659913dd22
This data has been collected from every advisory issued by the OpenStack VMT to date. The CVSSv2 information and impacts have been mined from Red Hat's CVE database. The severity and importance of these issues may differ from these ratings.
41 lines
1.2 KiB
JSON
41 lines
1.2 KiB
JSON
{
|
|
"advisory": {
|
|
"date": "2012-09-28",
|
|
"description": "Rohit Karajgi reported a vulnerability in Keystone. It was possible to get a token that is authorized for a disabled tenant. Once the token is established with authorization on the tenant, keystone would respond 200 OK to token validation requests from other OpenStack services, allowing the user to work with the tenant's resources. ",
|
|
"id": "2012-016",
|
|
"title": "Token authorization for a user in a disabled tenant is allowed",
|
|
"url": "https://lists.launchpad.net/openstack/msg17035.html"
|
|
},
|
|
"affects": [
|
|
{
|
|
"product": "keystone",
|
|
"version": "TODO"
|
|
}
|
|
],
|
|
"bugs": [
|
|
"988920"
|
|
],
|
|
"notes": "",
|
|
"reporters": [
|
|
{
|
|
"company": "NTT Data",
|
|
"name": "Rohit Karajgi"
|
|
}
|
|
],
|
|
"reviews": [
|
|
"9862",
|
|
"10534"
|
|
],
|
|
"schema_version": 1,
|
|
"vulnerabilities": [
|
|
{
|
|
"cve": "CVE-2012-4457",
|
|
"cvss": {
|
|
"base_score": "4.0",
|
|
"scoring_vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
|
|
},
|
|
"cwe": "TODO",
|
|
"impact": "moderate"
|
|
}
|
|
]
|
|
} |