CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-12692 – openstack-keystone: failure to check signature TTL of the EC2 credential auth method
https://notcve.org/view.php?id=CVE-2020-12692
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times. Se detectó un problema en OpenStack Keystone versiones anteriores a 15.0.1 y 16.0.0. La API EC2 no presenta una comprobación TTL de firma para AWS Signature V4. • http://www.openwall.com/lists/oss-security/2020/05/07/1 https://bugs.launchpad.net/keystone/+bug/1872737 https://security.openstack.org/ossa/OSSA-2020-003.html https://usn.ubuntu.com/4480-1 https://www.openwall.com/lists/oss-security/2020/05/06/4 https://access.redhat.com/security/cve/CVE-2020-12692 https://bugzilla.redhat.com/show_bug.cgi?id=1833164 • CWE-294: Authentication Bypass by Capture-replay CWE-347: Improper Verification of Cryptographic Signature CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20170
https://notcve.org/view.php?id=CVE-2018-20170
OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should have an OpenStack Security Advisory ** EN DISPUTA ** OpenStack Keystone hasta la versión 14.0.1 tiene una vulnerabilidad de enumeración de usuarios debido a que los nombres de usuario inválidos tienen respuestas mucho más rápidas que los válidos en una petición POST en /v3/auth/tokens. NOTA: el fabricante siente que las ventajas de cambiar esto serían demasiado escasas en relación con la degradación del rendimiento. • https://bugs.launchpad.net/keystone/+bug/1795800 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2018-14432 – openstack-keystone: Information Exposure through /v3/OS-FEDERATION/projects
https://notcve.org/view.php?id=CVE-2018-14432
In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access, leaking all projects in the deployment and their attributes. Only Keystone with the /v3/OS-FEDERATION endpoint enabled via policy.json is affected. En el componente Federation de OpenStack Keystone en versiones anteriores a la 11.0.4, 12.0.0 y 13.0.0, una petición "GET /v3/OS-FEDERATION/projects" autenticada podría omitir las restricciones de acceso planeadas en los proyectos en lista. Un usuario autenticado podría descubrir proyectos a los que no están autorizados a acceder, filtrando todos los proyectos desplegados y sus atributos. • http://www.openwall.com/lists/oss-security/2018/07/25/2 http://www.securityfocus.com/bid/104930 https://access.redhat.com/errata/RHSA-2018:2523 https://access.redhat.com/errata/RHSA-2018:2533 https://access.redhat.com/errata/RHSA-2018:2543 https://www.debian.org/security/2018/dsa-4275 https://access.redhat.com/security/cve/CVE-2018-14432 https://bugzilla.redhat.com/show_bug.cgi?id=1606868 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.8EPSS: 0%CPEs: 7EXPL: 0CVE-2017-15881
https://notcve.org/view.php?id=CVE-2017-15881
Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 allows remote authenticated administrators to inject arbitrary web script or HTML via the "content brief" or "content extended" field, a different vulnerability than CVE-2017-15878. Vulnerabilidad Cross-Site Scripting (XSS) en KeystoneJS en versiones anteriores a la 4.0.0-beta.7 permite que administradores autenticados remotos inyecten scripts web o HTML arbitrarios mediante el campo "content brief" o "content extended". Esta es una vulnerabilidad diferente de CVE-2017-15878. • http://blog.securelayer7.net/keystonejs-open-source-penetration-testing-report http://www.securityfocus.com/bid/101541 https://github.com/keystonejs/keystone/issues/4437 https://github.com/keystonejs/keystone/pull/4478 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1CVE-2017-15879 – KeystoneJS 4.0.0-beta.5 - CSV Excel Macro Injection
https://notcve.org/view.php?id=CVE-2017-15879
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export. Existe inyección de CSV (también conocido como Excel Macro Injection or Formula Injection) en admin/server/api/download.js y lib/list/getCSVData.js en KeystoneJS en versiones anteriores a la 4.0.0-beta.7 mediante un valor que no se gestiona de manera correcta en una exportación de CSV. KeystoneJS version 4.0.0-beta.5 suffers from an unauthenticated CSV injection vulnerability in admin/server/api/download.js and lib/list/getCSVData.js. • https://www.exploit-db.com/exploits/43053 https://github.com/keystonejs/keystone/pull/4478 https://packetstormsecurity.com/files/144755/KeystoneJS-4.0.0-beta.5-Unauthenticated-CSV-Injection.html • CWE-20: Improper Input Validation •