CVE-2017-16570 – KeystoneJS < 4.0.0-beta.7 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2017-16570
KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7_KEYJS_03. In other words, it fails to reject requests that lack an x-csrf-token header. KeystoneJS en versiones anteriores a la 4.0.0-beta.7 permite la omisión CSRF de la aplicación mediante la eliminación del parámetro y el valor CSRF. Esto también se conoce como SecureLayer7 issue number SL7_KEYJS_03. En otras palabras, fracasa a la hora de rechazar peticiones que no cuenten con una cabecera x-csrf-token. • https://www.exploit-db.com/exploits/43922 http://blog.securelayer7.net/keystonejs-open-source-penetration-testing-report https://github.com/keystonejs/keystone/issues/4437 https://github.com/keystonejs/keystone/pull/4478 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2017-15881
https://notcve.org/view.php?id=CVE-2017-15881
Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 allows remote authenticated administrators to inject arbitrary web script or HTML via the "content brief" or "content extended" field, a different vulnerability than CVE-2017-15878. Vulnerabilidad Cross-Site Scripting (XSS) en KeystoneJS en versiones anteriores a la 4.0.0-beta.7 permite que administradores autenticados remotos inyecten scripts web o HTML arbitrarios mediante el campo "content brief" o "content extended". Esta es una vulnerabilidad diferente de CVE-2017-15878. • http://blog.securelayer7.net/keystonejs-open-source-penetration-testing-report http://www.securityfocus.com/bid/101541 https://github.com/keystonejs/keystone/issues/4437 https://github.com/keystonejs/keystone/pull/4478 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-15878 – KeystoneJS 4.0.0-beta.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-15878
A cross-site scripting (XSS) vulnerability exists in fields/types/markdown/MarkdownType.js in KeystoneJS before 4.0.0-beta.7 via the Contact Us feature. Existe una vulnerabilidad de Cross-Site Scripting (XSS) en fields/types/markdown/MarkdownType.js en KeystoneJS en versiones anteriores a la 4.0.0-beta.7 mediante la característica Contact Us. KeystoneJS version 4.0.0-beta.5 suffers from an unauthenticated stored cross site scripting vulnerability. • https://www.exploit-db.com/exploits/43054 http://blog.securelayer7.net/keystonejs-open-source-penetration-testing-report http://www.securityfocus.com/bid/101541 https://github.com/keystonejs/keystone/pull/4478 https://packetstormsecurity.com/files/144756/KeystoneJS-4.0.0-beta.5-Unauthenticated-Stored-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-15879 – KeystoneJS 4.0.0-beta.5 - CSV Excel Macro Injection
https://notcve.org/view.php?id=CVE-2017-15879
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export. Existe inyección de CSV (también conocido como Excel Macro Injection or Formula Injection) en admin/server/api/download.js y lib/list/getCSVData.js en KeystoneJS en versiones anteriores a la 4.0.0-beta.7 mediante un valor que no se gestiona de manera correcta en una exportación de CSV. KeystoneJS version 4.0.0-beta.5 suffers from an unauthenticated CSV injection vulnerability in admin/server/api/download.js and lib/list/getCSVData.js. • https://www.exploit-db.com/exploits/43053 https://github.com/keystonejs/keystone/pull/4478 https://packetstormsecurity.com/files/144755/KeystoneJS-4.0.0-beta.5-Unauthenticated-CSV-Injection.html • CWE-20: Improper Input Validation •
CVE-2015-7546
https://notcve.org/view.php?id=CVE-2015-7546
The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers, which allows remote authenticated users to bypass intended access restrictions and gain access to cloud resources by manipulating byte fields within a revoked token. El servicio de identificación en OpenStack Identity (Keystone) en versiones anteriores a 2015.1.3 (Kilo) y 8.0.x en versiones anteriores a 8.0.2 (Liberty) y keystonemiddleware (anteriormente python-keystoneclient) en versiones anteriores a 1.5.4 (Kilo) y Liberty en versiones anteriores a 2.3.3 no invalida correctamente los tokens de autorización cuando utiliza los proveedores de token PKI o PKIZ, lo que permite a usuarios remotos autenticados eludir las restricciones de acceso previstas y obtener acceso a recursos de la nube manipulando los campos byte dentro de un token revocado. • http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/80498 https://bugs.launchpad.net/keystone/+bug/1490804 https://security.openstack.org/ossa/OSSA-2016-005.html https://wiki.openstack.org/wiki/OSSN/OSSN-0062 • CWE-522: Insufficiently Protected Credentials •