CVE-2015-7546
- EPSS 1.71%
- Veröffentlicht 03.02.2016 18:59:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorizat...
- EPSS 2.88%
- Veröffentlicht 12.05.2015 19:59:26
- Zuletzt bearbeitet 06.05.2026 22:30:45
OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keys...
CVE-2014-0204
- EPSS 1.39%
- Veröffentlicht 03.11.2014 23:55:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID.
CVE-2014-3520
- EPSS 1.91%
- Veröffentlicht 26.10.2014 20:55:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust ...
- EPSS 2.11%
- Veröffentlicht 02.10.2014 14:55:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the pub...
CVE-2014-5253
- EPSS 1.49%
- Veröffentlicht 25.08.2014 14:55:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain.
CVE-2014-5252
- EPSS 1.52%
- Veröffentlicht 25.08.2014 14:55:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification ...
CVE-2014-5251
- EPSS 1.59%
- Veröffentlicht 25.08.2014 14:55:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users ...
- EPSS 2.31%
- Veröffentlicht 17.06.2014 14:55:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a (1) trust or (2) OAuth token with im...
- EPSS 3.24%
- Veröffentlicht 02.06.2014 15:55:09
- Zuletzt bearbeitet 06.05.2026 22:30:45
OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests.