CVSS: 1.9EPSS: 0%CPEs: 3EXPL: 1CVE-2013-4469
https://notcve.org/view.php?id=CVE-2013-4469
OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when use_cow_images is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by transferring an image with a large virtual size that does not contain a large amount of data from Glance. NOTE: this issue is due to an incomplete fix for CVE-2013-2096. OpenStack Compute (Nova) Folsom, Grizzly, y Habana, cuando use_cow_images se establece como False, no verifica el tamaño virtual de una imagen qcow2, que permite a usuarios locales provocar una denegación de servicio (consumo de disco del sistema de archivos host) mediante la transferencia de una imagen con un tamaño virtual grande que no contiene una gran cantidad de datos desde Glance. NOTA: este problema se debe a una corrección incompleta de CVE-2013-2096. • http://www.openwall.com/lists/oss-security/2013/10/31/3 http://www.ubuntu.com/usn/USN-2247-1 https://bugs.launchpad.net/nova/+bug/1206081 • CWE-399: Resource Management Errors •
CVSS: 6.3EPSS: 0%CPEs: 7EXPL: 2CVE-2013-4428 – Glance: image_download policy not enforced for cached images
https://notcve.org/view.php?id=CVE-2013-4428
OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image UUID. OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly con versiones anteriores a 2013.1.4, y Havana con versiones anteriores a 2013.2, cuando se configura la política image_download, no restringe adecuadamente el acceso a las imágenes almacenadas en caché, lo que permite a usuarios remotos autenticados leer de otra manera imágenes restringidas a través de un imagen UUID. • http://rhn.redhat.com/errata/RHSA-2013-1525.html http://www.openwall.com/lists/oss-security/2013/10/15/8 http://www.openwall.com/lists/oss-security/2013/10/16/9 http://www.securityfocus.com/bid/63159 http://www.ubuntu.com/usn/USN-2003-1 https://bugs.launchpad.net/glance/+bug/1235226 https://bugs.launchpad.net/glance/+bug/1235378 https://launchpad.net/glance/+milestone/2013.1.4 https://launchpad.net/glance/+milestone/2013.2 https://access.redhat&# • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0CVE-2013-2013
https://notcve.org/view.php?id=CVE-2013-2013
The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the process. El comando user-password-update en python-keystoneclient anteriores a 0.2.4 acepta la nueva contraseña en el argumento --password, lo que permite a usuarios locales obtener información sensible listando el proceso. • http://www.openwall.com/lists/oss-security/2013/05/23/4 https://bugs.launchpad.net/python-keystoneclient/+bug/938315 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16937 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2013-4222 – OpenStack: Keystone disabling a tenant does not disable a user token
https://notcve.org/view.php?id=CVE-2013-4222
OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token. OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 y anteriores, y Havana anterior havana-3 no revoca correctamente los tokens de usuario cuando un inquilino esta desactivado, lo que permite a los usuarios remotos autenticados conservan el acceso a través del token. • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116489.html http://rhn.redhat.com/errata/RHSA-2013-1524.html http://www.ubuntu.com/usn/USN-2002-1 https://bugs.launchpad.net/ossn/+bug/1179955 https://access.redhat.com/security/cve/CVE-2013-4222 https://bugzilla.redhat.com/show_bug.cgi?id=995598 • CWE-522: Insufficiently Protected Credentials CWE-613: Insufficient Session Expiration •
CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0CVE-2013-4294 – OpenStack: Keystone Token revocation failure using Keystone memcache/KVS backends
https://notcve.org/view.php?id=CVE-2013-4294
The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token. El (1) mamcache y (2) KVS token backends en OpenStack Identity (Keystone) Folsom 2012.2.x y Grizzly anterior a la versión 2013.1.4 no compara correctamente la lista de revocación del token PKI con tokens PKI, lo que permite a atacantes remotos evitar restricciones de acceso a través de un token PKI revocado. • http://osvdb.org/97237 http://rhn.redhat.com/errata/RHSA-2013-1285.html http://seclists.org/oss-sec/2013/q3/586 http://secunia.com/advisories/54706 http://www.ubuntu.com/usn/USN-2002-1 https://bugs.launchpad.net/keystone/+bug/1202952 https://access.redhat.com/security/cve/CVE-2013-4294 https://bugzilla.redhat.com/show_bug.cgi?id=1004452 • CWE-264: Permissions, Privileges, and Access Controls CWE-613: Insufficient Session Expiration •