Lucene search
RootSSV:61698HistoryMar 07, 2014 - 12:00 a.m.
OpenStack Keystone Trustee令牌吊销失败安全绕过漏洞
2014-03-0700:00:00
Root
www.seebug.org
20
EPSS
0.003
Percentile
69.2%
Bugtraq ID:65895
CVE ID:CVE-2014-2237
Keystone是Openstack中用于身份验证的项目,任何服务请求需要经过它的验证获得服务的endpoint。
OpenStack Keystone Keystone内存令牌后端存在漏洞,当委托人提交启用模拟的可信令牌时,令牌仅添加到委托人令牌列表,但没添加到受托人令牌列表。这会导致受托人吊销令牌时不能使信任令牌正确失效。
使用memcache后端的Keystone受此漏洞影响。
0
Openstack Keystone 2013.1 - 2013.1.4
Openstack Keystone 2013.2 - 2013.2.2
厂商补丁:
Keystone
用户可参考如下厂商提供的安全补丁以修复该漏洞:
https://git.openstack.org/cgit/openstack/keystone/commit/?id=813d1254eb4f7a7d40009b23bbadbc4c5cc5daac
Related
debiancve
debiancve
CVE-2014-2237
2014-04-01 06:35:53
nessus
nessus
Fedora 20 : openstack-keystone-2013.2.3-2.fc20 (2014-4903)
2014-04-18 00:00:00
RHEL 6 : openstack-keystone (RHSA-2014:0368)
2024-04-24 00:00:00
Fedora 19 : openstack-keystone-2013.1.5-2.fc19 (2014-4210)
2014-04-07 00:00:00
github
github
ubuntucve
ubuntucve
CVE-2014-2237
2014-04-01 00:00:00
veracode
veracode
Improper Invalidation Of Token
2019-01-15 08:52:21
ibm
ibm
cve
cve
CVE-2014-2237
2014-04-01 06:35:53
cvelist
cvelist
CVE-2014-2237
2014-04-01 01:00:00
redhat
redhat
(RHSA-2014:0580) Moderate: openstack-keystone security and bug fix update
2014-05-29 00:00:00
(RHSA-2014:0368) Moderate: openstack-keystone security update
2014-04-03 00:00:00
prion
prion
Authentication flaw
2014-04-01 06:35:00
nvd
nvd
CVE-2014-2237
2014-04-01 06:35:53
fedora
fedora
[SECURITY] Fedora 20 Update: openstack-keystone-2013.2.3-2.fc20
2014-04-17 06:00:52
[SECURITY] Fedora 19 Update: openstack-keystone-2013.1.5-2.fc19
2014-04-05 04:54:55
[SECURITY] Fedora 20 Update: openstack-keystone-2013.2.3-5.fc20
2014-08-07 15:24:24
openvas
openvas
Fedora Update for openstack-keystone FEDORA-2014-4903
2014-04-21 00:00:00
Fedora Update for openstack-keystone FEDORA-2014-4903
2014-04-21 00:00:00
Fedora Update for openstack-keystone FEDORA-2014-4210
2014-04-08 00:00:00