly\nhandle chained delegation. A remove authenticated attacker could use\nthis to gain privileges by creating a new token with additional roles.\n(CVE-2014-3476)\n\nJamie Lennox discovered that OpenStack Keystone did not properly\nvalidate the project id. A remote authenticated attacker may be able\nto use this to access other projects. (CVE-2014-3520)\n\nBrant Knudson and Lance Bragstad discovered that OpenStack Keystone\nwould not always revoke tokens correctly. If Keystone were configured\nto use revocation events, a remote authenticated attacker could\ncontinue to have access to resources. (CVE-2014-5251, CVE-2014-5252,\nCVE-2014-5253).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2324-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected python-keystone package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-keystone\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2021 Canonical, Inc. / NASL script (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"python-keystone\", pkgver:\"1:2014.1.2.1-0ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-keystone\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:48:55", "description": "- Sanitizes authentication methods received in requests CVE-2014-2828\n\n - Privilege escalation through trust chained delegation CVE-2014-3476\n\n - Keystone V2 trusts privilege escalation through user supplied project id CVE-2014-3520\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-08-08T00:00:00", "type": "nessus", "title": "Fedora 20 : openstack-keystone-2013.2.3-5.fc20 (2014-5497)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2828", "CVE-2014-3476", "CVE-2014-3520"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openstack-keystone", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-5497.NASL", "href": "https://www.tenable.com/plugins/nessus/77061", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-5497.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77061);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-2828\", \"CVE-2014-3476\", \"CVE-2014-3520\");\n script_bugtraq_id(66736, 68026, 68344);\n script_xref(name:\"FEDORA\", value:\"2014-5497\");\n\n script_name(english:\"Fedora 20 : openstack-keystone-2013.2.3-5.fc20 (2014-5497)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Sanitizes authentication methods received in requests\n CVE-2014-2828\n\n - Privilege escalation through trust chained delegation\n CVE-2014-3476\n\n - Keystone V2 trusts privilege escalation through user\n supplied project id CVE-2014-3520\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1086211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1104524\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1112668\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-August/136283.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ea59952e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openstack-keystone package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openstack-keystone\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"openstack-keystone-2013.2.3-5.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openstack-keystone\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-08-19T12:47:06", "description": "The remote Solaris system is missing necessary patches to address security updates.", "cvss3": {"score": null, "vector": null}, "published": "2015-01-19T00:00:00", "type": "nessus", "title": "Oracle Solaris Third-Party Patch Update : keystone (cve_2014_3520_privilege_escalation)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-3520"], "modified": "2021-01-14T00:00:00", "cpe": ["cpe:/o:oracle:solaris:11.2", "p-cpe:/a:oracle:solaris:keystone"], "id": "SOLARIS11_KEYSTONE_20140819.NASL", "href": "https://www.tenable.com/plugins/nessus/80658", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80658);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-3520\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : keystone (cve_2014_3520_privilege_escalation)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates.\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/cve-2014-3520-privilege-escalation-vulnerability-in-openstack-keystone\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ef7a8f9d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.2.1.5.0.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:keystone\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^keystone$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"keystone\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.2.1.0.5.0\", sru:\"SRU 11.2.1.5.0\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : keystone\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"keystone\");\n", "cvss": {"score": 6, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2021-10-19T20:37:11", "description": "The OpenStack Identity service (Keystone) authenticates and authorizes\nOpenStack users by keeping track of users and their permitted activities.\nThe Identity service supports multiple forms of authentication, including\nuser name and password credentials, token-based systems, and AWS-style\nlogins.\n\nIt was found that the MySQL token driver did not correctly store token\nexpiration times, which prevented manual token revocation. Only OpenStack\nIdentity setups configured to make use of revocation events were affected.\n(CVE-2014-5251)\n\nA flaw was found in keystone revocation events that resulted in the\n\"issued_at\" time being updated when a token created by the V2 API was\nprocessed by the V3 API. This could allow a user to evade token revocation.\nOnly OpenStack Identity setups configured to make use of revocation events\nand UUID tokens were affected. (CVE-2014-5252)\n\nIt was discovered that domain-scoped tokens were not revoked when a domain\nwas disabled. Only OpenStack Identity setups configured to make use of\nrevocation events were affected. (CVE-2014-5253)\n\nThe openstack-keystone packages have been upgraded to upstream version\n2014.1.2.1, which provides a number of bug fixes over the previous version.\nThe most notable bug fixes are:\n\n* When a scoped token that was created from an unscoped token was revoked,\nthe original token was revoked as well. This was because the scope was not\nincluded in the revocation event. By including the scope in the revocation\nevent, only the scoped token is revoked.\n\n* If a domain or a project was renamed, the old name remained in the cache.\nAs a result the old name could be used in some requests until the cache\nrecord expired. For example, the old domain name could still be used for\nauthentication after renaming the domain. Cache entries are now properly\ninvalidated for domain and project rename operations.\n\n* OpenStack Identity did not return the same status and headers for HEAD\nand GET requests, which does not follow the HTTP specification. This would\nlead to different status codes between running keystone-all versus running\nkeystone in Apache httpd with mod_wsgi. The responses have been corrected\nto be consistent regardless of the webserver being used.\n\n* The migration operation that creates the region table did not explicitly\nset the character set to 'utf8'. Consequently, when the database's default\ncharacter set was not set, the db_sync operation failed. The migration\noperation now detects this condition and corrects the database.\n\nRefer to https://launchpad.net/keystone/icehouse/2014.1.2 for more\ninformation on the bug fixes included in version 2014.1.2.1. (BZ#1127434)\n\nAll openstack-keystone users are advised to upgrade to these updated\npackages, which correct these issues.\n", "cvss3": {}, "published": "2014-09-02T00:00:00", "type": "redhat", "title": "(RHSA-2014:1122) Low: openstack-keystone security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5251", "CVE-2014-5252", "CVE-2014-5253"], "modified": "2018-06-06T22:47:56", "id": "RHSA-2014:1122", "href": "https://access.redhat.com/errata/RHSA-2014:1122", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2021-10-21T04:46:32", "description": "The OpenStack Identity service (Keystone) authenticates and authorizes\nOpenStack users by keeping track of users and their permitted activities.\nThe Identity service supports multiple forms of authentication, including\nuser name and password credentials, token-based systems, and AWS-style\nlogins.\n\nIt was found that the MySQL token driver did not correctly store token\nexpiration times, which prevented manual token revocation. Only OpenStack\nIdentity setups configured to make use of revocation events were affected.\n(CVE-2014-5251)\n\nA flaw was found in keystone revocation events that resulted in the\n\"issued_at\" time being updated when a token created by the V2 API was\nprocessed by the V3 API. This could allow a user to evade token revocation.\nOnly OpenStack Identity setups configured to make use of revocation events\nand UUID tokens were affected. (CVE-2014-5252)\n\nIt was discovered that domain-scoped tokens were not revoked when a domain\nwas disabled. Only OpenStack Identity setups configured to make use of\nrevocation events were affected. (CVE-2014-5253)\n\nThe openstack-keystone packages have been upgraded to upstream version\n2014.1.2.1, which provides a number of bug fixes over the previous version.\nThe most notable bug fixes are:\n\n* When a scoped token that was created from an unscoped token was revoked,\nthe original token was revoked as well. This was because the scope was not\nincluded in the revocation event. By including the scope in the revocation\nevent, only the scoped token is revoked.\n\n* If a domain or a project was renamed, the old name remained in the cache.\nAs a result the old name could be used in some requests until the cache\nrecord expired. For example, the old domain name could still be used for\nauthentication after renaming the domain. Cache entries are now properly\ninvalidated for domain and project rename operations.\n\n* OpenStack Identity did not return the same status and headers for HEAD\nand GET requests, which does not follow the HTTP specification. This would\nlead to different status codes between running keystone-all versus running\nkeystone in Apache httpd with mod_wsgi. The responses have been corrected\nto be consistent regardless of the webserver being used.\n\n* The migration operation that creates the region table did not explicitly\nset the character set to 'utf8'. Consequently, when the database's default\ncharacter set was not set, the db_sync operation failed. The migration\noperation now detects this condition and corrects the database.\n\nRefer to https://launchpad.net/keystone/icehouse/2014.1.2 for more\ninformation on the bug fixes included in version 2014.1.2.1. (BZ#1127434)\n\nAll openstack-keystone users are advised to upgrade to these updated\npackages, which correct these issues.\n", "cvss3": {}, "published": "2014-09-02T00:00:00", "type": "redhat", "title": "(RHSA-2014:1121) Low: openstack-keystone security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5251", "CVE-2014-5252", "CVE-2014-5253"], "modified": "2018-03-19T12:26:44", "id": "RHSA-2014:1121", "href": "https://access.redhat.com/errata/RHSA-2014:1121", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2021-10-19T20:38:38", "description": "The OpenStack Identity service (keystone) authenticates and authorizes\nOpenStack users by keeping track of users and their permitted activities.\nThe Identity service supports multiple forms of authentication, including\nuser name and password credentials, token-based systems, and AWS-style\nlogins.\n\nA flaw was found in keystone's chained delegation. A trustee able to create\na delegation from a trust or an OAuth token could misuse identity\nimpersonation to bypass the enforced scope, possibly allowing them to\nobtain elevated privileges to the trustor's projects and roles.\n(CVE-2014-3476)\n\nA flaw was found in the way keystone handled trusts. A trustee could use an\nout-of-scope project ID to gain unauthorized access to a project if the\ntrustor had the required roles for that requested project. (CVE-2014-3520)\n\nRed Hat would like to thank the OpenStack project for reporting\nCVE-2014-3520; upstream acknowledges Jamie Lennox of Red Hat as the\noriginal reporter. The CVE-2014-3476 issue was discovered by Steven Hardy\nof Red Hat.\n\nAll openstack-keystone users are advised to upgrade to these updated\npackages, which correct these issues.\n", "cvss3": {}, "published": "2014-07-31T00:00:00", "type": "redhat", "title": "(RHSA-2014:0994) Important: openstack-keystone security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3476", "CVE-2014-3520"], "modified": "2018-06-09T10:17:32", "id": "RHSA-2014:0994", "href": "https://access.redhat.com/errata/RHSA-2014:0994", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:51:21", "description": "OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before\nJuno-3 does not properly revoke tokens when a domain is invalidated, which\nallows remote authenticated users to retain access via a domain-scoped\ntoken for that domain.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | Per upstream, revocation events added in Icehouse (Ubuntu 14.04 LTS)\n", "cvss3": {}, "published": "2014-08-15T00:00:00", "type": "ubuntucve", "title": "CVE-2014-5253", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5253"], "modified": "2014-08-15T00:00:00", "id": "UB:CVE-2014-5253", "href": "https://ubuntu.com/security/CVE-2014-5253", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2021-11-22T21:51:21", "description": "The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before\n2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect\nprecision, which causes the expiration comparison for tokens to fail and\nallows remote authenticated users to retain access via an expired token.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/keystone/+bug/1347961>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | per upstream, revocation events first added in Icehouse (Ubuntu 14.04 LTS)\n", "cvss3": {}, "published": "2014-08-15T00:00:00", "type": "ubuntucve", "title": "CVE-2014-5251", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5251"], "modified": "2014-08-15T00:00:00", "id": "UB:CVE-2014-5251", "href": "https://ubuntu.com/security/CVE-2014-5251", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2021-11-22T21:51:36", "description": "OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and\nJuno before Juno-2 does not properly handle chained delegation, which\nallows remote authenticated users to gain privileges by leveraging a (1)\ntrust or (2) OAuth token with impersonation enabled to create a new token\nwith additional roles.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/keystone/+bug/1324592>\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751454>\n * <https://bugs.launchpad.net/ubuntu/+source/nova/+bug/1354159>\n", "cvss3": {}, "published": "2014-06-17T00:00:00", "type": "ubuntucve", "title": "CVE-2014-3476", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3476"], "modified": "2014-06-17T00:00:00", "id": "UB:CVE-2014-3476", "href": "https://ubuntu.com/security/CVE-2014-3476", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-11-22T21:51:21", "description": "The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and\nJuno before Juno-3 updates the issued_at value for UUID v2 tokens, which\nallows remote authenticated users to bypass the token expiration and retain\naccess via a verification (1) GET or (2) HEAD request to v3/auth/tokens/.\n\n#### Bugs\n\n * <https://bugs.launchpad.net/keystone/+bug/1348820>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | Per upstream, revocation events added in Icehouse (Ubuntu 14.04 LTS)\n", "cvss3": {}, "published": "2014-08-15T00:00:00", "type": "ubuntucve", "title": "CVE-2014-5252", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5252"], "modified": "2014-08-15T00:00:00", "id": "UB:CVE-2014-5252", "href": "https://ubuntu.com/security/CVE-2014-5252", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2021-11-22T21:51:33", "description": "OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, and\nJuno before Juno-2 allows remote authenticated trustees to gain access to\nan unauthorized project for which the trustor has certain roles via the\nproject ID in a V2 API trust token request.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753511>\n * <https://bugs.launchpad.net/keystone/+bug/1331912>\n * <https://bugs.launchpad.net/ubuntu/+source/nova/+bug/1354159>\n", "cvss3": {}, "published": "2014-07-02T00:00:00", "type": "ubuntucve", "title": "CVE-2014-3520", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3520"], "modified": "2014-07-02T00:00:00", "id": "UB:CVE-2014-3520", "href": "https://ubuntu.com/security/CVE-2014-3520", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "debiancve": [{"lastseen": "2022-04-16T07:33:59", "description": "OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain.", "cvss3": {}, "published": "2014-08-25T14:55:00", "type": "debiancve", "title": "CVE-2014-5253", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5253"], "modified": "2014-08-25T14:55:00", "id": "DEBIANCVE:CVE-2014-5253", "href": "https://security-tracker.debian.org/tracker/CVE-2014-5253", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2022-04-16T07:33:59", "description": "The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token.", "cvss3": {}, "published": "2014-08-25T14:55:00", "type": "debiancve", "title": "CVE-2014-5251", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5251"], "modified": "2014-08-25T14:55:00", "id": "DEBIANCVE:CVE-2014-5251", "href": "https://security-tracker.debian.org/tracker/CVE-2014-5251", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2022-04-16T07:33:59", "description": "OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a (1) trust or (2) OAuth token with impersonation enabled to create a new token with additional roles.", "cvss3": {}, "published": "2014-06-17T14:55:00", "type": "debiancve", "title": "CVE-2014-3476", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3476"], "modified": "2014-06-17T14:55:00", "id": "DEBIANCVE:CVE-2014-3476", "href": "https://security-tracker.debian.org/tracker/CVE-2014-3476", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-04-16T07:33:59", "description": "The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification (1) GET or (2) HEAD request to v3/auth/tokens/.", "cvss3": {}, "published": "2014-08-25T14:55:00", "type": "debiancve", "title": "CVE-2014-5252", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5252"], "modified": "2014-08-25T14:55:00", "id": "DEBIANCVE:CVE-2014-5252", "href": "https://security-tracker.debian.org/tracker/CVE-2014-5252", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2022-04-16T07:33:59", "description": "OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust token request.", "cvss3": {}, "published": "2014-10-26T20:55:00", "type": "debiancve", "title": "CVE-2014-3520", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3520"], "modified": "2014-10-26T20:55:00", "id": "DEBIANCVE:CVE-2014-3520", "href": "https://security-tracker.debian.org/tracker/CVE-2014-3520", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T13:39:20", "description": "OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain.", "cvss3": {}, "published": "2014-08-25T14:55:00", "type": "cve", "title": "CVE-2014-5253", "cwe": ["CWE-255"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5253"], "modified": "2014-10-10T05:23:00", "cpe": ["cpe:/a:openstack:keystone:juno-2", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/a:openstack:keystone:juno-1", "cpe:/a:openstack:keystone:2014.1.2", "cpe:/a:openstack:keystone:2014.1"], "id": "CVE-2014-5253", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5253", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:openstack:keystone:juno-2:*:*:*:*:*:*:*", "cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*", "cpe:2.3:a:openstack:keystone:juno-1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T13:39:15", "description": "The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token.", "cvss3": {}, "published": "2014-08-25T14:55:00", "type": "cve", "title": "CVE-2014-5251", "cwe": ["CWE-255"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5251"], "modified": "2014-10-10T05:23:00", "cpe": ["cpe:/a:openstack:keystone:juno-2", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/a:openstack:keystone:juno-1", "cpe:/a:openstack:keystone:2014.1.2", "cpe:/a:openstack:keystone:2014.1"], "id": "CVE-2014-5251", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5251", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:openstack:keystone:juno-2:*:*:*:*:*:*:*", "cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*", "cpe:2.3:a:openstack:keystone:juno-1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:54:48", "description": "OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a (1) trust or (2) OAuth token with impersonation enabled to create a new token with additional roles.", "cvss3": {}, "published": "2014-06-17T14:55:00", "type": "cve", "title": "CVE-2014-3476", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3476"], "modified": "2020-06-02T19:49:00", "cpe": ["cpe:/a:suse:cloud:3"], "id": "CVE-2014-3476", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3476", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:suse:cloud:3:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T13:39:18", "description": "The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification (1) GET or (2) HEAD request to v3/auth/tokens/.", "cvss3": {}, "published": "2014-08-25T14:55:00", "type": "cve", "title": "CVE-2014-5252", "cwe": ["CWE-255"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5252"], "modified": "2014-10-10T05:23:00", "cpe": ["cpe:/a:openstack:keystone:juno-2", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/a:openstack:keystone:juno-1", "cpe:/a:openstack:keystone:2014.1.2", "cpe:/a:openstack:keystone:2014.1"], "id": "CVE-2014-5252", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5252", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:openstack:keystone:juno-2:*:*:*:*:*:*:*", "cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*", "cpe:2.3:a:openstack:keystone:juno-1:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T12:55:44", "description": "OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust token request.", "cvss3": {}, "published": "2014-10-26T20:55:00", "type": "cve", "title": "CVE-2014-3520", "cwe": ["CWE-863"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3520"], "modified": "2020-06-02T19:20:00", "cpe": [], "id": "CVE-2014-3520", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3520", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": []}], "ibm": [{"lastseen": "2022-01-01T21:54:05", "description": "## Summary\n\nVulnerability in Keystone affects IBM SmartCloud Orchestrator (CVE-2014-3476).\n\n## Vulnerability Details\n\nBy creating a delegation from a trust or OAuth token, a trustee might abuse the identity impersonation against keystone and circumvent the enforced scope, which results in potential elevated privileges to any of the trustor's projects and or roles. All Keystone deployments configured to enable trusts are affected, which has been the default since Grizzly. \n \n \n**CVE-ID:** [CVE-2014-3476](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3476>) \n**DESCRIPTION:** OpenStack Keystone might allow a remote authenticated attacker to gain elevated privileges on the system, which is caused by an error when handling a project ID. An attacker with the appropriate roles might exploit this vulnerability to gain elevated privileges on the system. \n \n**CVSS Base Score:** 7.5 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93791> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n## Affected Products and Versions\n\nIBM SmartCloud Orchestrator V2.3 and IBM SmartCloud Orchestrator V2.3.0 Fix Pack 1 up to Interim Fix 4\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix as soon as practical. Upgrade to [IBM SmartCloud Orchestrator V2.3.0 Fix Pack 1 Interim Fix 5](<http://www.ibm.com/support/docview.wss?uid=swg24040364>).\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\nFirst version published November 20, 2014 \n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"SS4KMC\",\"label\":\"IBM SmartCloud Orchestrator\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":\"Security\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"2.3\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {}, "published": "2018-06-17T22:30:50", "type": "ibm", "title": "Security Bulletin: Vulnerability in Keystone affects IBM SmartCloud Orchestrator (CVE-2014-3476)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3476"], "modified": "2018-06-17T22:30:50", "id": "6F69E3C53271E80C2BDC3FFC7BDFDF335771E0F78DCA3028CCAA7DDAD9D160CC", "href": "https://www.ibm.com/support/pages/node/519291", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-12-30T21:52:23", "description": "## Summary\n\nVulnerability in Keystone affects IBM SmartCloud Orchestrator (CVE-2014-3520). \n\n\n## Vulnerability Details\n\nKeystone V2 trusts privilege escalation through user supplied project ID. By using an out-of-scope project ID, a trustee might gain unauthorized access if the trustor has the required roles in the requested project ID. All Keystone deployments configured to enable trusts and V2 API are affected.** \n** \n**CVE-ID:** [CVE-2014-3520](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3520>) \n \n**DESCRIPTION:** OpenStack Keystone might allow a remote authenticated attacker to gain elevated privileges on the system, which is caused by an error when handling a project ID. An attacker with the appropriate roles might exploit this vulnerability to gain elevated privileges on the system. \n \n**CVSS Base Score:** 6.5 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94282> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:L/Au:S/C:P/I:P/A:P)\n\n## Affected Products and Versions\n\nIBM SmartCloud Orchestrator 2.3 and IBM SmartCloud Orchestrator 2.3 Fix Pack 1 (2.3.0.1) up to Interim Fix 4\n\n## Remediation/Fixes\n\nUpgrade to [IBM SmartCloud Orchestrator 2.3.0 Fix Pack 1 Interim Fix 5](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ETivoli&product=ibm/Tivoli/IBM+SmartCloud+Orchestrator&release=2.3.0.1&platform=All&function=fixId&fixids=2.3.0.1-CSI-ISCO-IF0005&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp&source=fc>) or later.\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n* 20 November 2014: Original copy published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"SS4KMC\",\"label\":\"IBM SmartCloud Orchestrator\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":\"Security\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"2.3;2.3.0.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {}, "published": "2018-06-17T22:30:50", "type": "ibm", "title": "Security Bulletin: Vulnerability in Keystone affects IBM SmartCloud Orchestrator (CVE-2014-3520)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3520"], "modified": "2018-06-17T22:30:50", "id": "35A6481B684FE5D5D9057BDA71707AAE9A36B603AB27EBA4C069893FEDDC26A5", "href": "https://www.ibm.com/support/pages/node/519317", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T11:40:17", "description": "openstack-keystone was updated to version 2013.2.4.dev5.g9162837 to fix\n one security issue and one regular bug:\n\n * Privilege escalation through trust chained delegation.\n (CVE-2014-3476)\n * Fix invalid LDAP filter for user ID with commas.\n", "cvss3": {}, "published": "2014-06-26T01:04:38", "type": "suse", "title": "Security update for openstack-keystone (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-3476"], "modified": "2014-06-26T01:04:38", "id": "SUSE-SU-2014:0848-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00031.html", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "metasploit": [{"lastseen": "2021-04-08T02:43:16", "description": "\n", "edition": 2, "cvss3": {}, "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "Oracle Solaris 11: CVE-2014-3520: Vulnerability in OpenStack Identity (Keystone)", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3520"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/ORACLE-SOLARIS-CVE-2014-3520/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "description": "Keystone is a Python implementation of the OpenStack (http://www.openstack.org) identity service API. This package contains the Keystone daemon. ", "edition": 2, "cvss3": {}, "published": "2014-08-07T15:24:24", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: openstack-keystone-2013.2.3-5.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4477", "CVE-2013-6391", "CVE-2014-2237", "CVE-2014-2828", "CVE-2014-3476", "CVE-2014-3520"], "modified": "2014-08-07T15:24:24", "id": "FEDORA:8AD7322553", "href": "", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "securityvulns": [{"lastseen": "2021-06-08T18:51:06", "description": "Ceilometer information leakage, Neutron information leakage and DoS, Glance DoS, Horizon crossite scripting, Keystone restrictions bypass and privilege escalation, Nova timing attacks.", "edition": 2, "cvss3": {}, "published": "2014-08-24T00:00:00", "title": "OpenStack multiple security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-3473", "CVE-2014-3475", "CVE-2014-3476", "CVE-2014-3555", "CVE-2014-4615", "CVE-2014-3517", "CVE-2013-6433", "CVE-2014-3497", "CVE-2014-3594", "CVE-2014-5356", "CVE-2014-3474", "CVE-2014-0187"], "modified": "2014-08-24T00:00:00", "id": "SECURITYVULNS:VULN:13927", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13927", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
