CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 1CVE-2014-3476 – openstack-keystone: privilege escalation through trust chained delegation
https://notcve.org/view.php?id=CVE-2014-3476
17 Jun 2014 — OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a (1) trust or (2) OAuth token with impersonation enabled to create a new token with additional roles. OpenStack Identity (Keystone) anterior a 2013.2.4, 2014.1 anterior a 2014.1.2, y Juno anterior a Juno-2 no maneja debidamente la delegación encadenada, lo que permite a usuarios remotos autenticado... • http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00031.html • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0CVE-2013-2014
https://notcve.org/view.php?id=CVE-2013-2014
02 Jun 2014 — OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests. OpenStack Identity (Keystone) anterior a 2013.1 permite a atacantes remotos causar una denegación de servicio (consumo de memoria y caída) a través de múltiples solicitudes largas. • http://lists.fedoraproject.org/pipermail/package-announce/2013-July/111914.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2014-2828 – openstack-keystone: denial of service via V3 API authentication chaining
https://notcve.org/view.php?id=CVE-2014-2828
15 Apr 2014 — The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the same authentication method in a request, aka "authentication chaining." La API V3 en OpenStack Identity (Keystone) 2013.1 anterior a 2013.2.4 y icehouse anterior a icehouse-rc2 permite a atacantes remotos causar una denegación de servicio (consumo de CPU) a través de un número grande del mismo método de autenticac... • http://rhn.redhat.com/errata/RHSA-2014-1688.html • CWE-287: Improper Authentication CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.1EPSS: 0%CPEs: 6EXPL: 0CVE-2014-2237 – openstack-keystone: trustee token revocation does not work with memcache backend
https://notcve.org/view.php?id=CVE-2014-2237
01 Apr 2014 — The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being invalidated by bulk token revocation and allows the trustee to bypass intended access restrictions. El memcache token backend en OpenStack Identity (Keystone) 2013.1 hasta 2.013.1.4, 2013.2 hasta 2013.2.2 y icehouse... • http://rhn.redhat.com/errata/RHSA-2014-0580.html • CWE-264: Permissions, Privileges, and Access Controls CWE-613: Insufficient Session Expiration •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2013-6391 – Keystone: trust circumvention through EC2-style tokens
https://notcve.org/view.php?id=CVE-2013-6391
14 Dec 2013 — The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2tokens API request. La API ec2tokens en OpenStack Identity (Keystone) anterior a de Havana 2013.2.1 y Icehouse anterior Icehouse-2 no devuelve una token de confianza de ámbito cuando se recibe uno, lo que permite a lo... • http://rhn.redhat.com/errata/RHSA-2014-0089.html • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2013-4222 – OpenStack: Keystone disabling a tenant does not disable a user token
https://notcve.org/view.php?id=CVE-2013-4222
30 Sep 2013 — OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token. OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 y anteriores, y Havana anterior havana-3 no revoca correctamente los tokens de usuario cuando un inquilino esta desactivado, lo que permite a los usuarios remotos autenticados conservan el acceso a través del token. The openst... • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116489.html • CWE-522: Insufficiently Protected Credentials CWE-613: Insufficient Session Expiration •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2013-4294 – OpenStack: Keystone Token revocation failure using Keystone memcache/KVS backends
https://notcve.org/view.php?id=CVE-2013-4294
23 Sep 2013 — The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token. El (1) mamcache y (2) KVS token backends en OpenStack Identity (Keystone) Folsom 2012.2.x y Grizzly anterior a la versión 2013.1.4 no compara correctamente la lista de revocación del token PKI con tokens PKI, lo que permite a a... • http://osvdb.org/97237 • CWE-264: Permissions, Privileges, and Access Controls CWE-613: Insufficient Session Expiration •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2013-2157 – openstack-keystone: Authentication bypass when using LDAP backend
https://notcve.org/view.php?id=CVE-2013-2157
14 Jun 2013 — OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password. OpenStack Swift Folsom, Grizzly anterior a 2013.1.3 y Havana, cuando utilizan LDAP con binding anónimo, permite a atacantes remotos evitar la autenticación con una contraseña en blanco. Eoghan Glynn and Alex Meade discovered that Keystone did not properly perform expiry checks for the PKI tokens used in Keystone. If Keystone were setu... • http://rhn.redhat.com/errata/RHSA-2013-0994.html • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2013-2006 – keystone: DEBUG level LDAP password disclosure in log files
https://notcve.org/view.php?id=CVE-2013-2006
21 May 2013 — OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file. OpenStack Identity (Keystone) Grizzly 2013.1.1 cuando el modo DEBUG para el login está activado, registra (1) admin_token and (2) LDAP password en texto plano, lo que permite a usuarios locales obtener información sensible leyendo el archivo de log. • https://github.com/LogSec/CVE-2013-2006 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 1CVE-2013-2059
https://notcve.org/view.php?id=CVE-2013-2059
21 May 2013 — OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token. OpenStack Identity (Keystone) Folsom 2012.2.4 y anteriores, Grizzly anterior a 2013.1.1, y Havana no revocan inmediatamente el token de autenticación cuando se elimina un usuario a través de la API Keystone v2, lo que permite a usuarios auten... • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html • CWE-287: Improper Authentication •