CVE-2014-2828
Published Apr 15, 2014
Last updated 9 years ago
Overview
- Description
- The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the same authentication method in a request, aka "authentication chaining."
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.8
- Impact score
- 6.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:N/A:C
Weaknesses
- nvd@nist.gov
- CWE-287
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:keystone:2013.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "70697FA3-5C64-4632-B0F5-7DF12B4B7067"
},
{
"criteria": "cpe:2.3:a:openstack:keystone:2013.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F72F13BC-BE73-4DCD-8C7F-7D803CB047FF"
},
{
"criteria": "cpe:2.3:a:openstack:keystone:2013.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BFF04D50-069F-493B-8667-C55EA6413AD3"
},
{
"criteria": "cpe:2.3:a:openstack:keystone:2013.1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0911BBF3-6111-4ED8-B269-EB4383C5DC05"
},
{
"criteria": "cpe:2.3:a:openstack:keystone:2013.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "87FD9E84-4603-4E96-A017-5D783803176F"
},
{
"criteria": "cpe:2.3:a:openstack:keystone:2013.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4F32FB94-E20A-4D4A-A330-7617113FC2BC"
},
{
"criteria": "cpe:2.3:a:openstack:keystone:2013.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9457B89C-C75F-4CDC-97BF-2A7324E5E51B"
},
{
"criteria": "cpe:2.3:a:openstack:keystone:2013.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "25E0CA50-F2D2-4409-9373-DB1A44929658"
}
],
"operator": "OR"
}
]
}
]