CVE-2015-7546

The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers, which allows remote authenticated users to bypass intended access restrictions and gain access to cloud resources by manipulating byte fields within a revoked token.

CVSS v3 7.5 HIGH
CVSS v2.0 6.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.6 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:S/C:P/I:P/A:P

Exploitability : 6.8 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html	Third Party Advisory
http://www.securityfocus.com/bid/80498	Third Party Advisory VDB Entry
https://bugs.launchpad.net/keystone/+bug/1490804	Issue Tracking Third Party Advisory
https://security.openstack.org/ossa/OSSA-2016-005.html	Patch Vendor Advisory
https://wiki.openstack.org/wiki/OSSN/OSSN-0062	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:openstack:keystonemiddleware::::::::
	cpe:2.3:a:openstack:keystonemiddleware::::::::

Configuration 2 (hide)

OR	cpe:2.3:a:openstack:keystone::::::::
	cpe:2.3:a:openstack:keystone::::::::

Configuration 3 (hide)

cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*

History

No history.

Information

Published : 2016-02-03 18:59

Updated : 2020-06-02 18:57

NVD link : CVE-2015-7546

Mitre link : CVE-2015-7546

CVE.ORG link : CVE-2015-7546

JSON object : View

Products Affected

openstack

keystone
keystonemiddleware

oracle

solaris

CWE

CWE-522

Insufficiently Protected Credentials

{"id": "CVE-2015-7546", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}]}, "published": "2016-02-03T18:59:04.853", "references": [{"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/80498", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "https://bugs.launchpad.net/keystone/+bug/1490804", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://security.openstack.org/ossa/OSSA-2016-005.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://wiki.openstack.org/wiki/OSSN/OSSN-0062", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers, which allows remote authenticated users to bypass intended access restrictions and gain access to cloud resources by manipulating byte fields within a revoked token."}, {"lang": "es", "value": "El servicio de identificaci\u00f3n en OpenStack Identity (Keystone) en versiones anteriores a 2015.1.3 (Kilo) y 8.0.x en versiones anteriores a 8.0.2 (Liberty) y keystonemiddleware (anteriormente python-keystoneclient) en versiones anteriores a 1.5.4 (Kilo) y Liberty en versiones anteriores a 2.3.3 no invalida correctamente los tokens de autorizaci\u00f3n cuando utiliza los proveedores de token PKI o PKIZ, lo que permite a usuarios remotos autenticados eludir las restricciones de acceso previstas y obtener acceso a recursos de la nube manipulando los campos byte dentro de un token revocado."}], "lastModified": "2020-06-02T18:57:41.870", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openstack:keystonemiddleware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3ADA0574-1FD8-4A09-9B16-AAC8BBA04044", "versionEndIncluding": "1.5.3", "versionStartIncluding": "1.5.0"}, {"criteria": "cpe:2.3:a:openstack:keystonemiddleware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6E38FC5-542C-4E28-B8A1-6B74BE2F2F09", "versionEndIncluding": "2.3.2", "versionStartIncluding": "1.6.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45D1E8A3-296D-43C3-8E15-33DD1F538A73", "versionEndExcluding": "8.0.2", "versionStartIncluding": "8.0.0"}, {"criteria": "cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D8CA36D-3998-45CC-812C-C8AF9B3E0D28", "versionEndIncluding": "2015.1.2", "versionStartIncluding": "2015.1.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}