Denial of Service Vulnerability in OpenStack Identity by OpenStack
CVE-2013-2014

Currently unrated

Key Information:

Vendor: Openstack
Status: Keystone
Vendor: CVE Published:; 2 June 2014

Summary

The OpenStack Identity (Keystone) service prior to version 2013.1 is susceptible to a Denial of Service attack. This vulnerability allows remote attackers to exploit the system by sending multiple lengthy requests, leading to significant memory consumption and potentially causing the service to crash. As a result, legitimate users may experience interruptions and unavailability of the service, highlighting the need for prompt security assessments and updates.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/84347

vdb-entryx_refsource_XF

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

https://bugs.launchpad.net/keystone/+bug/1098177

x_refsource_CONFIRM

Timeline

Vulnerability published
Jun 2, 2014
Vulnerability Reserved
Feb 19, 2013