CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2013-0282 – Keystone: EC2-style authentication accepts disabled user/tenants
https://notcve.org/view.php?id=CVE-2013-0282
OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions. OpenStack Keystone Grizzly antes de v2013.1, Folsom v2012.1.3 y anteriores, y Essex no comprueba correctamente si (1) el usuario, (2) el inquilino, o (3) el dominio está habilitada cuando se utiliza autenticación EC2-style, lo que permite eludir restricciones de acceso a atacantes dependientes del contexto. • http://www.openwall.com/lists/oss-security/2013/02/19/3 https://bugs.launchpad.net/keystone/+bug/1121494 https://launchpad.net/keystone/+milestone/2012.2.4 https://launchpad.net/keystone/grizzly/2013.1 https://review.openstack.org/#/c/22319 https://review.openstack.org/#/c/22320 https://review.openstack.org/#/c/22321 https://access.redhat.com/security/cve/CVE-2013-0282 https://bugzilla.redhat.com/show_bug.cgi?id=910928 • CWE-287: Improper Authentication •
CVSS: 5.0EPSS: 1%CPEs: 5EXPL: 0CVE-2013-0247 – Keystone: denial of service through invalid token requests
https://notcve.org/view.php?id=CVE-2013-0247
OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service (disk consumption) via many invalid token requests that trigger excessive generation of log entries. OpenStack Keystone Essex v2012.1.3 y anteriores, y Grizzly grizzly-2 y anteriores permiten a atacantes remotos generar una denegación de servicio (consumo de disco) mediante una solicitud de token inválida que genera una excesiva cantidad de entradas de registro. • http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098906.html http://rhn.redhat.com/errata/RHSA-2013-0253.html http://www.securityfocus.com/bid/57747 http://www.ubuntu.com/usn/USN-1715-1 https://bugs.launchpad.net/keystone/+bug/1098307 https://bugzilla.redhat.com/show_bug.cgi?id=906171 https://access.redhat.com/security/cve/CVE-2013-0247 • CWE-399: Resource Management Errors •