[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-3520Date: (C)2014-10-21   (M)2023-12-22


OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust token request.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.5
Exploit Score: 8.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECUNIA-59426
http://lists.openstack.org/pipermail/openstack-announce/2014-July/000248.html
https://bugs.launchpad.net/keystone/+bug/1331912

CWE    1
CWE-863
OVAL    3
oval:org.secpod.oval:def:107327
oval:org.secpod.oval:def:702176
oval:org.secpod.oval:def:52284

© SecPod Technologies