ALT-PU-2014-3224-1

Обновление пакета openstack-keystone в ветке sisyphus

Версия2014.1.2.1-alt1

Задание#127190

Опубликовано2014-08-14

Макс. серьёзностьMEDIUM

Серьёзность:

Закрытые проблемы (5)

MEDIUM6.0

OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a (1) trust or (2) OAuth token with impersonation enabled to create a new token with additional roles.

Опубликовано: 2014-06-17Изменено: 2025-04-12

CVSS 2.0СРЕДНЯЯ 6.0

CVSS:2.0/AV:N/AC:M/Au:S/C:P/I:P/A:P

Ссылки

MEDIUM6.5

OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust token request.

Опубликовано: 2014-10-26Изменено: 2025-04-12

CVSS 2.0СРЕДНЯЯ 6.5

CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:P

Ссылки

MEDIUM4.0

The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field.

Опубликовано: 2014-10-02Изменено: 2025-04-12

CVSS 2.0СРЕДНЯЯ 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:N/A:N

Ссылки

GHSA-274v-r947-v34r

NONE

OpenStack Identity Keystone is vulnerable to Block delegation escalation of privilege

Опубликовано: 2022-05-13Изменено: 2024-05-14

Ссылки

GHSA-8v8f-vc72-pmhc

NONE

OpenStack Identity Keystone Exposure of Sensitive Information

Опубликовано: 2022-05-13Изменено: 2024-05-14

Ссылки