659913dd22
This data has been collected from every advisory issued by the OpenStack VMT to date. The CVSSv2 information and impacts have been mined from Red Hat's CVE database. The severity and importance of these issues may differ from these ratings.
42 lines
1.2 KiB
JSON
42 lines
1.2 KiB
JSON
{
|
|
"advisory": {
|
|
"date": "2013-02-05",
|
|
"description": "Dan Prince of Red Hat reported a vulnerability in token creation error handling in Keystone. By requesting lots of invalid tokens, an unauthenticated user may fill up logs on Keystone API servers disks, potentially resulting in a denial of service attack against Keystone. ",
|
|
"id": "2013-003",
|
|
"title": "Keystone denial of service through invalid token requests",
|
|
"url": "http://lists.openstack.org/pipermail/openstack-announce/2013-February/000074.html"
|
|
},
|
|
"affects": [
|
|
{
|
|
"product": "keystone",
|
|
"version": "TODO"
|
|
}
|
|
],
|
|
"bugs": [
|
|
"1098307"
|
|
],
|
|
"notes": "",
|
|
"reporters": [
|
|
{
|
|
"company": "Red Hat",
|
|
"name": "Dan Prince"
|
|
}
|
|
],
|
|
"reviews": [
|
|
"21213",
|
|
"21215",
|
|
"21216"
|
|
],
|
|
"schema_version": 1,
|
|
"vulnerabilities": [
|
|
{
|
|
"cve": "CVE-2013-0247",
|
|
"cvss": {
|
|
"base_score": "5.0",
|
|
"scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
|
|
},
|
|
"cwe": "TODO",
|
|
"impact": "moderate"
|
|
}
|
|
]
|
|
} |