ALT Linux Team

Package openstack-keystone update in sisyphus on 2016-03-28

ALT-PU-2016-3308-1

Package openstack-keystone updated to version 8.1.0-alt1 for branch sisyphus in task 162066.

Closed vulnerabilities

Published: 2016-02-03
Modified: 2025-04-12

CVE-2015-7546

The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers, which allows remote authenticated users to bypass intended access restrictions and gain access to cloud resources by manipulating byte fields within a revoked token.

Severity: MEDIUM (6.0)Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2022-05-13
Modified: 2024-09-28

GHSA-8c4w-v65p-jvcv

OpenStack Identity Keystone and keystonemiddleware Insufficiently Protected Credentials

Severity: HIGH (8.6)Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH (8.6)Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References:
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: 2.1.2
Back to top