CVE-2022-0087 – Cross-site Scripting (XSS) - Reflected in keystonejs/keystone
https://notcve.org/view.php?id=CVE-2022-0087
keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') keystone es vulnerable a una Neutralización Inapropiada de Entradas Durante la Generación de Páginas Web ("Cross-site Scripting") • https://github.com/keystonejs/keystone/commit/96bf833a23b1a0a5d365cf394467a943cc481b38 https://huntr.dev/bounties/c9d7374f-2cb9-4bac-9c90-a965942f413e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-38155
https://notcve.org/view.php?id=CVE-2021-38155
OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). By guessing the name of an account and failing to authenticate multiple times, any unauthenticated actor could both confirm the account exists and obtain that account's corresponding UUID, which might be leveraged for other unrelated attacks. All deployments enabling security_compliance.lockout_failure_attempts are affected. OpenStack Keystone versiones 10.x hasta 16.x anteriores a 16.0.2, versiones 17.x anteriores a 17.0.1, versiones 18.x anteriores a 18.0.1 y versiones 19.x anteriores a 19.0.1, permite una divulgación de información durante el bloqueo de cuentas (relacionado con las características de PCI DSS). Al adivinar el nombre de una cuenta y fallando en la autenticación múltiples veces, cualquier actor no autenticado podría tanto confirmar que la cuenta se presenta y obtener el UUID correspondiente de esa cuenta, que podría ser aprovechado para otros ataques no relacionados. • http://www.openwall.com/lists/oss-security/2021/08/10/5 https://launchpad.net/bugs/1688137 https://lists.debian.org/debian-lts-announce/2024/01/msg00007.html https://security.openstack.org/ossa/OSSA-2021-003.html • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVE-2020-36404
https://notcve.org/view.php?id=CVE-2020-36404
Keystone Engine 0.9.2 has an invalid free in llvm_ks::SmallVectorImpl<llvm_ks::MCFixup>::~SmallVectorImpl. Keystone Engine versión 0.9.2, presenta una liberación no válida en la función llvm_ks::SmallVectorImpl(llvm_ks::MCFixup)::~SmallVectorImpl • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22371 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/keystone/OSV-2020-1506.yaml https://github.com/keystone-engine/keystone/releases • CWE-763: Release of Invalid Pointer or Reference •
CVE-2020-12689 – openstack-keystone: EC2 and credential endpoints are not protected from a scoped context
https://notcve.org/view.php?id=CVE-2020-12689
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges. Se detectó un problema en OpenStack Keystone en versiones anteriores a la 15.0.1 y 16.0.0. Cualquier usuario autenticado dentro de un alcance limitado (credencial de confianza/autorización/aplicación) puede crear una credencial EC2 con un permiso escalado, como obtener administrador mientras el usuario tiene un rol de visor limitado. • http://www.openwall.com/lists/oss-security/2020/05/07/2 https://bugs.launchpad.net/keystone/+bug/1872735 https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2%40%3Ccommits.druid.apache.org%3E https://security.openstack.org/ossa/OSSA-2020-004.html https://usn.ubuntu.com/4480-1 https://www.openwall.com/lists/oss-security/2020/05/06/5 https://access.redhat.com/security/cve/CVE-2020-12689 https://bugzilla.redhat.com/show_bug.cgi?id=1830396 • CWE-269: Improper Privilege Management CWE-863: Incorrect Authorization •
CVE-2020-12690 – openstack-keystone: OAuth1 request token authorize silently ignores roles parameter
https://notcve.org/view.php?id=CVE-2020-12690
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. This results in the provided keystone token having more role assignments than the creator intended, possibly giving unintended escalated access. Se detectó un problema en OpenStack Keystone versiones anteriores a 15.0.1 y 16.0.0. • http://www.openwall.com/lists/oss-security/2020/05/07/3 https://bugs.launchpad.net/keystone/+bug/1873290 https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa%40%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2%40%3Ccommits.druid.apache.org%3E https://security.openstack.org/ossa/OSSA-2020-005.html https://usn.ubuntu.com/4480-1 https://www.openwall.com/lists/oss-security/2020/05/06/6 https:// • CWE-613: Insufficient Session Expiration CWE-863: Incorrect Authorization •