diff --git a/OSSA-2014-026.json b/OSSA-2014-026.json new file mode 100644 index 0000000..d9439c7 --- /dev/null +++ b/OSSA-2014-026.json @@ -0,0 +1,71 @@ +{ + "advisory": { + "date": "2014-08-15", + "description" : "Lance Bragstad from Rackspace and Brant Knudson from IBM reported 3 vulnerabilities in Keystone revocation events. Lance Bragstad discovered that UUID v2 tokens processed by the V3 API are incorrectly updated and get their \"issued_at\" time regenerated (CVE-2014-5252). Brant Knudson discovered that the MySQL token driver stores expiration dates incorrectly which prevents manual revocation (CVE-2014-5251) and that domain-scoped tokens don't get revoked when the domain is disabled (CVE-2014-5253). Tokens impacted by one of these bugs may allow a user to evade token revocation. Only Keystone setups configured to use revocation events are affected.", + "id": "2014-026", + "title": "Multiple vulnerabilities in Keystone revocation events", + "url": "http://lists.openstack.org/pipermail/openstack-announce/2014-August/000264.html" + }, + "affects": [ + { + "product": "keystone", + "version": "2014.1 versions up to 2014.1.1" + } + ], + "bugs": [ + "1347961", + "1348820", + "1349597" + ], + "notes": "These fixes will be included in the Juno-3 development milestone and are already included in the 2014.1.2.1 release.", + "reporters": [ + { + "company": "Rackspace", + "name": "Lance Bragstad" + }, + { + "company": "IBM", + "name": "Brant Knudson" + } + ], + "reviews": [ + "111106", + "109747", + "109819", + "109820", + "112087", + "111772", + "112083", + "112084" + ], + "schema_version": 1, + "vulnerabilities": [ + { + "cve": "CVE-2014-5252", + "cvss": { + "base_score": "4.9", + "scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N" + }, + "cwe": "TODO", + "impact": "low" + }, + { + "cve": "CVE-2014-5251", + "cvss": { + "base_score": "4.9", + "scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N" + }, + "cwe": "TODO", + "impact": "low" + }, + { + "cve": "CVE-2014-5253", + "cvss": { + "base_score": "4.9", + "scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N" + }, + "cwe": "TODO", + "impact": "low" + } + ] +} diff --git a/OSSA-2014-027.json b/OSSA-2014-027.json new file mode 100644 index 0000000..e1e881a --- /dev/null +++ b/OSSA-2014-027.json @@ -0,0 +1,46 @@ +{ + "advisory": { + "date": "2014-08-19", + "description": "Dennis Felsch and Mario Heiderich from the Horst Görtz Institute for IT-Security, Ruhr-University Bochum reported a persistent XSS in Horizon. A malicious administrator may conduct a persistent XSS attack by registering a malicious host aggregate in Horizon Host Aggregate interface. Once executed in a legitimate context this attack may reveal another admin token, potentially resulting in a lateral privilege escalation. All Horizon setups are affected.", + "id": "2014-027", + "title": "Persistent XSS in Horizon Host Aggregates interface", + "url": "http://lists.openstack.org/pipermail/openstack-announce/2014-August/000266.html" + }, + "affects": [ + { + "product": "horizon", + "version": "up to 2013.2.3, and 2014.1 versions up to 2014.1.2" + } + ], + "bugs": [ + "1349491" + ], + "notes": "This fix will be included in the Juno-3 development milestone and in future 2013.2.4 and 2014.1.3 releases.", + "reporters": [ + { + "company": "Ruhr-University Bochum", + "name": "Dennis Felsch" + }, + { + "company": "Ruhr-University Bochum", + "name": "Mario Heiderich" + } + ], + "reviews": [ + "115310", + "115311", + "115313" + ], + "schema_version": 1, + "vulnerabilities": [ + { + "cve": "CVE-2014-3594", + "cvss": { + "base_score": "4.3", + "scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N" + }, + "cwe": "CWE-79", + "impact": "moderate" + } + ] +}