VIR Vulnerability Intelligence Relay

Package impact

python PyPI / keystone

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-43001 high 8.5 8.5 27d ago OpenStack Keystone has an Incorrect Authorization Issue debianpython
CVE-2014-2828 high 7.8 4y ago The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the sa… debianpython
CVE-2015-7546 high 7.5 7.5 11y ago The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty b… susedebianpython
CVE-2012-4456 high 7.5 14y ago OpenStack Keystone Improper Authentication vulnerability debianpython
CVE-2013-1865 medium 6.8 4y ago OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions… ubuntudebianpython
CVE-2013-0270 medium 6.5 6.5 4y ago A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This … debianpython
CVE-2014-0204 medium 6.5 12y ago OpenStack Identity Keystone Improper Privilege Management debianpython
CVE-2014-3476 medium 6.0 4y ago OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges b… debianpython
CVE-2013-2059 medium 6.0 13y ago OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, w… debianpython
CVE-2021-3563 medium 5.5 4y ago Openstack Keystone Incorrect Authorization vulnerability archsusedebianpython
CVE-2012-5571 medium 5.4 5.4 14y ago OpenStack Keystone intended authorization restrictions bypass debianpython
CVE-2013-4294 medium 5.0 4y ago The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which a… debianpython
CVE-2014-2237 medium 5.0 4y ago The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, d… debianpython
CVE-2013-2014 medium 5.0 4y ago OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests. debianfedorapython
CVE-2013-0282 medium 5.0 13y ago OpenStack Keystone allows context-dependent attackers to bypass access restrictions debianpython
CVE-2014-5253 medium 4.9 4y ago OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access … debianubuntupython
CVE-2014-5252 medium 4.9 12y ago The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the tok… debianubuntupython
CVE-2014-5251 medium 4.9 12y ago The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for to… debianubuntupython
CVE-2012-3426 medium 4.9 14y ago OpenStack Keystone token expiration issues debianpython
CVE-2016-4911 medium 4.3 4.3 10y ago The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrict… debianpython
CVE-2012-3542 medium 4.3 14y ago OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the use… debianpython
CVE-2015-3646 medium 4.0 11y ago OpenStack Keystone Logs Passwords susedebianpython
CVE-2014-3621 medium 4.0 12y ago OpenStack Identity Keystone Exposure of Sensitive Information debianubunturedhatpython
CVE-2012-5563 medium 4.0 14y ago OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating… debianpython
CVE-2012-4457 medium 4.0 14y ago OpenStack Keystone Token authorization for a user in a disabled tenant is allowed debianpython
CVE-2012-4413 medium 4.0 14y ago OpenStack Keystone does not invalidate existing tokens when granting or revoking roles debianpython
CVE-2013-4477 low 3.3 13y ago OpenStack Identity Keystone Privilege Escalation vulnerability debianpython
CVE-2013-2006 low 2.1 13y ago OpenStack Keystone Sensitive information disclosure via log files debianpython
CVE-2026-40683 unknown 1mo ago OpenStack Keystone: LDAP identity backend does not convert enabled attribute to boolean debianpython
CVE-2026-33551 unknown 2mo ago An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application… debianpython
CVE-2025-65073 unknown 6mo ago OpenStack Keystone allows /v3/ec2tokens or /v3/s3tokens request with valid AWS Signature to provide Keystone authorization. debianpython
CVE-2021-38155 unknown 4y ago OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). … susedebianpython
CVE-2020-12691 unknown 4y ago An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then … susedebianpython
CVE-2020-12692 unknown 4y ago An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then … susedebianpython
CVE-2020-12689 unknown 4y ago An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escala… susedebianpython
CVE-2019-19687 unknown 4y ago OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enfor… debianpython
CVE-2017-2673 unknown 4y ago An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). An authenticated federated user could request permissions to a project and uninte… susedebianpython
CVE-2013-2255 unknown 4y ago OpenStack Keystone and other components vulnerable to Improper Certificate Validation debianpython
CVE-2020-12690 unknown 5y ago An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a key… susedebianpython
CVE-2018-20170 unknown 8y ago ** DISPUTED ** OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. NOTE: th… susepython