Download
| Alert*
oval:org.secpod.oval:def:67090
keystone: OpenStack identity service Several security issues were fixed in OpenStack Keystone. oval:org.secpod.oval:def:2004195 An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn"t have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times. oval:org.secpod.oval:def:604839 A vulnerability was found in the EC2 credentials API of Keystone, the OpenStack identity service: Any user authenticated within a limited scope could create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. oval:org.secpod.oval:def:705604 keystone: OpenStack identity service Several security issues were fixed in OpenStack Keystone. |