Skip to content

OpenStack Identity (Keystone) DoS through V3 API authentication chaining

High severity GitHub Reviewed Published May 17, 2022 to the GitHub Advisory Database • Updated May 14, 2024

Package

pip keystone (pip)

Affected versions

< 8.0.0a0

Patched versions

8.0.0a0

Description

The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the same authentication method in a request, aka "authentication chaining."

References

Published by the National Vulnerability Database Apr 15, 2014
Published to the GitHub Advisory Database May 17, 2022
Reviewed May 14, 2024
Last updated May 14, 2024

Severity

High

EPSS score

0.766%
(82nd percentile)

Weaknesses

CVE ID

CVE-2014-2828

GHSA ID

GHSA-6mv3-p2gr-wgqf

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.