CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2015-7546
https://notcve.org/view.php?id=CVE-2015-7546
03 Feb 2016 — The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers, which allows remote authenticated users to bypass intended access restrictions and gain access to cloud resources by manipulating byte fields within a revoked token. El servicio de identificación en OpenStac... • http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-5252 – openstack-keystone: token expiration date stored incorrectly
https://notcve.org/view.php?id=CVE-2014-5252
21 Aug 2014 — The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification (1) GET or (2) HEAD request to v3/auth/tokens/. La API V3 en OpenStack Identity (Keystone) 2014.1.x anterior a 2014.1.2.1 y Juno anterior a Juno-3 actualiza el valor issued_at para los tokens UUID v2, loque permite a usuarios remotos autenticados evadir la caduc... • http://rhn.redhat.com/errata/RHSA-2014-1121.html • CWE-255: Credentials Management Errors CWE-613: Insufficient Session Expiration •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-5253 – openstack-keystone: domain-scoped tokens don't get revoked
https://notcve.org/view.php?id=CVE-2014-5253
21 Aug 2014 — OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain. OpenStack Identity (Keystone) 2014.1.x anterior a 2014.1.2.1 y Juno anterior a Juno-3 no revoca debidamente los tokens cuando un dominio está invalidado, lo que permite a usuarios remotos autenticados conservar el acceso a través de un token 'domain-scoped' para este do... • http://rhn.redhat.com/errata/RHSA-2014-1121.html • CWE-255: Credentials Management Errors CWE-613: Insufficient Session Expiration •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-5251 – openstack-keystone: revocation events are broken with mysql
https://notcve.org/view.php?id=CVE-2014-5251
21 Aug 2014 — The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token. El controlador de los tokens MySQL en OpenStack Identity (Keystone) 2014.1.x anterior a 2014.1.2.1 y Juno anterior a Juno-3 almacena las marcas del tiempo (timestamps) con la precisión incorrecta, lo que causa que falle la ... • http://rhn.redhat.com/errata/RHSA-2014-1121.html • CWE-255: Credentials Management Errors CWE-613: Insufficient Session Expiration •