CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2015-7546
https://notcve.org/view.php?id=CVE-2015-7546
03 Feb 2016 — The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers, which allows remote authenticated users to bypass intended access restrictions and gain access to cloud resources by manipulating byte fields within a revoked token. El servicio de identificación en OpenStac... • http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 1CVE-2014-3621 – openstack-keystone: configuration data information leak through Keystone catalog
https://notcve.org/view.php?id=CVE-2014-3621
02 Oct 2014 — The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field. El reemplazo de la URL catalog en OpenStack Identity (Keystone) anterior a versión 2013.2.3 y versiones 2014.1 anteriores a 2014.1.2.1, permite a los usuarios autenticados remotos leer opciones de configuración confidenciales por medio de ... • http://rhn.redhat.com/errata/RHSA-2014-1688.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2014-3520 – openstack-keystone: Keystone V2 trusts privilege escalation through user supplied project id
https://notcve.org/view.php?id=CVE-2014-3520
31 Jul 2014 — OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust token request. OpenStack Identity (Keystone) anterior a 2013.2.4, 2014.x anterior a 2014.1.2, y Juno anterior a Juno-2 permite a usuarios remotos autenticados en quien se confía ganar acceso a un proyecto no autorizado para el cual el elemento que establece la c... • http://lists.openstack.org/pipermail/openstack-announce/2014-July/000248.html • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2014-3476 – openstack-keystone: privilege escalation through trust chained delegation
https://notcve.org/view.php?id=CVE-2014-3476
17 Jun 2014 — OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a (1) trust or (2) OAuth token with impersonation enabled to create a new token with additional roles. OpenStack Identity (Keystone) anterior a 2013.2.4, 2014.1 anterior a 2014.1.2, y Juno anterior a Juno-2 no maneja debidamente la delegación encadenada, lo que permite a usuarios remotos autenticado... • http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00031.html • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2014-2828 – openstack-keystone: denial of service via V3 API authentication chaining
https://notcve.org/view.php?id=CVE-2014-2828
15 Apr 2014 — The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the same authentication method in a request, aka "authentication chaining." La API V3 en OpenStack Identity (Keystone) 2013.1 anterior a 2013.2.4 y icehouse anterior a icehouse-rc2 permite a atacantes remotos causar una denegación de servicio (consumo de CPU) a través de un número grande del mismo método de autenticac... • http://rhn.redhat.com/errata/RHSA-2014-1688.html • CWE-287: Improper Authentication CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.1EPSS: 0%CPEs: 6EXPL: 0CVE-2014-2237 – openstack-keystone: trustee token revocation does not work with memcache backend
https://notcve.org/view.php?id=CVE-2014-2237
01 Apr 2014 — The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being invalidated by bulk token revocation and allows the trustee to bypass intended access restrictions. El memcache token backend en OpenStack Identity (Keystone) 2013.1 hasta 2.013.1.4, 2013.2 hasta 2013.2.2 y icehouse... • http://rhn.redhat.com/errata/RHSA-2014-0580.html • CWE-264: Permissions, Privileges, and Access Controls CWE-613: Insufficient Session Expiration •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2013-6391 – Keystone: trust circumvention through EC2-style tokens
https://notcve.org/view.php?id=CVE-2013-6391
14 Dec 2013 — The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2tokens API request. La API ec2tokens en OpenStack Identity (Keystone) anterior a de Havana 2013.2.1 y Icehouse anterior Icehouse-2 no devuelve una token de confianza de ámbito cuando se recibe uno, lo que permite a lo... • http://rhn.redhat.com/errata/RHSA-2014-0089.html • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-2157 – openstack-keystone: Authentication bypass when using LDAP backend
https://notcve.org/view.php?id=CVE-2013-2157
14 Jun 2013 — OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password. OpenStack Swift Folsom, Grizzly anterior a 2013.1.3 y Havana, cuando utilizan LDAP con binding anónimo, permite a atacantes remotos evitar la autenticación con una contraseña en blanco. Eoghan Glynn and Alex Meade discovered that Keystone did not properly perform expiry checks for the PKI tokens used in Keystone. If Keystone were setu... • http://rhn.redhat.com/errata/RHSA-2013-0994.html • CWE-287: Improper Authentication •