CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2015-7546
https://notcve.org/view.php?id=CVE-2015-7546
The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers, which allows remote authenticated users to bypass intended access restrictions and gain access to cloud resources by manipulating byte fields within a revoked token. El servicio de identificación en OpenStack Identity (Keystone) en versiones anteriores a 2015.1.3 (Kilo) y 8.0.x en versiones anteriores a 8.0.2 (Liberty) y keystonemiddleware (anteriormente python-keystoneclient) en versiones anteriores a 1.5.4 (Kilo) y Liberty en versiones anteriores a 2.3.3 no invalida correctamente los tokens de autorización cuando utiliza los proveedores de token PKI o PKIZ, lo que permite a usuarios remotos autenticados eludir las restricciones de acceso previstas y obtener acceso a recursos de la nube manipulando los campos byte dentro de un token revocado. • http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/80498 https://bugs.launchpad.net/keystone/+bug/1490804 https://security.openstack.org/ossa/OSSA-2016-005.html https://wiki.openstack.org/wiki/OSSN/OSSN-0062 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.0EPSS: 1%CPEs: 2EXPL: 1CVE-2013-2059
https://notcve.org/view.php?id=CVE-2013-2059
OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token. OpenStack Identity (Keystone) Folsom 2012.2.4 y anteriores, Grizzly anterior a 2013.1.1, y Havana no revocan inmediatamente el token de autenticación cuando se elimina un usuario a través de la API Keystone v2, lo que permite a usuarios autenticados remotamente mantener el acceso a través del token. • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106220.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00085.html http://osvdb.org/93134 http://secunia.com/advisories/53326 http://secunia.com/advisories/53339 http://www.openwall.com/lists/oss-security/2013/05/09/3 http://www.openwall.com/lists/oss-security/2013/05/09/4 http://www.securityfocus.com/bid/59787 https:/ • CWE-287: Improper Authentication •
CVSS: 5.0EPSS: 1%CPEs: 5EXPL: 0CVE-2013-0270 – Keystone: Large HTTP request DoS
https://notcve.org/view.php?id=CVE-2013-0270
OpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a large HTTP request, as demonstrated by a long tenant_name when requesting a token. OpenStack Keystone Grizzly antes de v2013.1, Folsom, y posiblemente versiones anteriores permite a atacantes remotos provocar una denegación de servicio (excesivo consumo de memoria y CPU) a través de una petición HTTP demasiado larga, tal y como lo demuestra un tenant_name demasiado largo al solicitar un token. • http://rhn.redhat.com/errata/RHSA-2013-0708.html https://bugs.launchpad.net/keystone/+bug/1099025 https://bugzilla.redhat.com/show_bug.cgi?id=909012 https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8 https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276d6fdc https://launchpad.net/keystone/grizzly/2013.1 https://access.redhat.com/security/cve/CVE-2013-0270 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2013-0282 – Keystone: EC2-style authentication accepts disabled user/tenants
https://notcve.org/view.php?id=CVE-2013-0282
OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions. OpenStack Keystone Grizzly antes de v2013.1, Folsom v2012.1.3 y anteriores, y Essex no comprueba correctamente si (1) el usuario, (2) el inquilino, o (3) el dominio está habilitada cuando se utiliza autenticación EC2-style, lo que permite eludir restricciones de acceso a atacantes dependientes del contexto. • http://www.openwall.com/lists/oss-security/2013/02/19/3 https://bugs.launchpad.net/keystone/+bug/1121494 https://launchpad.net/keystone/+milestone/2012.2.4 https://launchpad.net/keystone/grizzly/2013.1 https://review.openstack.org/#/c/22319 https://review.openstack.org/#/c/22320 https://review.openstack.org/#/c/22321 https://access.redhat.com/security/cve/CVE-2013-0282 https://bugzilla.redhat.com/show_bug.cgi?id=910928 • CWE-287: Improper Authentication •
CVSS: 5.0EPSS: 1%CPEs: 5EXPL: 0CVE-2013-0247 – Keystone: denial of service through invalid token requests
https://notcve.org/view.php?id=CVE-2013-0247
OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service (disk consumption) via many invalid token requests that trigger excessive generation of log entries. OpenStack Keystone Essex v2012.1.3 y anteriores, y Grizzly grizzly-2 y anteriores permiten a atacantes remotos generar una denegación de servicio (consumo de disco) mediante una solicitud de token inválida que genera una excesiva cantidad de entradas de registro. • http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098906.html http://rhn.redhat.com/errata/RHSA-2013-0253.html http://www.securityfocus.com/bid/57747 http://www.ubuntu.com/usn/USN-1715-1 https://bugs.launchpad.net/keystone/+bug/1098307 https://bugzilla.redhat.com/show_bug.cgi?id=906171 https://access.redhat.com/security/cve/CVE-2013-0247 • CWE-399: Resource Management Errors •