Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2014-3621HistoryOct 02, 2014 - 2:55 p.m.
CVE-2014-3621
2014-10-0214:55:03
Debian Security Bug Tracker
security-tracker.debian.org
9
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
EPSS
0.002
Percentile
61.9%
The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by “$(admin_token)” in the publicurl endpoint field.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | keystone | < 2014.1.3-1 | keystone_2014.1.3-1_all.deb |
| Debian | 11 | all | keystone | < 2014.1.3-1 | keystone_2014.1.3-1_all.deb |
| Debian | 999 | all | keystone | < 2014.1.3-1 | keystone_2014.1.3-1_all.deb |
| Debian | 13 | all | keystone | < 2014.1.3-1 | keystone_2014.1.3-1_all.deb |
Related
redhat
redhat
(RHSA-2014:1790) Important: openstack-keystone security and bug fix update
2014-11-03 08:37:16
(RHSA-2014:1789) Important: openstack-keystone security and bug fix update
2014-11-03 08:36:51
(RHSA-2014:1688) Important: openstack-keystone security and bug fix update
2014-10-22 00:00:00
prion
prion
Code injection
2014-10-02 14:55:00
github
github
OpenStack Identity Keystone Exposure of Sensitive Information
2022-05-13 01:26:10
nessus
nessus
openvas
openvas
Ubuntu: Security Advisory (USN-2406-1)
2014-11-12 00:00:00
ubuntu
ubuntu
OpenStack Keystone vulnerability
2014-11-11 00:00:00
ubuntucve
ubuntucve
CVE-2014-3621
2014-10-02 00:00:00
securityvulns
securityvulns
[USN-2406-1] OpenStack Keystone vulnerability
2014-12-01 00:00:00
OpenStack multiple security vulnerabilities
2014-12-01 00:00:00
nvd
nvd
CVE-2014-3621
2014-10-02 14:55:03
cve
cve
CVE-2014-3621
2014-10-02 14:55:03
veracode
veracode
Information Disclosure
2019-01-15 09:02:43
cvelist
cvelist
CVE-2014-3621
2014-10-02 14:00:00
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
EPSS
0.002
Percentile
61.9%
Related for DEBIANCVE:CVE-2014-3621