Search criteria
45 vulnerabilities found for essex by openstack
FKIE_CVE-2013-1838
Vulnerability from fkie_nvd - Published: 2013-03-22 21:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openstack | essex | 2012.1 | |
| openstack | folsom | 2012.2 | |
| openstack | grizzly | 2012.2 | |
| canonical | ubuntu_linux | 11.10 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 12.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E76B76AB-D744-4163-8615-7BA18ABB1347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:grizzly:2012.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D5C8DE-FC66-4787-A65B-CA921881DF67",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function."
},
{
"lang": "es",
"value": "OpenStack Compute (Nova) Grizzly, Folsom (versi\u00f3n 2012.2) y Essex (versi\u00f3n 2012.1) no implementan apropiadamente una cuota para direcciones IP fijas, lo que permite a los usuarios autenticados remotos causar una denegaci\u00f3n de servicio (agotamiento de recursos y fallo para crear nuevas instancias) por medio de un gran n\u00famero de llamadas a la funci\u00f3n addFixedIp."
}
],
"evaluatorImpact": "Per http://www.ubuntu.com/usn/usn-1771-1/\r\n\"A security issue affects these releases of Ubuntu and its derivatives:\r\n\r\nUbuntu 12.10\r\nUbuntu 12.04 LTS\r\nUbuntu 11.10\"",
"id": "CVE-2013-1838",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-22T21:55:01.453",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/91303"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0709.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52580"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52728"
},
{
"source": "secalert@redhat.com",
"url": "http://ubuntu.com/usn/usn-1771-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/03/14/18"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/58492"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/nova/+bug/1125468"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=919648"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82877"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.launchpad.net/openstack/msg21892.html"
},
{
"source": "secalert@redhat.com",
"url": "https://review.openstack.org/#/c/24451/"
},
{
"source": "secalert@redhat.com",
"url": "https://review.openstack.org/#/c/24452/"
},
{
"source": "secalert@redhat.com",
"url": "https://review.openstack.org/#/c/24453/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/91303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0709.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52728"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ubuntu.com/usn/usn-1771-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/03/14/18"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/58492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/nova/+bug/1125468"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=919648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.launchpad.net/openstack/msg21892.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://review.openstack.org/#/c/24451/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://review.openstack.org/#/c/24452/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://review.openstack.org/#/c/24453/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-0335
Vulnerability from fkie_nvd - Published: 2013-03-22 21:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openstack | essex | 2012.1 | |
| openstack | folsom | 2012.2 | |
| openstack | grizzly | 2012.2 | |
| canonical | ubuntu_linux | 11.10 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 12.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E76B76AB-D744-4163-8615-7BA18ABB1347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:grizzly:2012.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D5C8DE-FC66-4787-A65B-CA921881DF67",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port."
},
{
"lang": "es",
"value": "OpenStack Compute (Nova) Grizzly, Folsom (v2012.2) y Essex (v2012.1) permite a usuarios remotos autenticados acceder a una m\u00e1quina virtual en circunstancias oportunistas utilizando el token VNC para eliminar una m\u00e1quina virtual que se dirig\u00eda al mismo puerto VNC."
}
],
"evaluatorImpact": "Per http://www.ubuntu.com/usn/USN-1771-1/\r\n\"A security issue affects these releases of Ubuntu and its derivatives:\r\n\r\nUbuntu 12.10\r\nUbuntu 12.04 LTS\r\nUbuntu 11.10\"",
"id": "CVE-2013-0335",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-22T21:55:00.880",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0709.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52337"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52728"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/02/26/7"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/90657"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1771-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/nova/+bug/1125378"
},
{
"source": "secalert@redhat.com",
"url": "https://review.openstack.org/#/c/22086/"
},
{
"source": "secalert@redhat.com",
"url": "https://review.openstack.org/#/c/22758"
},
{
"source": "secalert@redhat.com",
"url": "https://review.openstack.org/#/c/22872/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0709.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52728"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/02/26/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/90657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1771-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/nova/+bug/1125378"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://review.openstack.org/#/c/22086/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://review.openstack.org/#/c/22758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://review.openstack.org/#/c/22872/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-0261
Vulnerability from fkie_nvd - Published: 2013-03-08 21:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
(1) installer/basedefs.py and (2) modules/ospluginutils.py in PackStack allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:essex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEEA665A-AE0F-4C48-87F0-83F3EB4E65CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BA13BC-F088-45AA-AD10-B74F89CE5375",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "(1) installer/basedefs.py and (2) modules/ospluginutils.py in PackStack allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp."
},
{
"lang": "es",
"value": "(1) installer/basedefs.py y (2) modules/ospluginutils.py en PackStack permite a los usuarios locales sobreescribir ficheros de su elecci\u00f3n mediante un ataque de enlaces simb\u00f3licos en un archivo temporal con un nombre predecible en /tmp.\r\n"
}
],
"evaluatorImpact": "Per http://rhn.redhat.com/errata/RHSA-2013-0595.html these are the affected products:\r\n\r\nRed Hat OpenStack Essex\r\nRed Hat OpenStack Folsom",
"id": "CVE-2013-0261",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-08T21:55:01.947",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0595.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0595.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908101"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-0266
Vulnerability from fkie_nvd - Published: 2013-03-08 21:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:essex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEEA665A-AE0F-4C48-87F0-83F3EB4E65CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BA13BC-F088-45AA-AD10-B74F89CE5375",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files."
},
{
"lang": "es",
"value": "manifests/base.pp en el m\u00f3dulo puppetlabs-cinder, tal como se utiliza en PackStack le da permisos de lectura para todo el mundo a los archovs de configuraci\u00f3n (1) cinder.conf y (2) api-paste.ini, lo que permite a usuarios locales leer contrase\u00f1as de administarci\u00f3n de OpenStack mediante la lectura de dichos archivos.\r\n"
}
],
"id": "CVE-2013-0266",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-08T21:55:01.960",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0595.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908581"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/puppetlabs/puppetlabs-cinder/commit/7da792fbd40c0e6eae1ee093aa00e0b177bd2ebc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0595.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/puppetlabs/puppetlabs-cinder/commit/7da792fbd40c0e6eae1ee093aa00e0b177bd2ebc"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-0208
Vulnerability from fkie_nvd - Published: 2013-02-13 16:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openstack | essex | - | |
| openstack | folsom | - | |
| canonical | ubuntu_linux | 11.10 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 12.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:essex:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEEA665A-AE0F-4C48-87F0-83F3EB4E65CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BA13BC-F088-45AA-AD10-B74F89CE5375",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users\u0027 volumes via a volume id in the block_device_mapping parameter."
},
{
"lang": "es",
"value": "La funci\u00f3n de arranque de volumen en OpenStack Compute (Nova) Folsom y Essex, al utilizar NOVA-vol\u00famenes, permite a usuarios remotos autenticados para arrancar desde vol\u00famenes de otros usuarios a trav\u00e9s de un identificador de volumen en el par\u00e1metro block_device_mapping."
}
],
"evaluatorComment": "Per http://www.ubuntu.com/usn/USN-1709-1/\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\nUbuntu 12.10\r\nUbuntu 12.04 LTS\r\nUbuntu 11.10\r\n",
"id": "CVE-2013-0208",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-13T16:55:01.617",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/89661"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0208.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51963"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51992"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/01/29/9"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/57613"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1709-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/nova/+bug/1069904"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=902629"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81697"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/openstack/nova/commit/243d516cea9d3caa5a8267b12d2f577dcb24193b"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/openstack/nova/commit/317cc0af385536dee43ef2addad50a91357fc1ad"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/89661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0208.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/01/29/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/57613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1709-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/nova/+bug/1069904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=902629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/openstack/nova/commit/243d516cea9d3caa5a8267b12d2f577dcb24193b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/openstack/nova/commit/317cc0af385536dee43ef2addad50a91357fc1ad"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-5571
Vulnerability from fkie_nvd - Published: 2012-12-18 01:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E76B76AB-D744-4163-8615-7BA18ABB1347",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role."
},
{
"lang": "es",
"value": "OpenStack Keystone Essex (2012.1) and Folsom (2012.2) no controlan correctamente los token EC2 cuando la funci\u00f3n de usuario se ha eliminado de un inquilino, lo que permite a usuarios autenticados remotamente eludir las restricciones previstas al aprovechar un token para la funci\u00f3n de usuario eliminado."
}
],
"id": "CVE-2012-5571",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-12-18T01:55:03.570",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1556.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1557.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51423"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51436"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/5"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/56726"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1641-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugs.launchpad.net/keystone/+bug/1064914"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80333"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713b"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1556.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1557.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/56726"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1641-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugs.launchpad.net/keystone/+bug/1064914"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80333"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-5482
Vulnerability from fkie_nvd - Published: 2012-11-11 13:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E76B76AB-D744-4163-8615-7BA18ABB1347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC5343C7-8EBD-49A5-8423-22F88DE0CBD2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573."
},
{
"lang": "es",
"value": "v2 API en OpenStack Glance Grizzly, Folsom (2012.2)y Essex (2012.1), permite a usuarios remotos autenticados, borrar im\u00e1genes no protegidas de su elecci\u00f3n a trav\u00e9s de una petici\u00f3n de borrado de imagen. NOTA: Esta vulnerabilidad existe por una soluci\u00f3n incompleta para CVE-2012-4573."
}
],
"id": "CVE-2012-5482",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-11-11T13:00:59.620",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/87248"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51174"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/07/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/08/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/56437"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/glance/+bug/1076506"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80019"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/87248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/07/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/08/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/56437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/glance/+bug/1076506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-4573
Vulnerability from fkie_nvd - Published: 2012-11-11 13:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E76B76AB-D744-4163-8615-7BA18ABB1347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:image_registry_and_delivery_service_\\(glance\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC5343C7-8EBD-49A5-8423-22F88DE0CBD2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482."
},
{
"lang": "es",
"value": "La API v1 en OpenStack Vistazo Grizzly, Folsom (2.012,2) y Essex (2012.1) permite a usuarios autenticados remotamente borrar im\u00e1genes de su elecci\u00f3n no protegidas a trav\u00e9s de una solicitud de eliminaci\u00f3n de im\u00e1genes, una vulnerabilidad diferente a CVE-2012-5482."
}
],
"id": "CVE-2012-4573",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-11-11T13:00:58.883",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/87248"
},
{
"source": "secalert@redhat.com",
"url": "http://packetstormsecurity.com/files/118733/Red-Hat-Security-Advisory-2012-1558-01.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1558.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51174"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51234"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/07/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/56437"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1626-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1626-2"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/glance/+bug/1065187"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79895"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/openstack/glance/commit/6ab0992e5472ae3f9bef0d2ced41030655d9d2bc"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/openstack/glance/commit/90bcdc5a89e350a358cf320a03f5afe99795f6f6"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/openstack/glance/commit/efd7e75b1f419a52c7103c7840e24af8e5deb29d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/87248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/118733/Red-Hat-Security-Advisory-2012-1558-01.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1558.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51174"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51234"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/07/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/56437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1626-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1626-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/glance/+bug/1065187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/openstack/glance/commit/6ab0992e5472ae3f9bef0d2ced41030655d9d2bc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/openstack/glance/commit/90bcdc5a89e350a358cf320a03f5afe99795f6f6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/openstack/glance/commit/efd7e75b1f419a52c7103c7840e24af8e5deb29d"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-3542
Vulnerability from fkie_nvd - Published: 2012-09-05 23:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FDB43F-B315-4F68-9D86-B644F2D4DF9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:folsom-3:*:*:*:*:*:*:*",
"matchCriteriaId": "95F66BD8-E885-4C11-B41D-8D3004BF106D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user\u0027s default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540."
},
{
"lang": "es",
"value": "OpenStack Keystone, tal como se utiliza en OpenStack Folsom Folsom antes-rc1 y OpenStack Essex (2012.1), permite a atacantes remotos a\u00f1adir un usuario arbitrario a trav\u00e9s de una solicitud para actualizar el usuario por defecto para la API de administraci\u00f3n. NOTA: este identificador originalmente fue incorrectamente asignado a otro problema, pero el identificador correcto es CVE-2012-3540."
}
],
"id": "CVE-2012-3542",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-05T23:55:02.523",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50467"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50494"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/08/30/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/55326"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1552-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/keystone/+bug/1040626"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/openstack/keystone/commit/5438d3b5a219d7c8fa67e66e538d325a61617155"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/openstack/keystone/commit/c13d0ba606f7b2bdc609a7f388334e5efec3f3aa"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.launchpad.net/openstack/msg16282.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/08/30/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1552-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/keystone/+bug/1040626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/openstack/keystone/commit/5438d3b5a219d7c8fa67e66e538d325a61617155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/openstack/keystone/commit/c13d0ba606f7b2bdc609a7f388334e5efec3f3aa"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.launchpad.net/openstack/msg16282.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-3426
Vulnerability from fkie_nvd - Published: 2012-07-31 10:45 - Updated: 2025-04-11 00:51
Severity ?
Summary
OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:essex:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F50B9DA6-B071-4B48-A486-54CB3E64AE58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:horizon:folsom-1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E72EACB-1FA6-4F1D-A3C8-D255C705AAAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:keystone:2012.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8DACEFF0-BA6A-4184-A1AB-397438034AF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openstack:keystone:2012.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5BD2FC1-7C36-4532-813A-DED5F0BD1FFF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password."
},
{
"lang": "es",
"value": "OpenStack Keystone antes de v2012.1.1, como se usa en OpenStack Folsom antes de Folsom-1 y OpenStack Essex, no implementan apropiadamente la expiraci\u00f3n de los token, lo que permite a usuarios autenticados remotamente evitar restricciones de acceso (1) creando nuevos token a trav\u00e9s de la cadena de token, (2) aprovechando la posesi\u00f3n de un token de una cuenta de usuario deshabilitada o (3) aprovechando la posesi\u00f3n de un token de una cuenta con una contrase\u00f1a cambiada"
}
],
"id": "CVE-2012-3426",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-07-31T10:45:42.670",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626"
},
{
"source": "secalert@redhat.com",
"url": "http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d"
},
{
"source": "secalert@redhat.com",
"url": "http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/50045"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/50494"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/27/4"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1552-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/keystone/+bug/996595"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/keystone/+bug/997194"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/keystone/+bug/998185"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/27/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1552-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/keystone/+bug/996595"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/keystone/+bug/997194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/keystone/+bug/998185"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2013-1838 (GCVE-0-2013-1838)
Vulnerability from cvelistv5 – Published: 2013-03-22 21:00 – Updated: 2024-08-06 15:13
VLAI?
Summary
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:33.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[openstack] 20130314 [OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.launchpad.net/openstack/msg21892.html"
},
{
"name": "58492",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58492"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/nova/+bug/1125468"
},
{
"name": "USN-1771-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1771-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://review.openstack.org/#/c/24453/"
},
{
"name": "52728",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52728"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=919648"
},
{
"name": "52580",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52580"
},
{
"name": "91303",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/91303"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://review.openstack.org/#/c/24452/"
},
{
"name": "nova-fixedips-dos(82877)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82877"
},
{
"name": "RHSA-2013:0709",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0709.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://review.openstack.org/#/c/24451/"
},
{
"name": "[oss-security] 20130314 [OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/14/18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[openstack] 20130314 [OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.launchpad.net/openstack/msg21892.html"
},
{
"name": "58492",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58492"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/nova/+bug/1125468"
},
{
"name": "USN-1771-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1771-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://review.openstack.org/#/c/24453/"
},
{
"name": "52728",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52728"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=919648"
},
{
"name": "52580",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52580"
},
{
"name": "91303",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/91303"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://review.openstack.org/#/c/24452/"
},
{
"name": "nova-fixedips-dos(82877)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82877"
},
{
"name": "RHSA-2013:0709",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0709.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://review.openstack.org/#/c/24451/"
},
{
"name": "[oss-security] 20130314 [OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/14/18"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1838",
"datePublished": "2013-03-22T21:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:13:33.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0335 (GCVE-0-2013-0335)
Vulnerability from cvelistv5 – Published: 2013-03-22 21:00 – Updated: 2024-08-06 14:25
VLAI?
Summary
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:25:09.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "90657",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/90657"
},
{
"name": "52728",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52728"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/nova/+bug/1125378"
},
{
"name": "[oss-security] 20130226 [OSSA-2013-006] VNC proxy can connect to the wrong VM (CVE-2013-0335)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/26/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://review.openstack.org/#/c/22872/"
},
{
"name": "USN-1771-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1771-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://review.openstack.org/#/c/22758"
},
{
"name": "RHSA-2013:0709",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0709.html"
},
{
"name": "52337",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52337"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://review.openstack.org/#/c/22086/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-05T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "90657",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/90657"
},
{
"name": "52728",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52728"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/nova/+bug/1125378"
},
{
"name": "[oss-security] 20130226 [OSSA-2013-006] VNC proxy can connect to the wrong VM (CVE-2013-0335)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/26/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://review.openstack.org/#/c/22872/"
},
{
"name": "USN-1771-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1771-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://review.openstack.org/#/c/22758"
},
{
"name": "RHSA-2013:0709",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0709.html"
},
{
"name": "52337",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52337"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://review.openstack.org/#/c/22086/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0335",
"datePublished": "2013-03-22T21:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:25:09.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0266 (GCVE-0-2013-0266)
Vulnerability from cvelistv5 – Published: 2013-03-08 21:00 – Updated: 2024-08-06 14:18
VLAI?
Summary
manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908581"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/puppetlabs/puppetlabs-cinder/commit/7da792fbd40c0e6eae1ee093aa00e0b177bd2ebc"
},
{
"name": "RHSA-2013:0595",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0595.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-08T21:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908581"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/puppetlabs/puppetlabs-cinder/commit/7da792fbd40c0e6eae1ee093aa00e0b177bd2ebc"
},
{
"name": "RHSA-2013:0595",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0595.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0266",
"datePublished": "2013-03-08T21:00:00Z",
"dateReserved": "2012-12-06T00:00:00Z",
"dateUpdated": "2024-08-06T14:18:09.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0261 (GCVE-0-2013-0261)
Vulnerability from cvelistv5 – Published: 2013-03-08 21:00 – Updated: 2024-08-06 14:18
VLAI?
Summary
(1) installer/basedefs.py and (2) modules/ospluginutils.py in PackStack allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2013:0595",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0595.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908101"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "(1) installer/basedefs.py and (2) modules/ospluginutils.py in PackStack allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-08T21:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2013:0595",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0595.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908101"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0261",
"datePublished": "2013-03-08T21:00:00Z",
"dateReserved": "2012-12-06T00:00:00Z",
"dateUpdated": "2024-08-06T14:18:09.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0208 (GCVE-0-2013-0208)
Vulnerability from cvelistv5 – Published: 2013-02-13 16:00 – Updated: 2024-08-06 14:18
VLAI?
Summary
The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/nova/commit/317cc0af385536dee43ef2addad50a91357fc1ad"
},
{
"name": "RHSA-2013:0208",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0208.html"
},
{
"name": "51992",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51992"
},
{
"name": "51963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51963"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/nova/+bug/1069904"
},
{
"name": "[oss-security] 20130129 [OSSA 2013-001] Boot from volume allows access to random volumes (CVE-2013-0208)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/29/9"
},
{
"name": "57613",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57613"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/nova/commit/243d516cea9d3caa5a8267b12d2f577dcb24193b"
},
{
"name": "USN-1709-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1709-1"
},
{
"name": "89661",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/89661"
},
{
"name": "nova-volume-security-bypass(81697)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81697"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=902629"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users\u0027 volumes via a volume id in the block_device_mapping parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/nova/commit/317cc0af385536dee43ef2addad50a91357fc1ad"
},
{
"name": "RHSA-2013:0208",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0208.html"
},
{
"name": "51992",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51992"
},
{
"name": "51963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51963"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/nova/+bug/1069904"
},
{
"name": "[oss-security] 20130129 [OSSA 2013-001] Boot from volume allows access to random volumes (CVE-2013-0208)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/29/9"
},
{
"name": "57613",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57613"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/nova/commit/243d516cea9d3caa5a8267b12d2f577dcb24193b"
},
{
"name": "USN-1709-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1709-1"
},
{
"name": "89661",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/89661"
},
{
"name": "nova-volume-security-bypass(81697)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81697"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=902629"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0208",
"datePublished": "2013-02-13T16:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5571 (GCVE-0-2012-5571)
Vulnerability from cvelistv5 – Published: 2012-12-18 01:00 – Updated: 2024-08-06 21:14
VLAI?
Summary
OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:15.748Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19"
},
{
"name": "RHSA-2012:1557",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1557.html"
},
{
"name": "RHSA-2012:1556",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1556.html"
},
{
"name": "[oss-security] 20121128 [OSSA 2012-018] EC2-style credentials invalidation issue (CVE-2012-5571)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/5"
},
{
"name": "USN-1641-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1641-1"
},
{
"name": "keystone-tenant-sec-bypass(80333)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80333"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713b"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/keystone/+bug/1064914"
},
{
"name": "[oss-security] 20121128 [OSSA 2012-019] Extension of token validity through token chaining (CVE-2012-5563)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653"
},
{
"name": "51423",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51423"
},
{
"name": "56726",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56726"
},
{
"name": "51436",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51436"
},
{
"name": "FEDORA-2012-19341",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19"
},
{
"name": "RHSA-2012:1557",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1557.html"
},
{
"name": "RHSA-2012:1556",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1556.html"
},
{
"name": "[oss-security] 20121128 [OSSA 2012-018] EC2-style credentials invalidation issue (CVE-2012-5571)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/5"
},
{
"name": "USN-1641-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1641-1"
},
{
"name": "keystone-tenant-sec-bypass(80333)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80333"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713b"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/keystone/+bug/1064914"
},
{
"name": "[oss-security] 20121128 [OSSA 2012-019] Extension of token validity through token chaining (CVE-2012-5563)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653"
},
{
"name": "51423",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51423"
},
{
"name": "56726",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56726"
},
{
"name": "51436",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51436"
},
{
"name": "FEDORA-2012-19341",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5571",
"datePublished": "2012-12-18T01:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:14:15.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4573 (GCVE-0-2012-4573)
Vulnerability from cvelistv5 – Published: 2012-11-11 11:00 – Updated: 2024-08-06 20:42
VLAI?
Summary
The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:54.862Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "51174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51174"
},
{
"name": "51234",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51234"
},
{
"name": "USN-1626-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1626-1"
},
{
"name": "RHSA-2012:1558",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1558.html"
},
{
"name": "56437",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56437"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/glance/commit/90bcdc5a89e350a358cf320a03f5afe99795f6f6"
},
{
"name": "FEDORA-2012-17901",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html"
},
{
"name": "[oss-security] 20121107 [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/07/6"
},
{
"name": "[oss-security] 20121109 [OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/118733/Red-Hat-Security-Advisory-2012-1558-01.html"
},
{
"name": "87248",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/87248"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/glance/commit/6ab0992e5472ae3f9bef0d2ced41030655d9d2bc"
},
{
"name": "USN-1626-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1626-2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/glance/+bug/1065187"
},
{
"name": "SUSE-SU-2012:1455",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/glance/commit/efd7e75b1f419a52c7103c7840e24af8e5deb29d"
},
{
"name": "openstack-glance-sec-bypass(79895)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79895"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "51174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51174"
},
{
"name": "51234",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51234"
},
{
"name": "USN-1626-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1626-1"
},
{
"name": "RHSA-2012:1558",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1558.html"
},
{
"name": "56437",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56437"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/glance/commit/90bcdc5a89e350a358cf320a03f5afe99795f6f6"
},
{
"name": "FEDORA-2012-17901",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html"
},
{
"name": "[oss-security] 20121107 [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/07/6"
},
{
"name": "[oss-security] 20121109 [OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/118733/Red-Hat-Security-Advisory-2012-1558-01.html"
},
{
"name": "87248",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/87248"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/glance/commit/6ab0992e5472ae3f9bef0d2ced41030655d9d2bc"
},
{
"name": "USN-1626-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1626-2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/glance/+bug/1065187"
},
{
"name": "SUSE-SU-2012:1455",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/glance/commit/efd7e75b1f419a52c7103c7840e24af8e5deb29d"
},
{
"name": "openstack-glance-sec-bypass(79895)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79895"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4573",
"datePublished": "2012-11-11T11:00:00",
"dateReserved": "2012-08-21T00:00:00",
"dateUpdated": "2024-08-06T20:42:54.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5482 (GCVE-0-2012-5482)
Vulnerability from cvelistv5 – Published: 2012-11-11 11:00 – Updated: 2024-08-06 21:05
VLAI?
Summary
The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "51174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51174"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88"
},
{
"name": "[oss-security] 20121108 Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/08/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/glance/+bug/1076506"
},
{
"name": "56437",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56437"
},
{
"name": "glance-v2api-security-bypass(80019)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80019"
},
{
"name": "FEDORA-2012-17901",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html"
},
{
"name": "[oss-security] 20121107 [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/07/6"
},
{
"name": "[oss-security] 20121109 [OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/5"
},
{
"name": "87248",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/87248"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3"
},
{
"name": "[oss-security] 20121109 Re: Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/1"
},
{
"name": "SUSE-SU-2012:1455",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "51174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51174"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88"
},
{
"name": "[oss-security] 20121108 Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/08/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/glance/+bug/1076506"
},
{
"name": "56437",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56437"
},
{
"name": "glance-v2api-security-bypass(80019)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80019"
},
{
"name": "FEDORA-2012-17901",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html"
},
{
"name": "[oss-security] 20121107 [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/07/6"
},
{
"name": "[oss-security] 20121109 [OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/5"
},
{
"name": "87248",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/87248"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3"
},
{
"name": "[oss-security] 20121109 Re: Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/1"
},
{
"name": "SUSE-SU-2012:1455",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51174",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51174"
},
{
"name": "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88",
"refsource": "CONFIRM",
"url": "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88"
},
{
"name": "[oss-security] 20121108 Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/08/2"
},
{
"name": "https://bugs.launchpad.net/glance/+bug/1076506",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/glance/+bug/1076506"
},
{
"name": "56437",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56437"
},
{
"name": "glance-v2api-security-bypass(80019)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80019"
},
{
"name": "FEDORA-2012-17901",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html"
},
{
"name": "[oss-security] 20121107 [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/07/6"
},
{
"name": "[oss-security] 20121109 [OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/5"
},
{
"name": "87248",
"refsource": "OSVDB",
"url": "http://osvdb.org/87248"
},
{
"name": "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3",
"refsource": "CONFIRM",
"url": "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3"
},
{
"name": "[oss-security] 20121109 Re: Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/1"
},
{
"name": "SUSE-SU-2012:1455",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5482",
"datePublished": "2012-11-11T11:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3542 (GCVE-0-2012-3542)
Vulnerability from cvelistv5 – Published: 2012-09-05 23:00 – Updated: 2024-08-06 20:13
VLAI?
Summary
OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:13:50.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "50467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50467"
},
{
"name": "55326",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55326"
},
{
"name": "[openstack] 20120830 [OSSA 2012-013] Keystone, Lack of authorization for adding users to tenants (CVE-2012-3542)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.launchpad.net/openstack/msg16282.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/keystone/commit/c13d0ba606f7b2bdc609a7f388334e5efec3f3aa"
},
{
"name": "[oss-security] 20120830 [OSSA 2012-013] Keystone, Lack of authorization for adding users to tenants (CVE-2012-3542)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/30/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/keystone/commit/5438d3b5a219d7c8fa67e66e538d325a61617155"
},
{
"name": "50494",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50494"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/keystone/+bug/1040626"
},
{
"name": "USN-1552-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1552-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user\u0027s default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-05T23:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "50467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50467"
},
{
"name": "55326",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55326"
},
{
"name": "[openstack] 20120830 [OSSA 2012-013] Keystone, Lack of authorization for adding users to tenants (CVE-2012-3542)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.launchpad.net/openstack/msg16282.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/keystone/commit/c13d0ba606f7b2bdc609a7f388334e5efec3f3aa"
},
{
"name": "[oss-security] 20120830 [OSSA 2012-013] Keystone, Lack of authorization for adding users to tenants (CVE-2012-3542)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/30/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/keystone/commit/5438d3b5a219d7c8fa67e66e538d325a61617155"
},
{
"name": "50494",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50494"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/keystone/+bug/1040626"
},
{
"name": "USN-1552-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1552-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3542",
"datePublished": "2012-09-05T23:00:00Z",
"dateReserved": "2012-06-14T00:00:00Z",
"dateUpdated": "2024-08-06T20:13:50.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3426 (GCVE-0-2012-3426)
Vulnerability from cvelistv5 – Published: 2012-07-31 10:00 – Updated: 2024-08-06 20:05
VLAI?
Summary
OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/keystone/+bug/998185"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/keystone/+bug/997194"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz"
},
{
"name": "50494",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50494"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/keystone/+bug/996595"
},
{
"name": "[oss-security] 20120727 [OSSA 2012-010] Various Keystone token expiration issues (CVE-2012-3426)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/27/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626"
},
{
"name": "USN-1552-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1552-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d"
},
{
"name": "50045",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50045"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-07T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/keystone/+bug/998185"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/keystone/+bug/997194"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz"
},
{
"name": "50494",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50494"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/keystone/+bug/996595"
},
{
"name": "[oss-security] 20120727 [OSSA 2012-010] Various Keystone token expiration issues (CVE-2012-3426)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/27/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626"
},
{
"name": "USN-1552-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1552-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d"
},
{
"name": "50045",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50045"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3426",
"datePublished": "2012-07-31T10:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1838 (GCVE-0-2013-1838)
Vulnerability from nvd – Published: 2013-03-22 21:00 – Updated: 2024-08-06 15:13
VLAI?
Summary
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:33.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[openstack] 20130314 [OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.launchpad.net/openstack/msg21892.html"
},
{
"name": "58492",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58492"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/nova/+bug/1125468"
},
{
"name": "USN-1771-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1771-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://review.openstack.org/#/c/24453/"
},
{
"name": "52728",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52728"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=919648"
},
{
"name": "52580",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52580"
},
{
"name": "91303",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/91303"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://review.openstack.org/#/c/24452/"
},
{
"name": "nova-fixedips-dos(82877)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82877"
},
{
"name": "RHSA-2013:0709",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0709.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://review.openstack.org/#/c/24451/"
},
{
"name": "[oss-security] 20130314 [OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/14/18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[openstack] 20130314 [OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.launchpad.net/openstack/msg21892.html"
},
{
"name": "58492",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58492"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/nova/+bug/1125468"
},
{
"name": "USN-1771-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1771-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://review.openstack.org/#/c/24453/"
},
{
"name": "52728",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52728"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=919648"
},
{
"name": "52580",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52580"
},
{
"name": "91303",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/91303"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://review.openstack.org/#/c/24452/"
},
{
"name": "nova-fixedips-dos(82877)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82877"
},
{
"name": "RHSA-2013:0709",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0709.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://review.openstack.org/#/c/24451/"
},
{
"name": "[oss-security] 20130314 [OSSA 2013-008] Nova DoS by allocating all Fixed IPs (CVE-2013-1838)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/14/18"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1838",
"datePublished": "2013-03-22T21:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:13:33.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0335 (GCVE-0-2013-0335)
Vulnerability from nvd – Published: 2013-03-22 21:00 – Updated: 2024-08-06 14:25
VLAI?
Summary
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:25:09.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "90657",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/90657"
},
{
"name": "52728",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52728"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/nova/+bug/1125378"
},
{
"name": "[oss-security] 20130226 [OSSA-2013-006] VNC proxy can connect to the wrong VM (CVE-2013-0335)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/26/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://review.openstack.org/#/c/22872/"
},
{
"name": "USN-1771-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1771-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://review.openstack.org/#/c/22758"
},
{
"name": "RHSA-2013:0709",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0709.html"
},
{
"name": "52337",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52337"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://review.openstack.org/#/c/22086/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-06-05T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "90657",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/90657"
},
{
"name": "52728",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52728"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/nova/+bug/1125378"
},
{
"name": "[oss-security] 20130226 [OSSA-2013-006] VNC proxy can connect to the wrong VM (CVE-2013-0335)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/26/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://review.openstack.org/#/c/22872/"
},
{
"name": "USN-1771-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1771-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://review.openstack.org/#/c/22758"
},
{
"name": "RHSA-2013:0709",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0709.html"
},
{
"name": "52337",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52337"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://review.openstack.org/#/c/22086/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0335",
"datePublished": "2013-03-22T21:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:25:09.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0266 (GCVE-0-2013-0266)
Vulnerability from nvd – Published: 2013-03-08 21:00 – Updated: 2024-08-06 14:18
VLAI?
Summary
manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908581"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/puppetlabs/puppetlabs-cinder/commit/7da792fbd40c0e6eae1ee093aa00e0b177bd2ebc"
},
{
"name": "RHSA-2013:0595",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0595.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-08T21:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908581"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/puppetlabs/puppetlabs-cinder/commit/7da792fbd40c0e6eae1ee093aa00e0b177bd2ebc"
},
{
"name": "RHSA-2013:0595",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0595.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0266",
"datePublished": "2013-03-08T21:00:00Z",
"dateReserved": "2012-12-06T00:00:00Z",
"dateUpdated": "2024-08-06T14:18:09.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0261 (GCVE-0-2013-0261)
Vulnerability from nvd – Published: 2013-03-08 21:00 – Updated: 2024-08-06 14:18
VLAI?
Summary
(1) installer/basedefs.py and (2) modules/ospluginutils.py in PackStack allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2013:0595",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0595.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908101"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "(1) installer/basedefs.py and (2) modules/ospluginutils.py in PackStack allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-08T21:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2013:0595",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0595.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908101"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0261",
"datePublished": "2013-03-08T21:00:00Z",
"dateReserved": "2012-12-06T00:00:00Z",
"dateUpdated": "2024-08-06T14:18:09.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-0208 (GCVE-0-2013-0208)
Vulnerability from nvd – Published: 2013-02-13 16:00 – Updated: 2024-08-06 14:18
VLAI?
Summary
The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/nova/commit/317cc0af385536dee43ef2addad50a91357fc1ad"
},
{
"name": "RHSA-2013:0208",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0208.html"
},
{
"name": "51992",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51992"
},
{
"name": "51963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51963"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/nova/+bug/1069904"
},
{
"name": "[oss-security] 20130129 [OSSA 2013-001] Boot from volume allows access to random volumes (CVE-2013-0208)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/29/9"
},
{
"name": "57613",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57613"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/nova/commit/243d516cea9d3caa5a8267b12d2f577dcb24193b"
},
{
"name": "USN-1709-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1709-1"
},
{
"name": "89661",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/89661"
},
{
"name": "nova-volume-security-bypass(81697)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81697"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=902629"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users\u0027 volumes via a volume id in the block_device_mapping parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/nova/commit/317cc0af385536dee43ef2addad50a91357fc1ad"
},
{
"name": "RHSA-2013:0208",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0208.html"
},
{
"name": "51992",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51992"
},
{
"name": "51963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51963"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/nova/+bug/1069904"
},
{
"name": "[oss-security] 20130129 [OSSA 2013-001] Boot from volume allows access to random volumes (CVE-2013-0208)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/01/29/9"
},
{
"name": "57613",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57613"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/nova/commit/243d516cea9d3caa5a8267b12d2f577dcb24193b"
},
{
"name": "USN-1709-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1709-1"
},
{
"name": "89661",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/89661"
},
{
"name": "nova-volume-security-bypass(81697)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81697"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=902629"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0208",
"datePublished": "2013-02-13T16:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5571 (GCVE-0-2012-5571)
Vulnerability from nvd – Published: 2012-12-18 01:00 – Updated: 2024-08-06 21:14
VLAI?
Summary
OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:15.748Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19"
},
{
"name": "RHSA-2012:1557",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1557.html"
},
{
"name": "RHSA-2012:1556",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1556.html"
},
{
"name": "[oss-security] 20121128 [OSSA 2012-018] EC2-style credentials invalidation issue (CVE-2012-5571)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/5"
},
{
"name": "USN-1641-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1641-1"
},
{
"name": "keystone-tenant-sec-bypass(80333)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80333"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713b"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/keystone/+bug/1064914"
},
{
"name": "[oss-security] 20121128 [OSSA 2012-019] Extension of token validity through token chaining (CVE-2012-5563)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653"
},
{
"name": "51423",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51423"
},
{
"name": "56726",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56726"
},
{
"name": "51436",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51436"
},
{
"name": "FEDORA-2012-19341",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19"
},
{
"name": "RHSA-2012:1557",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1557.html"
},
{
"name": "RHSA-2012:1556",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1556.html"
},
{
"name": "[oss-security] 20121128 [OSSA 2012-018] EC2-style credentials invalidation issue (CVE-2012-5571)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/5"
},
{
"name": "USN-1641-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1641-1"
},
{
"name": "keystone-tenant-sec-bypass(80333)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80333"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713b"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/keystone/+bug/1064914"
},
{
"name": "[oss-security] 20121128 [OSSA 2012-019] Extension of token validity through token chaining (CVE-2012-5563)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/28/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653"
},
{
"name": "51423",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51423"
},
{
"name": "56726",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56726"
},
{
"name": "51436",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51436"
},
{
"name": "FEDORA-2012-19341",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5571",
"datePublished": "2012-12-18T01:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:14:15.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4573 (GCVE-0-2012-4573)
Vulnerability from nvd – Published: 2012-11-11 11:00 – Updated: 2024-08-06 20:42
VLAI?
Summary
The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:42:54.862Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "51174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51174"
},
{
"name": "51234",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51234"
},
{
"name": "USN-1626-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1626-1"
},
{
"name": "RHSA-2012:1558",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1558.html"
},
{
"name": "56437",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56437"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/glance/commit/90bcdc5a89e350a358cf320a03f5afe99795f6f6"
},
{
"name": "FEDORA-2012-17901",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html"
},
{
"name": "[oss-security] 20121107 [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/07/6"
},
{
"name": "[oss-security] 20121109 [OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/118733/Red-Hat-Security-Advisory-2012-1558-01.html"
},
{
"name": "87248",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/87248"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/glance/commit/6ab0992e5472ae3f9bef0d2ced41030655d9d2bc"
},
{
"name": "USN-1626-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1626-2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/glance/+bug/1065187"
},
{
"name": "SUSE-SU-2012:1455",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/glance/commit/efd7e75b1f419a52c7103c7840e24af8e5deb29d"
},
{
"name": "openstack-glance-sec-bypass(79895)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79895"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "51174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51174"
},
{
"name": "51234",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51234"
},
{
"name": "USN-1626-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1626-1"
},
{
"name": "RHSA-2012:1558",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1558.html"
},
{
"name": "56437",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56437"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/glance/commit/90bcdc5a89e350a358cf320a03f5afe99795f6f6"
},
{
"name": "FEDORA-2012-17901",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html"
},
{
"name": "[oss-security] 20121107 [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/07/6"
},
{
"name": "[oss-security] 20121109 [OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/118733/Red-Hat-Security-Advisory-2012-1558-01.html"
},
{
"name": "87248",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/87248"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/glance/commit/6ab0992e5472ae3f9bef0d2ced41030655d9d2bc"
},
{
"name": "USN-1626-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1626-2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/glance/+bug/1065187"
},
{
"name": "SUSE-SU-2012:1455",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/glance/commit/efd7e75b1f419a52c7103c7840e24af8e5deb29d"
},
{
"name": "openstack-glance-sec-bypass(79895)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79895"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4573",
"datePublished": "2012-11-11T11:00:00",
"dateReserved": "2012-08-21T00:00:00",
"dateUpdated": "2024-08-06T20:42:54.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5482 (GCVE-0-2012-5482)
Vulnerability from nvd – Published: 2012-11-11 11:00 – Updated: 2024-08-06 21:05
VLAI?
Summary
The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "51174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51174"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88"
},
{
"name": "[oss-security] 20121108 Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/08/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/glance/+bug/1076506"
},
{
"name": "56437",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56437"
},
{
"name": "glance-v2api-security-bypass(80019)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80019"
},
{
"name": "FEDORA-2012-17901",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html"
},
{
"name": "[oss-security] 20121107 [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/07/6"
},
{
"name": "[oss-security] 20121109 [OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/5"
},
{
"name": "87248",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/87248"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3"
},
{
"name": "[oss-security] 20121109 Re: Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/1"
},
{
"name": "SUSE-SU-2012:1455",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "51174",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51174"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88"
},
{
"name": "[oss-security] 20121108 Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/08/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/glance/+bug/1076506"
},
{
"name": "56437",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56437"
},
{
"name": "glance-v2api-security-bypass(80019)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80019"
},
{
"name": "FEDORA-2012-17901",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html"
},
{
"name": "[oss-security] 20121107 [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/07/6"
},
{
"name": "[oss-security] 20121109 [OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/5"
},
{
"name": "87248",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/87248"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3"
},
{
"name": "[oss-security] 20121109 Re: Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/1"
},
{
"name": "SUSE-SU-2012:1455",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51174",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51174"
},
{
"name": "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88",
"refsource": "CONFIRM",
"url": "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88"
},
{
"name": "[oss-security] 20121108 Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/08/2"
},
{
"name": "https://bugs.launchpad.net/glance/+bug/1076506",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/glance/+bug/1076506"
},
{
"name": "56437",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56437"
},
{
"name": "glance-v2api-security-bypass(80019)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80019"
},
{
"name": "FEDORA-2012-17901",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html"
},
{
"name": "[oss-security] 20121107 [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/07/6"
},
{
"name": "[oss-security] 20121109 [OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/5"
},
{
"name": "87248",
"refsource": "OSVDB",
"url": "http://osvdb.org/87248"
},
{
"name": "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3",
"refsource": "CONFIRM",
"url": "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3"
},
{
"name": "[oss-security] 20121109 Re: Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/09/1"
},
{
"name": "SUSE-SU-2012:1455",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5482",
"datePublished": "2012-11-11T11:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3542 (GCVE-0-2012-3542)
Vulnerability from nvd – Published: 2012-09-05 23:00 – Updated: 2024-08-06 20:13
VLAI?
Summary
OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:13:50.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "50467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50467"
},
{
"name": "55326",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55326"
},
{
"name": "[openstack] 20120830 [OSSA 2012-013] Keystone, Lack of authorization for adding users to tenants (CVE-2012-3542)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.launchpad.net/openstack/msg16282.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/keystone/commit/c13d0ba606f7b2bdc609a7f388334e5efec3f3aa"
},
{
"name": "[oss-security] 20120830 [OSSA 2012-013] Keystone, Lack of authorization for adding users to tenants (CVE-2012-3542)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/30/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openstack/keystone/commit/5438d3b5a219d7c8fa67e66e538d325a61617155"
},
{
"name": "50494",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50494"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/keystone/+bug/1040626"
},
{
"name": "USN-1552-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1552-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user\u0027s default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-05T23:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "50467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50467"
},
{
"name": "55326",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55326"
},
{
"name": "[openstack] 20120830 [OSSA 2012-013] Keystone, Lack of authorization for adding users to tenants (CVE-2012-3542)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.launchpad.net/openstack/msg16282.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/keystone/commit/c13d0ba606f7b2bdc609a7f388334e5efec3f3aa"
},
{
"name": "[oss-security] 20120830 [OSSA 2012-013] Keystone, Lack of authorization for adding users to tenants (CVE-2012-3542)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/30/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openstack/keystone/commit/5438d3b5a219d7c8fa67e66e538d325a61617155"
},
{
"name": "50494",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50494"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/keystone/+bug/1040626"
},
{
"name": "USN-1552-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1552-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3542",
"datePublished": "2012-09-05T23:00:00Z",
"dateReserved": "2012-06-14T00:00:00Z",
"dateUpdated": "2024-08-06T20:13:50.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3426 (GCVE-0-2012-3426)
Vulnerability from nvd – Published: 2012-07-31 10:00 – Updated: 2024-08-06 20:05
VLAI?
Summary
OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/keystone/+bug/998185"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/keystone/+bug/997194"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz"
},
{
"name": "50494",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50494"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/keystone/+bug/996595"
},
{
"name": "[oss-security] 20120727 [OSSA 2012-010] Various Keystone token expiration issues (CVE-2012-3426)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/27/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626"
},
{
"name": "USN-1552-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1552-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d"
},
{
"name": "50045",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50045"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-07T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/keystone/+bug/998185"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/keystone/+bug/997194"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz"
},
{
"name": "50494",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50494"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/keystone/+bug/996595"
},
{
"name": "[oss-security] 20120727 [OSSA 2012-010] Various Keystone token expiration issues (CVE-2012-3426)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/07/27/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626"
},
{
"name": "USN-1552-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1552-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d"
},
{
"name": "50045",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50045"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3426",
"datePublished": "2012-07-31T10:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}