CVE-2018-14432 – openstack-keystone: Information Exposure through /v3/OS-FEDERATION/projects
https://notcve.org/view.php?id=CVE-2018-14432
In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access, leaking all projects in the deployment and their attributes. Only Keystone with the /v3/OS-FEDERATION endpoint enabled via policy.json is affected. En el componente Federation de OpenStack Keystone en versiones anteriores a la 11.0.4, 12.0.0 y 13.0.0, una petición "GET /v3/OS-FEDERATION/projects" autenticada podría omitir las restricciones de acceso planeadas en los proyectos en lista. Un usuario autenticado podría descubrir proyectos a los que no están autorizados a acceder, filtrando todos los proyectos desplegados y sus atributos. • http://www.openwall.com/lists/oss-security/2018/07/25/2 http://www.securityfocus.com/bid/104930 https://access.redhat.com/errata/RHSA-2018:2523 https://access.redhat.com/errata/RHSA-2018:2533 https://access.redhat.com/errata/RHSA-2018:2543 https://www.debian.org/security/2018/dsa-4275 https://access.redhat.com/security/cve/CVE-2018-14432 https://bugzilla.redhat.com/show_bug.cgi?id=1606868 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-16570 – KeystoneJS < 4.0.0-beta.7 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2017-16570
KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7_KEYJS_03. In other words, it fails to reject requests that lack an x-csrf-token header. KeystoneJS en versiones anteriores a la 4.0.0-beta.7 permite la omisión CSRF de la aplicación mediante la eliminación del parámetro y el valor CSRF. Esto también se conoce como SecureLayer7 issue number SL7_KEYJS_03. En otras palabras, fracasa a la hora de rechazar peticiones que no cuenten con una cabecera x-csrf-token. • https://www.exploit-db.com/exploits/43922 http://blog.securelayer7.net/keystonejs-open-source-penetration-testing-report https://github.com/keystonejs/keystone/issues/4437 https://github.com/keystonejs/keystone/pull/4478 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2017-15881
https://notcve.org/view.php?id=CVE-2017-15881
Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 allows remote authenticated administrators to inject arbitrary web script or HTML via the "content brief" or "content extended" field, a different vulnerability than CVE-2017-15878. Vulnerabilidad Cross-Site Scripting (XSS) en KeystoneJS en versiones anteriores a la 4.0.0-beta.7 permite que administradores autenticados remotos inyecten scripts web o HTML arbitrarios mediante el campo "content brief" o "content extended". Esta es una vulnerabilidad diferente de CVE-2017-15878. • http://blog.securelayer7.net/keystonejs-open-source-penetration-testing-report http://www.securityfocus.com/bid/101541 https://github.com/keystonejs/keystone/issues/4437 https://github.com/keystonejs/keystone/pull/4478 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-15878 – KeystoneJS 4.0.0-beta.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-15878
A cross-site scripting (XSS) vulnerability exists in fields/types/markdown/MarkdownType.js in KeystoneJS before 4.0.0-beta.7 via the Contact Us feature. Existe una vulnerabilidad de Cross-Site Scripting (XSS) en fields/types/markdown/MarkdownType.js en KeystoneJS en versiones anteriores a la 4.0.0-beta.7 mediante la característica Contact Us. KeystoneJS version 4.0.0-beta.5 suffers from an unauthenticated stored cross site scripting vulnerability. • https://www.exploit-db.com/exploits/43054 http://blog.securelayer7.net/keystonejs-open-source-penetration-testing-report http://www.securityfocus.com/bid/101541 https://github.com/keystonejs/keystone/pull/4478 https://packetstormsecurity.com/files/144756/KeystoneJS-4.0.0-beta.5-Unauthenticated-Stored-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-15879 – KeystoneJS 4.0.0-beta.5 - CSV Excel Macro Injection
https://notcve.org/view.php?id=CVE-2017-15879
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export. Existe inyección de CSV (también conocido como Excel Macro Injection or Formula Injection) en admin/server/api/download.js y lib/list/getCSVData.js en KeystoneJS en versiones anteriores a la 4.0.0-beta.7 mediante un valor que no se gestiona de manera correcta en una exportación de CSV. KeystoneJS version 4.0.0-beta.5 suffers from an unauthenticated CSV injection vulnerability in admin/server/api/download.js and lib/list/getCSVData.js. • https://www.exploit-db.com/exploits/43053 https://github.com/keystonejs/keystone/pull/4478 https://packetstormsecurity.com/files/144755/KeystoneJS-4.0.0-beta.5-Unauthenticated-CSV-Injection.html • CWE-20: Improper Input Validation •