659913dd22
This data has been collected from every advisory issued by the OpenStack VMT to date. The CVSSv2 information and impacts have been mined from Red Hat's CVE database. The severity and importance of these issues may differ from these ratings.
42 lines
1.3 KiB
JSON
42 lines
1.3 KiB
JSON
{
|
|
"advisory": {
|
|
"date": "2014-04-10",
|
|
"description": "Abu Shohel Ahmed from Ericsson reported a vulnerability in Keystone V3 API authentication. By sending a single request with the same authentication method multiple times, a remote attacker may generate unwanted load on the Keystone host, potentially resulting in a Denial of Service against a Keystone service. Only Keystone setups enabling V3 API are affected.",
|
|
"id": "2014-013",
|
|
"title": "Keystone DoS through V3 API authentication chaining",
|
|
"url": "http://lists.openstack.org/pipermail/openstack-announce/2014-April/000221.html"
|
|
},
|
|
"affects": [
|
|
{
|
|
"product": "keystone",
|
|
"version": "TODO"
|
|
}
|
|
],
|
|
"bugs": [
|
|
"1300274"
|
|
],
|
|
"notes": "",
|
|
"reporters": [
|
|
{
|
|
"company": "Ericsson",
|
|
"name": "Abu Shohel Ahmed"
|
|
}
|
|
],
|
|
"reviews": [
|
|
"84425",
|
|
"84735",
|
|
"86024"
|
|
],
|
|
"schema_version": 1,
|
|
"vulnerabilities": [
|
|
{
|
|
"cve": "CVE-2014-2828",
|
|
"cvss": {
|
|
"base_score": "5.0",
|
|
"scoring_vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"
|
|
},
|
|
"cwe": "TODO",
|
|
"impact": "moderate"
|
|
}
|
|
]
|
|
} |