Vulnerabilities > Openstack > Keystone > 10.0.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-06-17 | CVE-2014-3476 | Improper Privilege Management vulnerability in multiple products OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a (1) trust or (2) OAuth token with impersonation enabled to create a new token with additional roles. | 6.0 |
2014-06-02 | CVE-2013-2014 | Improper Input Validation vulnerability in multiple products OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests. | 5.0 |
2013-12-14 | CVE-2013-6391 | Improper Privilege Management vulnerability in multiple products The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2tokens API request. | 5.8 |