Vishvananda Ishaya

5 exploits Active since Jun 2012
CVE-2012-5571 WRITEUP MEDIUM WRITEUP
OpenStack Keystone Essex/Folsom - Auth Bypass
A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 (Elastic Compute Cloud) tokens when a user's role has been removed from a tenant. An attacker can leverage a token associated with a removed user role to gain unauthorized access.
CVSS 5.4
CVE-2012-2654 WRITEUP WRITEUP
OpenStack Compute - Privilege Escalation
The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions.
CVE-2012-5571 WRITEUP MEDIUM WRITEUP
OpenStack Keystone Essex/Folsom - Auth Bypass
A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 (Elastic Compute Cloud) tokens when a user's role has been removed from a tenant. An attacker can leverage a token associated with a removed user role to gain unauthorized access.
CVSS 5.4
CVE-2013-0208 WRITEUP WRITEUP
OpenStack Compute (Nova) Folsom and Essex - Authenticated Volume Access Bypass via block_device_mapping Parameter
The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter.
CVE-2013-0208 WRITEUP WRITEUP
OpenStack Compute (Nova) Folsom and Essex - Authenticated Volume Access Bypass via block_device_mapping Parameter
The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter.