Lucene search
RootSSV:60742HistoryApr 16, 2013 - 12:00 a.m.
OpenStack Keystone 验证绕过漏洞(CVE-2013-0282)
2013-04-1600:00:00
Root
www.seebug.org
14
0.003 Low
EPSS
Percentile
68.2%
CVE ID:CVE-2013-0282
OpenStack Keystone为OpenStack系列计划提供身份、令牌、目录和策略服务的项目。
在使用EC2-Style验证时OpenStack Keystone Grizzly,Folsom, Essex没有正确检查用户,租户或域是否启用,允许远程攻击者利用漏洞绕过访问限制。
仅设置了启用EC2-Style验证的系统受此漏洞影响。
0
OpenStack Keystone Grizzly 2013.1之前版本
OpenStack Keystone Folsom 2012.1.3之前版本
OpenStack Keystone Essex
厂商解决方案
用户可参考如下厂商提供的补丁以修复此漏洞:
Grizzly (development branch) fix:
https://review.openstack.org/#/c/22319/
Folsom fix:
https://review.openstack.org/#/c/22320/
Essex fix:
https://review.openstack.org/#/c/22321/
Related
veracode
veracode
Authorization Bypass
2019-01-15 08:59:08
debiancve
debiancve
CVE-2013-0282
2013-04-12 22:55:00
cvelist
cvelist
CVE-2013-0282
2013-04-12 22:00:00
github
github
prion
prion
Authentication flaw
2013-04-12 22:55:00
cve
cve
CVE-2013-0282
2013-04-12 22:55:00
ubuntucve
ubuntucve
CVE-2013-0282
2013-02-19 00:00:00
nessus
nessus
Ubuntu 12.04 LTS / 12.10 : keystone vulnerabilities (USN-1730-1)
2013-02-21 00:00:00
Fedora 18 : openstack-keystone-2012.2.3-3.fc18 (2013-2916)
2013-03-05 00:00:00
openSUSE Security Update : openstack (openSUSE-2013-237)
2014-06-13 00:00:00
ubuntu
ubuntu
OpenStack Keystone vulnerabilities
2013-02-20 00:00:00
securityvulns
securityvulns
[USN-1730-1] OpenStack Keystone vulnerabilities
2013-02-24 00:00:00
OpenStack security vulnerabilities
2013-03-24 00:00:00
redhat
redhat
openvas
openvas
Ubuntu: Security Advisory (USN-1730-1)
2013-02-22 00:00:00
Ubuntu Update for keystone USN-1730-1
2013-02-22 00:00:00
Fedora Update for openstack-keystone FEDORA-2013-2916
2013-03-05 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: openstack-keystone-2012.2.3-3.fc18
2013-03-04 22:39:17
[SECURITY] Fedora 18 Update: openstack-keystone-2012.2.3-5.fc18
2013-04-08 22:52:02
[SECURITY] Fedora 18 Update: openstack-keystone-2012.2.4-3.fc18
2013-05-22 01:29:47