CVE-2014-2828
Published: 15 April 2014
The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the same authentication method in a request, aka "authentication chaining."
Notes
Author | Note |
---|---|
mdeslaur | introduced by 9f812939 starting with 2013.1 |
Priority
Status
Package | Release | Status |
---|---|---|
keystone Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Not vulnerable
(2012.1.3+stable-20130423-f48dd0fc-0ubuntu1.1)
|
|
quantal |
Ignored
(end of life)
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Does not exist
(trusty was not-affected [1:2014.1~rc2-0ubuntu1])
|
|
upstream |
Needs triage
|