Search
Search Results (44 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-1572 | 2 Debian, Openstack | 2 Debian Linux, Keystone | 2024-08-06 | 7.5 High |
| OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space | ||||
| CVE-2013-6391 | 3 Canonical, Openstack, Redhat | 3 Ubuntu Linux, Keystone, Openstack | 2024-08-06 | N/A |
| The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2tokens API request. | ||||
| CVE-2013-4294 | 2 Openstack, Redhat | 2 Keystone, Openstack | 2024-08-06 | N/A |
| The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token. | ||||
| CVE-2013-4222 | 4 Canonical, Fedoraproject, Openstack and 1 more | 4 Ubuntu Linux, Fedora, Keystone and 1 more | 2024-08-06 | N/A |
| OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token. | ||||