CVE-2020-12692 – openstack-keystone: failure to check signature TTL of the EC2 credential auth method
https://notcve.org/view.php?id=CVE-2020-12692
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times. Se detectó un problema en OpenStack Keystone versiones anteriores a 15.0.1 y 16.0.0. La API EC2 no presenta una comprobación TTL de firma para AWS Signature V4. • http://www.openwall.com/lists/oss-security/2020/05/07/1 https://bugs.launchpad.net/keystone/+bug/1872737 https://security.openstack.org/ossa/OSSA-2020-003.html https://usn.ubuntu.com/4480-1 https://www.openwall.com/lists/oss-security/2020/05/06/4 https://access.redhat.com/security/cve/CVE-2020-12692 https://bugzilla.redhat.com/show_bug.cgi?id=1833164 • CWE-294: Authentication Bypass by Capture-replay CWE-347: Improper Verification of Cryptographic Signature CWE-863: Incorrect Authorization •
CVE-2018-20170
https://notcve.org/view.php?id=CVE-2018-20170
OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: the vendor's position is that this is a hardening opportunity, and not necessarily an issue that should have an OpenStack Security Advisory ** EN DISPUTA ** OpenStack Keystone hasta la versión 14.0.1 tiene una vulnerabilidad de enumeración de usuarios debido a que los nombres de usuario inválidos tienen respuestas mucho más rápidas que los válidos en una petición POST en /v3/auth/tokens. NOTA: el fabricante siente que las ventajas de cambiar esto serían demasiado escasas en relación con la degradación del rendimiento. • https://bugs.launchpad.net/keystone/+bug/1795800 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-14432 – openstack-keystone: Information Exposure through /v3/OS-FEDERATION/projects
https://notcve.org/view.php?id=CVE-2018-14432
In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access, leaking all projects in the deployment and their attributes. Only Keystone with the /v3/OS-FEDERATION endpoint enabled via policy.json is affected. En el componente Federation de OpenStack Keystone en versiones anteriores a la 11.0.4, 12.0.0 y 13.0.0, una petición "GET /v3/OS-FEDERATION/projects" autenticada podría omitir las restricciones de acceso planeadas en los proyectos en lista. Un usuario autenticado podría descubrir proyectos a los que no están autorizados a acceder, filtrando todos los proyectos desplegados y sus atributos. • http://www.openwall.com/lists/oss-security/2018/07/25/2 http://www.securityfocus.com/bid/104930 https://access.redhat.com/errata/RHSA-2018:2523 https://access.redhat.com/errata/RHSA-2018:2533 https://access.redhat.com/errata/RHSA-2018:2543 https://www.debian.org/security/2018/dsa-4275 https://access.redhat.com/security/cve/CVE-2018-14432 https://bugzilla.redhat.com/show_bug.cgi?id=1606868 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-16570 – KeystoneJS < 4.0.0-beta.7 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2017-16570
KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7_KEYJS_03. In other words, it fails to reject requests that lack an x-csrf-token header. KeystoneJS en versiones anteriores a la 4.0.0-beta.7 permite la omisión CSRF de la aplicación mediante la eliminación del parámetro y el valor CSRF. Esto también se conoce como SecureLayer7 issue number SL7_KEYJS_03. En otras palabras, fracasa a la hora de rechazar peticiones que no cuenten con una cabecera x-csrf-token. • https://www.exploit-db.com/exploits/43922 http://blog.securelayer7.net/keystonejs-open-source-penetration-testing-report https://github.com/keystonejs/keystone/issues/4437 https://github.com/keystonejs/keystone/pull/4478 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2017-15881
https://notcve.org/view.php?id=CVE-2017-15881
Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 allows remote authenticated administrators to inject arbitrary web script or HTML via the "content brief" or "content extended" field, a different vulnerability than CVE-2017-15878. Vulnerabilidad Cross-Site Scripting (XSS) en KeystoneJS en versiones anteriores a la 4.0.0-beta.7 permite que administradores autenticados remotos inyecten scripts web o HTML arbitrarios mediante el campo "content brief" o "content extended". Esta es una vulnerabilidad diferente de CVE-2017-15878. • http://blog.securelayer7.net/keystonejs-open-source-penetration-testing-report http://www.securityfocus.com/bid/101541 https://github.com/keystonejs/keystone/issues/4437 https://github.com/keystonejs/keystone/pull/4478 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •