~/products/debian/keystone

pipeline liveDigest Docs

Debian Keystone vulnerabilities

50 known vulnerabilities affecting debian/keystone.

Total CVEs

50

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH11MEDIUM31LOW8

Vulnerabilities

Page 3 of 3

CVE-2013-2006LOWCVSS 2.1fixed in keystone 2013.1.1-2 (bookworm)2013

CVE-2013-2006 [LOW] CVE-2013-2006: keystone - OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabl... OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file. Scope: local bookworm: resolved (fixed in 2013.1.1-2) bullseye: resolved (fixed in 2013.1.1-2) forky: resolved (fixed in 2013.1.1-2) sid: resolved (fixed i

CVE-2012-1572HIGHCVSS 7.5fixed in keystone 2012.1~rc2-1 (bookworm)2012

CVE-2012-1572 [HIGH] CVE-2012-1572: keystone - OpenStack Keystone: extremely long passwords can crash Keystone by exhausting st... OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space Scope: local bookworm: resolved (fixed in 2012.1~rc2-1) bullseye: resolved (fixed in 2012.1~rc2-1) forky: resolved (fixed in 2012.1~rc2-1) sid: resolved (fixed in 2012.1~rc2-1) trixie: resolved (fixed in 2012.1~rc2-1)

CVE-2012-4456HIGHCVSS 7.5fixed in keystone 2012.1.1-9 (bookworm)2012

CVE-2012-4456 [HIGH] CVE-2012-4456: keystone - The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before... The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the roles for an arbitrary user or get, create, or delete arbitrary services. Scope: local bookworm: resolved (fixed in 2012.1.1-9) bullseye: resolved (fixed in 2012.1.1-9) for

CVE-2012-5571MEDIUMCVSS 5.4fixed in keystone 2012.1.1-11 (bookworm)2012

CVE-2012-5571 [MEDIUM] CVE-2012-5571: keystone - A flaw was found in OpenStack Keystone. This vulnerability allows remote authent... A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 (Elastic Compute Cloud) tokens when a user's role has been removed from a tenant. An attacker can leverage a token associated with a removed user role to gain

CVE-2012-4413MEDIUMCVSS 4.0fixed in keystone 2012.1.1-6 (bookworm)2012

CVE-2012-4413 [MEDIUM] CVE-2012-4413: keystone - OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or... OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles. Scope: local bookworm: resolved (fixed in 2012.1.1-6) bullseye: resolved (fixed in 2012.1.1-6) forky: resolved (fixed in 2012.1.1-6) sid: resolved (fixed in 2012.1.1-6) trixie: resolv

CVE-2012-4457MEDIUMCVSS 4.0fixed in keystone 2012.1.1-9 (bookworm)2012

CVE-2012-4457 [MEDIUM] CVE-2012-4457: keystone - OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not pro... OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant. Scope: local bookworm: resolved (fixed in 2012.1.1-9) bullseye: resolved (fixed in 2012.1.1-9) forky: resolved (fixed in

CVE-2012-3426MEDIUMCVSS 4.9fixed in keystone 2012.1.1-1 (bookworm)2012

CVE-2012-3426 [MEDIUM] CVE-2012-3426: keystone - OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 ... OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging

CVE-2012-3542MEDIUMCVSS 5.8fixed in keystone 2012.1.1-5 (bookworm)2012

CVE-2012-3542 [MEDIUM] CVE-2012-3542: keystone - OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack ... OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that i

CVE-2012-5483LOWCVSS 2.12012

CVE-2012-5483 [LOW] CVE-2012-5483: keystone - tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elast... tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elastic Compute Cloud (Amazon EC2) is configured, uses world-readable permissions for /etc/keystone/ec2rc, which allows local users to obtain access to EC2 services by reading administrative access and secret values from this file. Scope: local bookworm: resolved bullseye: resolved forky: resol

CVE-2012-5563LOWCVSS 4.92012

CVE-2012-5563 [MEDIUM] CVE-2012-5563: keystone - OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implem... OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression. Scope: local bookworm: resolved bullseye: resolved forky: resolved si

← Previous3 / 3

Debian Keystone vulnerabilities | cvebase