Search for packages
| purl | pkg:deb/debian/keystone@2013.1.1-2?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-44u3-6h7t-dbah | The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, related to an "interaction between eventlet and python-memcached." |
CVE-2014-0105
GHSA-gwvq-rgqf-993f PYSEC-2014-70 |
| VCID-8bat-qwmh-fyer | OpenStack Identity (Keystone) Denial of Service OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests. |
CVE-2013-2014
GHSA-7332-36h8-8jh8 |
| VCID-cg74-2jr1-2fhp | OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token. |
CVE-2013-2059
GHSA-hj89-qmx9-8qmh PYSEC-2013-41 |
| VCID-qmyj-ffvg-tbe8 | OpenStack Keystone Denial of Service vulnerability via a large HTTP request OpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a large HTTP request, as demonstrated by a long tenant_name when requesting a token. |
CVE-2013-0270
GHSA-4ppj-4p4v-jf4p |
| VCID-snpz-wwd6-dkb6 | OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file. |
CVE-2013-2006
GHSA-rxrm-xvp4-jqvh PYSEC-2013-40 |