CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 1CVE-2013-2166 – python-keystoneclient: middleware memcache encryption and signing bypass
https://notcve.org/view.php?id=CVE-2013-2166
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass python-keystoneclient versión 0.2.3 hasta la versión 0.2.5, tiene una omisión de cifrado de memcache del middleware. • http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113944.html http://rhn.redhat.com/errata/RHSA-2013-0992.html http://www.openwall.com/lists/oss-security/2013/06/19/5 http://www.securityfocus.com/bid/60684 https://access.redhat.com/security/cve/cve-2013-2166 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2166 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-2166 https://security-tracker.debian.org/tracker/CVE-2013-2166 https://access.redhat& • CWE-326: Inadequate Encryption Strength CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2013-2161 – Swift: Unchecked user input in Swift XML responses
https://notcve.org/view.php?id=CVE-2013-2161
XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name. Vulnerabilidad de inyección XML en accounts/utils.py en OpenStack Swift Folsom, Grizzly, y Havana, permite a atacantes provocar o suplantar respuestas Swift a través de un nombre de cuenta. • http://lists.opensuse.org/opensuse-updates/2013-07/msg00021.html http://rhn.redhat.com/errata/RHSA-2013-0993.html http://www.debian.org/security/2012/dsa-2737 http://www.openwall.com/lists/oss-security/2013/06/13/4 https://bugs.launchpad.net/swift/+bug/1183884 https://access.redhat.com/security/cve/CVE-2013-2161 https://bugzilla.redhat.com/show_bug.cgi?id=972988 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2013-2157 – openstack-keystone: Authentication bypass when using LDAP backend
https://notcve.org/view.php?id=CVE-2013-2157
OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password. OpenStack Swift Folsom, Grizzly anterior a 2013.1.3 y Havana, cuando utilizan LDAP con binding anónimo, permite a atacantes remotos evitar la autenticación con una contraseña en blanco. • http://rhn.redhat.com/errata/RHSA-2013-0994.html http://rhn.redhat.com/errata/RHSA-2013-1083.html http://www.openwall.com/lists/oss-security/2013/06/13/3 http://www.securityfocus.com/bid/60545 https://access.redhat.com/security/cve/CVE-2013-2157 https://bugzilla.redhat.com/show_bug.cgi?id=971884 • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-2104 – Keystone: Missing expiration check in Keystone PKI token validation
https://notcve.org/view.php?id=CVE-2013-2104
python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires. python-keystoneclient anterior a la versión 0.2.4, tal como se usa en OpenStack Keystone (Folsom), no comprueba adecuadamente la expiración de tokens PKI, lo que permite a usuarios autenticados (1) conservar la utilización de un token después de su expiración, o (2) usar un token revocado una vez expira. • http://lists.opensuse.org/opensuse-updates/2013-06/msg00198.html http://rhn.redhat.com/errata/RHSA-2013-0944.html http://www.openwall.com/lists/oss-security/2013/05/28/7 http://www.ubuntu.com/usn/USN-1851-1 http://www.ubuntu.com/usn/USN-1875-1 https://bugs.launchpad.net/python-keystoneclient/+bug/1179615 https://access.redhat.com/security/cve/CVE-2013-2104 https://bugzilla.redhat.com/show_bug.cgi?id=965852 • CWE-264: Permissions, Privileges, and Access Controls CWE-613: Insufficient Session Expiration •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 1CVE-2013-1977
https://notcve.org/view.php?id=CVE-2013-1977
OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file. OpenStack devstack utiliza permisos de lecturas globales para keystone.conf, lo que permite a usuarios locales obtener información sensible como las contraseñas LDAP y el secreto de admin_token mediante la lectura del archivo. • http://www.openwall.com/lists/oss-security/2013/04/19/2 http://www.openwall.com/lists/oss-security/2013/04/23/7 https://bugs.launchpad.net/devstack/+bug/1168252 • CWE-264: Permissions, Privileges, and Access Controls •