Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openstack keystone vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2013-2014
OpenStack Identity (Keystone) prior to 2013.1 allows remote malicious users to cause a denial of service (memory consumption and crash) via multiple long requests.
Openstack Keystone
Fedoraproject Fedora 19
445
VMScore
CVE-2013-0270
OpenStack Keystone Grizzly prior to 2013.1, Folsom, and possibly earlier allows remote malicious users to cause a denial of service (CPU and memory consumption) via a large HTTP request, as demonstrated by a long tenant_name when requesting a token.
Openstack Keystone
Openstack Keystone 2013.1
445
VMScore
CVE-2013-0282
OpenStack Keystone Grizzly prior to 2013.1, Folsom 2012.1.3 and previous versions, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent malicious users to bypass access restrict...
Openstack Keystone
Openstack Keystone 2013.1
445
VMScore
CVE-2013-0247
OpenStack Keystone Essex 2012.1.3 and previous versions, Folsom 2012.2.3 and previous versions, and Grizzly grizzly-2 and previous versions allows remote malicious users to cause a denial of service (disk consumption) via many invalid token requests that trigger excessive generat...
Openstack Keystone
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 12.10
436
VMScore
CVE-2014-5251
The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x prior to 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expi...
Openstack Keystone Juno-2
Openstack Keystone 2014.1.2
Canonical Ubuntu Linux 14.04
Openstack Keystone 2014.1
Openstack Keystone Juno-1
436
VMScore
CVE-2014-5252
The V3 API in OpenStack Identity (Keystone) 2014.1.x prior to 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification (1) GET or (2) HEAD request ...
Openstack Keystone Juno-2
Openstack Keystone 2014.1.2
Canonical Ubuntu Linux 14.04
Openstack Keystone 2014.1
Openstack Keystone Juno-1
436
VMScore
CVE-2014-5253
OpenStack Identity (Keystone) 2014.1.x prior to 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain.
Openstack Keystone Juno-2
Openstack Keystone 2014.1.2
Canonical Ubuntu Linux 14.04
Openstack Keystone 2014.1
Openstack Keystone Juno-1
436
VMScore
CVE-2012-3426
OpenStack Keystone prior to 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chai...
Openstack Essex
Openstack Keystone 2012.1
Openstack Horizon Folsom-1
Openstack Keystone 2012.1.1
383
VMScore
CVE-2013-2255
HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.
Redhat Openstack 4.0
Openstack Compute 2013.1
Redhat Openstack 3.0
Openstack Keystone 2013
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
383
VMScore
CVE-2014-7144
OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x prior to 0.11.0 and 1.x prior to 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote maliciou...
Openstack Keystonemiddleware 1.1.1
Openstack Python-keystoneclient
Openstack Keystonemiddleware 1.0.0
Openstack Keystonemiddleware 1.1.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »