Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

31 – 40 of 57 results


CVE-2013-6491

Medium priority

Some fixes available 3 of 4

The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network.

5 affected packages

cinder, keystone, neutron, nova, quantum

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cinder
keystone
neutron
nova
quantum
Show less packages

CVE-2013-6391

Medium priority

Some fixes available 1 of 2

The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating...

1 affected packages

keystone

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
keystone
Show less packages

CVE-2013-4477

Medium priority
Fixed

The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges.

1 affected packages

keystone

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
keystone
Show less packages

CVE-2013-2013

Low priority
Ignored

The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the process.

1 affected packages

python-keystoneclient

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-keystoneclient
Show less packages

CVE-2013-4222

Low priority
Fixed

OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token.

1 affected packages

keystone

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
keystone
Show less packages

CVE-2013-4294

Medium priority
Fixed

The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass...

1 affected packages

keystone

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
keystone
Show less packages

CVE-2013-2157

Medium priority
Fixed

OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password.

1 affected packages

keystone

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
keystone
Show less packages

CVE-2013-2104

Medium priority
Fixed

python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a...

2 affected packages

keystone, python-keystoneclient

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
keystone
python-keystoneclient
Show less packages

CVE-2013-2006

Negligible priority
Ignored

OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.

1 affected packages

keystone

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
keystone
Show less packages

CVE-2013-1977

Medium priority
Not affected

OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file.

1 affected packages

keystone

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
keystone
Show less packages