Lucene search
K

58 matches found

RedHat Linux
RedHat Linux
added 2026/06/22 9:1 p.m.4 views

openstack-keystone: OpenStack Keystone: Privilege escalation through EC2 credential creation

A flaw was found in OpenStack Keystone. An authenticated user with a reader role can exploit a vulnerability in the EC2 credential creation endpoint. By using a restricted application credential to call the EC2 credential creation API, the user may obtain EC2/S3 credentials that carry the full se...

5.3CVSS5.8AI score0.0022EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.8 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : OpenStack Keystone vulnerabilities (USN-8433-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8433-1 advisory. It was discovered that OpenStack Keystone allowed restricted application credentials to create EC2 credentials. An...

8.8CVSS5.9AI score0.00446EPSS
Exploits6References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.10 views

CVE-2026-45246

Summarize prior to 0.15.1 contains an insecure file permission vulnerability in the refresh-free configuration rewrite path that allows local users to read sensitive credentials by exploiting default filesystem permissions. When the refresh-free path rewrites the configuration file, it creates th...

6.8CVSS5.5AI score0.00137EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.12 views

CVE-2026-34358

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on form display methods but omit equivalent checks on the corresponding write methods, allowing any...

8.1CVSS5.6AI score0.00297EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/04 12:13 a.m.14 views

CVE-2026-42998

A flaw was found in OpenStack Keystone. The application credential authentication plugin fails to verify if the user provided in an authentication request matches the owner of the application credential. This allows a remote attacker to authenticate with their own credentials while impersonating...

8.8CVSS5.8AI score0.00303EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-43000

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the memb...

8.8CVSS5.5AI score0.00328EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/05/29 12:0 a.m.12 views

CVE-2026-43000

An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token...

6CVSS5.8AI score0.00328EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/05/29 12:0 a.m.12 views

CVE-2026-42998

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in the authentication request matches the owner of the application credential. An attacker can authenticate with their own application...

6CVSS5.8AI score0.00303EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.25 views

Linux Distros Unpatched Vulnerability : CVE-2026-42998

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in...

8.8CVSS5.5AI score0.00303EPSS
Exploits1References2
OSV
OSV
added 2026/05/28 9:32 p.m.3 views

GHSA-Q623-F4J4-P4XJ OpenStack Keystone has an Incorrect Authorization issue

An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token...

6CVSS5.8AI score0.00328EPSS
Exploits1References8
OSV
OSV
added 2026/05/28 7:16 p.m.4 views

PYSEC-2026-599

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in the authentication request matches the owner of the application credential. An attacker can authenticate with their own application...

8.8CVSS5.8AI score0.00303EPSS
Exploits1References2
OSV
OSV
added 2026/05/28 7:16 p.m.4 views

PYSEC-2026-601

An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token...

8.8CVSS5.8AI score0.00328EPSS
Exploits1References5
NVD
NVD
added 2026/05/28 7:16 p.m.17 views

CVE-2026-43000

An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token...

8.8CVSS0.00328EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/05/28 12:0 a.m.10 views

CVE-2026-42998

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in the authentication request matches the owner of the application credential. An attacker can authenticate with their own application...

6CVSS5.8AI score0.00303EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/05/28 12:0 a.m.31 views

CVE-2026-43000

An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token...

6CVSS0.00328EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/28 12:0 a.m.4 views

Incorrect Privilege Assignment

Overview keystone is a package that provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. Affected versions of this package are vulnerable to Incorrect Privilege Assignment through the improper validation of delegat...

8.8CVSS6AI score0.00328EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/28 12:0 a.m.8 views

CVE-2026-43000

An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token...

6CVSS5.8AI score0.00328EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/28 12:0 a.m.8 views

CVE-2026-43000

An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token...

6CVSS5.8AI score0.00328EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.10 views

PT-2026-44463

Name of the Vulnerable Software and Affected Versions OpenStack Keystone versions prior to 29.0.2 Description The application credential authentication plugin fails to verify if the user provided in the authentication request is the actual owner of the application credential. An attacker can use...

8.8CVSS5.3AI score0.00303EPSS
Exploits1References16
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

OpenStack Keystone 安全漏洞

OpenStack Keystone is a core authentication component library of the OpenStack open-source project. Versions of OpenStack Keystone prior to 29.0.2 contained security vulnerabilities. These vulnerabilities stemmed from the application credential authentication plugin not verifying user identities...

8.8CVSS5.8AI score0.00303EPSS
Exploits1References2
Rows per page
Query Builder