CVE-2014-2828
published 2014-04-15CVE-2014-2828: The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU…
high7.8CVSS 3.1
AVNACLAuNCNINAC
The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the same authentication method in a request, aka "authentication chaining."
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | keystone | < keystone 2014.1-1 (bookworm) | keystone 2014.1-1 (bookworm) |
| openstack | keystone | — | — |
| openstack | keystone | — | — |
| openstack | keystone | — | — |
| openstack | keystone | — | — |
| openstack | keystone | — | — |
| openstack | keystone | — | — |
| openstack | keystone | — | — |
| openstack | keystone | — | — |
| openstack | keystone | >= 0 < 2014.1-1 | 2014.1-1 |
| openstack | keystone | >= 0 < 2014.1-1 | 2014.1-1 |
| openstack | keystone | >= 0 < 2014.1-1 | 2014.1-1 |
| openstack | keystone | >= 0 < 2014.1-1 | 2014.1-1 |
| openstack | keystone | >= 0 < 8.0.0a0 | 8.0.0a0 |
CVSS provenance
nvd7.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
osv7.8HIGH