659913dd22
This data has been collected from every advisory issued by the OpenStack VMT to date. The CVSSv2 information and impacts have been mined from Red Hat's CVE database. The severity and importance of these issues may differ from these ratings.
44 lines
1.1 KiB
JSON
44 lines
1.1 KiB
JSON
{
|
|
"advisory": {
|
|
"date": "2012-09-28",
|
|
"description": "Jaxon Xu reported a vulnerability in Keystone. Two admin API actions did not require a valid token. The first was listing roles for a user. The second as the ability to get, create, and delete services.",
|
|
"id": "2012-015",
|
|
"title": "Some actions in Keystone admin API do not validate token",
|
|
"url": "https://lists.launchpad.net/openstack/msg17034.html"
|
|
},
|
|
"affects": [
|
|
{
|
|
"product": "keystone",
|
|
"version": "TODO"
|
|
}
|
|
],
|
|
"bugs": [
|
|
"1006815",
|
|
"1006822"
|
|
],
|
|
"notes": "",
|
|
"reporters": [
|
|
{
|
|
"company": "UNKNOWN",
|
|
"name": "Jason Xu"
|
|
}
|
|
],
|
|
"reviews": [
|
|
"8104",
|
|
"9014",
|
|
"8105",
|
|
"9015"
|
|
],
|
|
"schema_version": 1,
|
|
"vulnerabilities": [
|
|
{
|
|
"cve": "CVE-2012-4456",
|
|
"cvss": {
|
|
"base_score": "7.5",
|
|
"scoring_vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
|
|
},
|
|
"cwe": "TODO",
|
|
"impact": "moderate"
|
|
}
|
|
]
|
|
} |