CVE-2015-7546

Опубликовано: 03 фев. 2016

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 6

CVSS3: 7.5

Описание

The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers, which allows remote authenticated users to bypass intended access restrictions and gain access to cloud resources by manipulating byte fields within a revoked token.

Релиз	Статус	Примечание
devel	not-affected	2:9.0.0-0ubuntu1
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was ignored]
esm-infra/xenial	not-affected	2:9.0.0-0ubuntu1
precise	ignored	end of life
precise/esm	DNE	precise was needed
trusty	ignored
trusty/esm	DNE	trusty was ignored
upstream	needs-triage
vivid	ignored	end of life
vivid/stable-phone-overlay	DNE

Показывать по

Релиз	Статус	Примечание
devel	not-affected	4.4.0-3
esm-infra-legacy/trusty	DNE
esm-infra/xenial	not-affected	4.4.0-3
precise	DNE
precise/esm	DNE
trusty	DNE
trusty/esm	DNE
upstream	needs-triage
vivid	ignored	end of life
vivid/stable-phone-overlay	DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 29%

0.00105

Низкий

6 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

CVE-2015-7546

redhat

около 10 лет назад

CVE-2015-7546

CVSS3: 7.5

nvd

около 10 лет назад

CVE-2015-7546

CVSS3: 7.5

debian

около 10 лет назад

The identity service in OpenStack Identity (Keystone) before 2015.1.3 ...

GHSA-8c4w-v65p-jvcv

CVSS3: 7.5

github

больше 3 лет назад

OpenStack Identity Keystone and keystonemiddleware Insufficiently Protected Credentials

EPSS

Процентиль: 29%

0.00105

Низкий

6 Medium

CVSS2

7.5 High

CVSS3

CVE-2015-7546

Описание

Пакет keystone

Пакет python-keystonemiddleware

Ссылки на источники

Связанные уязвимости