Lucene search
UbuntuUSN-2406-1HistoryNov 11, 2014 - 12:00 a.m.
OpenStack Keystone vulnerability
2014-11-1100:00:00
ubuntu.com
26
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
6.3 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
71.5%
Releases
- Ubuntu 14.04 ESM
Packages
- keystone - OpenStack identity service
Details
Brant Knudson discovered that OpenStack Keystone did not properly perform
input sanitization when performing endpoint catalog substitution. A remote
attacker with privileged access for creating endpoints could exploit this
to obtain sensitive information.
References
Related
nessus
nessus
openvas
openvas
Ubuntu: Security Advisory (USN-2406-1)
2014-11-12 00:00:00
ubuntucve
ubuntucve
CVE-2014-3621
2014-10-02 00:00:00
cve
cve
CVE-2014-3621
2014-10-02 14:55:03
veracode
veracode
Information Disclosure
2019-01-15 09:02:43
cvelist
cvelist
CVE-2014-3621
2014-10-02 14:00:00
redhat
redhat
(RHSA-2014:1789) Important: openstack-keystone security and bug fix update
2014-11-03 08:36:51
(RHSA-2014:1790) Important: openstack-keystone security and bug fix update
2014-11-03 08:37:16
(RHSA-2014:1688) Important: openstack-keystone security and bug fix update
2014-10-22 00:00:00
prion
prion
Code injection
2014-10-02 14:55:00
github
github
OpenStack Identity Keystone Exposure of Sensitive Information
2022-05-13 01:26:10
debiancve
debiancve
CVE-2014-3621
2014-10-02 14:55:03
securityvulns
securityvulns
[USN-2406-1] OpenStack Keystone vulnerability
2014-12-01 00:00:00
OpenStack multiple security vulnerabilities
2014-12-01 00:00:00
nvd
nvd
CVE-2014-3621
2014-10-02 14:55:03
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
6.3 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
71.5%
Related for USN-2406-1