|
Bug #918608: SQL injection through limit parameter
|
 CVE-2012-0805 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Ziad Sawalha
|
|
Bug #957359: passlib segfaults when keystone is sent a large password
|
CVE-2012-1572 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Russell Bryant
|
|
Bug #988920: [OSSA 2012-016]Token authentication for a user in a disabled tenant does not raise Unauthorized error
|
CVE-2012-4457 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Dolph Mathews
|
|
Bug #996595: [OSSA 2012-010] Following a password compromise and subsequent password change, tokens remain valid.
|
CVE-2012-3426 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Derek Higgins
|
|
Bug #997194: [OSSA 2012-010] Tokens remain valid after a user account is disabled
|
CVE-2012-3426 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Derek Higgins
|
|
Bug #998185: [OSSA 2012-010] Once a token is created/distributed its expiry date can be circumvented
|
CVE-2012-3426 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Derek Higgins
|
|
Bug #1006815: [OSSA 2012-015] Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't validate token
|
CVE-2012-4456 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Dolph Mathews
|
|
Bug #1006822: [OSSA 2012-015] API v2.0/OS-KSADM/services, v2.0/OS-KSADM/services/{service_id} doesn't validate token
|
CVE-2012-4456 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Dolph Mathews
|
|
Bug #1040626: [OSSA 2012-013] Update user's default tenant partially succeeds without authz
|
CVE-2012-3542 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Dolph Mathews
|
|
Bug #1041396: [OSSA 2012-014] Token validation includes revoked roles (CVE-2012-4413)
|
CVE-2012-4413 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Thierry Carrez
|
|
Bug #1046905: Memcached Token Backend does not support list tokens
|
CVE-2012-3542
CVE-2012-4413
CVE-2012-5571
CVE-2013-0247
CVE-2013-0282
CVE-2013-1664 |
|
OpenStack Identity (keystone)
|
Fix released (unassigned)
|
|
Bug #1050025: Token invalidation in case of role grant/revoke should be limited to affected tenant
|
CVE-2012-3542
CVE-2012-4413
CVE-2012-5571
CVE-2013-0247
CVE-2013-0282
CVE-2013-1664 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Dolph Mathews
|
|
Bug #1056373: memcache driver needs protection against unicode user keys
|
CVE-2012-3542
CVE-2012-4413
CVE-2012-5571
CVE-2013-0247
CVE-2013-0282
CVE-2013-1664 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Dolph Mathews
|
|
Bug #1060389: Non PKI Tokens longer than 32 characters can never be valid
|
CVE-2012-5563
CVE-2012-5571 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Dan Radez
|
|
Bug #1064914: [OSSA-2012-018] Removing user from a tenant isn't invalidating user access to tenant
|
CVE-2012-5571 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Vish Ishaya
|
|
Bug #1068674: Redo part of bp/sql-identiy-pam undone by bug 968519
|
CVE-2012-5563
CVE-2012-5571 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Ken Thomas
|
|
Bug #1068851: Openssl tests rely on expired certificate
|
CVE-2012-5563
CVE-2012-5571 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Guang Yee
|
|
Bug #1073569: Jenkins jobs fail because of incompatibility between sqlalchemy-migrate and the newest sqlalchemy-0.8.0b1
|
CVE-2012-4573
CVE-2012-5563
CVE-2012-5571 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Ionuț Arțăriși
|
|
Bug #1078497: keystone throws error when removing user from tenant.
|
CVE-2012-5563
CVE-2012-5571 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Vish Ishaya
|
|
Bug #1079216: [OSSA-2012-019] token expires time incorrect for auth by one token
|
CVE-2012-5563 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Russell Bryant
|
|
Bug #1098307: [OSSA 2013-003] unauthenticated POST to /tokens can fill up disk/logs
|
CVE-2013-0247 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Dan Prince
|
|
Bug #1100279: [OSSA 2013-004] Local file leak through entities in XML requests (CVE-2013-1665)
|
CVE-2013-1665 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Dolph Mathews
|
|
Bug #1100282: [OSSA 2013-004] DoS through XML entity expansion (CVE-2013-1664)
|
CVE-2013-1664 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Dolph Mathews
|
|
Bug #1121494: [OSSA 2013-005] EC2 authentication does not ensure user or tenant is enabled
|
CVE-2013-0282 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Dolph Mathews
|
|
Bug #1129713: [OSSA 2013-009] Validation of PKI tokens bypasses revocation check
|
CVE-2013-1865 |
|
OpenStack Identity (keystone)
|
Invalid (unassigned)
|
|
Bug #1166670: [OSSA 2013-011] Deleted user can still create instances
|
CVE-2013-2059 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Dolph Mathews
|
|
Bug #1167421: Upgrading from folsom to grizzly results in all tenants/users being disabled
|
CVE-2013-2059 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Dolph Mathews
|
|
Bug #1172195: admin_token and LDAP password show up in log in DEBUG mode
|
CVE-2013-2006 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Xu Han Peng
|
|
Bug #1174608: [OSSA 2013-010] Insecure directory creation for signing
|
CVE-2013-2030 |
|
OpenStack Identity (keystone)
|
Invalid (unassigned)
|
|
Bug #1177924: Use testr instead of nose as the unittest runner.
|
CVE-2016-0738 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to David Stanek
|
|
Bug #1179615: [OSSA 2013-014] auth_token middleware neglects to check expiry of signed token
|
CVE-2013-2104 |
|
OpenStack Identity (keystone)
|
Invalid (unassigned)
|
|
Bug #1179955: Disabling a tenant would not disable a user token
|
CVE-2013-4222 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Chmouel Boudjnah
|
|
Bug #1187305: [OSSA 2013-015] LDAP vulnerability when checking user credentials (CVE-2013-2157)
|
CVE-2013-2157 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Adam Young
|
|
Bug #1188189: Some server-side 'SSL' communication fails to check certificates (use of HTTPSConnection)
|
CVE-2013-2255 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Daniel Gollub
|
|
Bug #1202952: [OSSA 2013-025] PKI tokens are never revoked using memcache token backend (CVE-2013-4294)
|
CVE-2013-4294 |
|
OpenStack Identity (keystone)
|
Invalid (unassigned)
|
|
Bug #1237989: user can update his password without knowing the old password
|
CVE-2013-4471 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Dolph Mathews
|
|
Bug #1242597: [OSSA 2013-032] Keystone trust circumvention through EC2-style tokens (CVE-2013-6391)
|
CVE-2013-4477
CVE-2013-6391 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Steven Hardy
|
|
Bug #1242855: [OSSA 2013-028] Removing role adds role with LDAP backend
|
CVE-2013-4477 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Brant Knudson
|
|
Bug #1260080: [OSSA 2014-006] Trustee token revocations with memcache backend (CVE-2014-2237)
|
CVE-2014-2237 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Morgan Fainberg
|
|
Bug #1309228: [OSSA 2014-015] User gets group auth if same id (CVE-2014-0204)
|
CVE-2014-0204 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Brant Knudson
|
|
Bug #1324592: [OSSA 2014-018] Trust scope can be circumvented by chaining trusts (CVE-2014-3476)
|
CVE-2014-3476 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Adam Young
|
|
Bug #1331912: [OSSA 2014-022] V2 Trusts allow trustee to emulate trustor in other projects (CVE-2014-3520)
|
CVE-2014-3520 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Dolph Mathews
|
|
Bug #1354208: [OSSA 2014-029] Catalog replacement allows reading config (CVE-2014-3621)
|
CVE-2014-3621 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Tristan Cacqueray
|
|
Bug #1490804: [OSSA 2016-005] PKI Token Revocation Bypass (CVE-2015-7546)
|
CVE-2015-7546 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Brant Knudson
|
|
Bug #1529836: Fix deprecated library function (os.popen()).
|
CVE-2016-0738 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Harshada Mangesh Kakad
|
|
Bug #1577558: [OSSA 2016-008] v2.0 fernet tokens audit ids are inconsistent (CVE-2016-4911)
|
CVE-2016-4911 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Lance Bragstad
|
|
Bug #1677723: [OSSA-2017-004] federated user gets wrong role (CVE-2017-2673)
|
CVE-2017-2673 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Boris Bobrov
|
|
Bug #1750843: pysaml2 version in global requirements must be updated to 4.5.0
|
CVE-2016-10149
CVE-2017-1000433 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Matthew Thode
|
|
Bug #1779205: [OSSA-2018-002] GET /v3/OS-FEDERATION/projects leaks project information (CVE-2018-14432)
|
CVE-2018-14432 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Lance Bragstad
|
|
Bug #1855080: [OSSA-2019-006] Credentials API allows listing and retrieving of all users credentials (CVE-2019-19687)
|
CVE-2019-19687 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Colleen Murphy
|
|
Bug #1872733: [OSSA-2020-004] Keystone V3 /credentials endpoint policy logic allows to change credentials owner or target project ID (CVE-2020-12691)
|
CVE-2020-12691 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Colleen Murphy
|
|
Bug #1872735: [OSSA-2020-004] EC2 and/or credential endpoints are not protected from a scoped context (CVE-2020-12689)
|
CVE-2020-12689 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Colleen Murphy
|
|
Bug #1872737: [OSSA-2020-003] Keystone doesn't check signature TTL of the EC2 credential auth method (CVE-2020-12692)
|
CVE-2020-12692 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Colleen Murphy
|
|
Bug #1873290: [OSSA-2020-005] OAuth1 request token authorize silently ignores roles parameter (CVE-2020-12690)
|
CVE-2020-12690 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to Colleen Murphy
|
|
Bug #1901891: Issues regarding application credentials
|
CVE-2021-3563 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to David Wilde
|
|
Bug #1992183: Openstack: Application credential token remains valid longer than expected (CVE-2022-2447)
|
CVE-2022-2447 |
|
OpenStack Identity (keystone)
|
Fix released, assigned to David Wilde
|
