Solution
Please Install the Updated Packages.
Insight
Nathanael Burton discovered that Keystone did not properly verify disabled users. An authenticated but disabled user would continue to have access rights that were removed. (CVE-2013-0282)
Jonathan Murray discovered that Keystone would allow XML entity processing.
A remote unauthenticated attacker could exploit this to cause a denial of service via resource exhaustion. Authenticated users could also use this to view arbitrary files on the Keystone server. (CVE-2013-1664, CVE-2013-1665)
Affected
keystone on Ubuntu 12.10 ,
Ubuntu 12.04 LTS
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-0282, CVE-2013-1664, CVE-2013-1665 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities