Lucene search
Veracode Vulnerability DatabaseVERACODE:15876HistoryMay 02, 2019 - 5:05 a.m.
Privilege Escalation
2019-05-0205:05:14
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
3
0.006 Low
EPSS
Percentile
78.0%
openstack-keystone is vulnerable to privilege escalation. A flaw was found in the way keystone handled trusts. A trustee could use an out-of-scope project ID to gain unauthorized access to a project if the trustor had the required roles for that requested project.
References
lists.openstack.org/pipermail/openstack-announce/2014-July/000248.html
secunia.com/advisories/59426
access.redhat.com/errata/RHSA-2014:0994
access.redhat.com/security/cve/CVE-2014-3520
access.redhat.com/security/updates/classification/#important
bugs.launchpad.net/keystone/+bug/1331912
bugzilla.redhat.com/show_bug.cgi?id=1112668
rhn.redhat.com/errata/RHSA-2014-0994.html
Related
cvelist
cvelist
CVE-2014-3520
2014-10-26 20:00:00
ibm
ibm
nessus
nessus
Oracle Solaris Third-Party Patch Update : keystone (cve_2014_3520_privilege_escalation)
2015-01-19 00:00:00
Fedora 20 : openstack-keystone-2013.2.3-5.fc20 (2014-5497)
2014-08-08 00:00:00
Ubuntu 14.04 LTS : OpenStack Keystone vulnerabilities (USN-2324-1)
2014-08-22 00:00:00
nvd
nvd
CVE-2014-3520
2014-10-26 20:55:02
cve
cve
CVE-2014-3520
2014-10-26 20:55:02
ubuntucve
ubuntucve
CVE-2014-3520
2014-07-02 00:00:00
debiancve
debiancve
CVE-2014-3520
2014-10-26 20:55:02
prion
prion
Cross site request forgery (csrf)
2014-10-26 20:55:00
redhat
redhat
(RHSA-2014:0994) Important: openstack-keystone security update
2014-07-31 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-2324-1)
2014-08-22 00:00:00
Fedora Update for openstack-keystone FEDORA-2014-5497
2014-08-08 00:00:00
ubuntu
ubuntu
OpenStack Keystone vulnerabilities
2014-08-21 00:00:00
securityvulns
securityvulns
[USN-2324-1] OpenStack Keystone vulnerabilities
2014-08-24 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: openstack-keystone-2013.2.3-5.fc20
2014-08-07 15:24:24