CVE-2017-15878 – KeystoneJS 4.0.0-beta.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-15878
A cross-site scripting (XSS) vulnerability exists in fields/types/markdown/MarkdownType.js in KeystoneJS before 4.0.0-beta.7 via the Contact Us feature. Existe una vulnerabilidad de Cross-Site Scripting (XSS) en fields/types/markdown/MarkdownType.js en KeystoneJS en versiones anteriores a la 4.0.0-beta.7 mediante la característica Contact Us. KeystoneJS version 4.0.0-beta.5 suffers from an unauthenticated stored cross site scripting vulnerability. • https://www.exploit-db.com/exploits/43054 http://blog.securelayer7.net/keystonejs-open-source-penetration-testing-report http://www.securityfocus.com/bid/101541 https://github.com/keystonejs/keystone/pull/4478 https://packetstormsecurity.com/files/144756/KeystoneJS-4.0.0-beta.5-Unauthenticated-Stored-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-15879 – KeystoneJS 4.0.0-beta.5 - CSV Excel Macro Injection
https://notcve.org/view.php?id=CVE-2017-15879
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export. Existe inyección de CSV (también conocido como Excel Macro Injection or Formula Injection) en admin/server/api/download.js y lib/list/getCSVData.js en KeystoneJS en versiones anteriores a la 4.0.0-beta.7 mediante un valor que no se gestiona de manera correcta en una exportación de CSV. KeystoneJS version 4.0.0-beta.5 suffers from an unauthenticated CSV injection vulnerability in admin/server/api/download.js and lib/list/getCSVData.js. • https://www.exploit-db.com/exploits/43053 https://github.com/keystonejs/keystone/pull/4478 https://packetstormsecurity.com/files/144755/KeystoneJS-4.0.0-beta.5-Unauthenticated-CSV-Injection.html • CWE-20: Improper Input Validation •
CVE-2014-5253 – openstack-keystone: domain-scoped tokens don't get revoked
https://notcve.org/view.php?id=CVE-2014-5253
OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain. OpenStack Identity (Keystone) 2014.1.x anterior a 2014.1.2.1 y Juno anterior a Juno-3 no revoca debidamente los tokens cuando un dominio está invalidado, lo que permite a usuarios remotos autenticados conservar el acceso a través de un token 'domain-scoped' para este dominio. It was discovered that domain-scoped tokens were not revoked when a domain was disabled. Only OpenStack Identity setups configured to make use of revocation events were affected. • http://rhn.redhat.com/errata/RHSA-2014-1121.html http://rhn.redhat.com/errata/RHSA-2014-1122.html http://www.openwall.com/lists/oss-security/2014/08/15/6 http://www.ubuntu.com/usn/USN-2324-1 https://bugs.launchpad.net/keystone/+bug/1349597 https://access.redhat.com/security/cve/CVE-2014-5253 https://bugzilla.redhat.com/show_bug.cgi?id=1127253 • CWE-255: Credentials Management Errors CWE-613: Insufficient Session Expiration •
CVE-2014-5252 – openstack-keystone: token expiration date stored incorrectly
https://notcve.org/view.php?id=CVE-2014-5252
The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification (1) GET or (2) HEAD request to v3/auth/tokens/. La API V3 en OpenStack Identity (Keystone) 2014.1.x anterior a 2014.1.2.1 y Juno anterior a Juno-3 actualiza el valor issued_at para los tokens UUID v2, loque permite a usuarios remotos autenticados evadir la caducidad de tokens y conservar el acceso a través de una solicitud (1) GET o (2) HEAD de verificación en v3/auth/tokens/. A flaw was found in keystone revocation events that resulted in the "issued_at" time being updated when a token created by the V2 API was processed by the V3 API. This could allow a user to evade token revocation. Only OpenStack Identity setups configured to make use of revocation events and UUID tokens were affected. • http://rhn.redhat.com/errata/RHSA-2014-1121.html http://rhn.redhat.com/errata/RHSA-2014-1122.html http://www.openwall.com/lists/oss-security/2014/08/15/6 http://www.ubuntu.com/usn/USN-2324-1 https://bugs.launchpad.net/keystone/+bug/1348820 https://access.redhat.com/security/cve/CVE-2014-5252 https://bugzilla.redhat.com/show_bug.cgi?id=1127250 • CWE-255: Credentials Management Errors CWE-613: Insufficient Session Expiration •
CVE-2014-5251 – openstack-keystone: revocation events are broken with mysql
https://notcve.org/view.php?id=CVE-2014-5251
The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token. El controlador de los tokens MySQL en OpenStack Identity (Keystone) 2014.1.x anterior a 2014.1.2.1 y Juno anterior a Juno-3 almacena las marcas del tiempo (timestamps) con la precisión incorrecta, lo que causa que falle la comparación de la caducidad para los tokens y permite a usuarios remotos autenticados conservar el acceso a través de un token caducado. It was found that the MySQL token driver did not correctly store token expiration times, which prevented manual token revocation. Only OpenStack Identity setups configured to make use of revocation events were affected. • http://rhn.redhat.com/errata/RHSA-2014-1121.html http://rhn.redhat.com/errata/RHSA-2014-1122.html http://www.openwall.com/lists/oss-security/2014/08/15/6 http://www.ubuntu.com/usn/USN-2324-1 https://bugs.launchpad.net/keystone/+bug/1347961 https://access.redhat.com/security/cve/CVE-2014-5251 https://bugzilla.redhat.com/show_bug.cgi?id=1127259 • CWE-255: Credentials Management Errors CWE-613: Insufficient Session Expiration •