Page 2 of 9 results (0.012 seconds)

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elastic Compute Cloud (Amazon EC2) is configured, uses world-readable permissions for /etc/keystone/ec2rc, which allows local users to obtain access to EC2 services by reading administrative access and secret values from this file. tools/sample_data.sh en OpenStack Keystone 2012.1.3, cuando se encuentra configurado el acceso a Elastic Compute Cloud de Amazon (Amazon EC2), utiliza permisos de lectura para tdo el mundo en /etc/keystone/ec2rc, lo que permite a usuarios locales obtener acceso a los servicios EC2 mediante la lectura de información de administración y valores secretos de este archivo. • http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html http://rhn.redhat.com/errata/RHSA-2012-1556.html http://www.securityfocus.com/bid/56888 https://bugzilla.redhat.com/show_bug.cgi?id=873447 https://exchange.xforce.ibmcloud.com/vulnerabilities/80612 https://access.redhat.com/security/cve/CVE-2012-5483 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0

OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant. OpenStack Keystone Essex antes de v2012.1.2 y Folsom antes de Folsom-3 no tratan correctamente los tokens de autorización para identidades deshabilitadas, lo que permite a usuarios remotos autenticados acceder a los recursos de dicha identidad solicitando un token para el individuo. • http://secunia.com/advisories/50665 http://www.openwall.com/lists/oss-security/2012/09/28/6 http://www.securityfocus.com/bid/55716 https://bugzilla.redhat.com/show_bug.cgi?id=861180 https://exchange.xforce.ibmcloud.com/vulnerabilities/78947 https://github.com/openstack/keystone/commit/4ebfdfaf23c6da8e3c182bf3ec2cb2b7132ef685 https://github.com/openstack/keystone/commit/5373601bbdda10f879c08af1698852142b75f8d5 https://lists.launchpad.net/openstack/msg17035.html https://access.redhat.com/security/cve/CVE-2012-445 • CWE-287: Improper Authentication •

CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0

The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the roles for an arbitrary user or get, create, or delete arbitrary services. (1) OS-KSADM/services y (2) la API de identidades en OpenStack Keystone Essex antes de v2012.1.2 y Folsom antes de Folsom-2 no validan correctamente X-auth-Token, lo que permite a atacantes remotos leer los roles de un usuario de su elección u obtener, crear o eliminar servicios de su elección. • http://secunia.com/advisories/50665 http://www.openwall.com/lists/oss-security/2012/09/28/5 http://www.securityfocus.com/bid/55716 https://bugs.launchpad.net/keystone/+bug/1006815 https://bugs.launchpad.net/keystone/+bug/1006822 https://bugzilla.redhat.com/show_bug.cgi?id=861179 https://exchange.xforce.ibmcloud.com/vulnerabilities/78944 https://github.com/openstack/keystone/commit/14b136aed9d988f5a8f3e699bd4577c9b874d6c1 https://github.com/openstack/keystone/commit/1d146f5c32e58a73a677d308370f147a3271c2cb • CWE-287: Improper Authentication CWE-304: Missing Critical Step in Authentication •

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0

OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles. OpenStack Keystone v2012.1.3 no invalida los tokens existentes cuando permite o deniega los roles, lo que permite a usuarios autenticados remotamente mantener los privilegios de los roles eliminados. • http://osvdb.org/85484 http://secunia.com/advisories/50531 http://secunia.com/advisories/50590 http://www.openwall.com/lists/oss-security/2012/09/12/7 http://www.securityfocus.com/bid/55524 http://www.ubuntu.com/usn/USN-1564-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/78478 https://access.redhat.com/security/cve/CVE-2012-4413 https://bugzilla.redhat.com/show_bug.cgi?id=855491 • CWE-264: Permissions, Privileges, and Access Controls CWE-613: Insufficient Session Expiration •