Lucene search
K

58 matches found

Cvelist
Cvelist
added 2026/05/28 12:0 a.m.31 views

CVE-2026-43000

An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token...

6CVSS0.00328EPSS
Exploits1References2
CVE
CVE
added 2026/05/28 12:0 a.m.39 views

CVE-2026-43000

CVE-2026-43000 affects OpenStack Keystone (identity service). Affected: Keystone before 29.0.2. The issue arises when an impersonation vulnerability in application credentials is chained with Keystone trusts, allowing a user with member role to escalate to admin by delegating the victim's admin r...

8.8CVSS5.8AI score0.00328EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2026/05/28 12:0 a.m.4 views

Incorrect Privilege Assignment

Overview keystone is a package that provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. Affected versions of this package are vulnerable to Incorrect Privilege Assignment through the improper validation of delegat...

8.8CVSS6AI score0.00328EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/05/22 3:46 p.m.12 views

CVE-2026-43001

A flaw was found in OpenStack Keystone. An attacker holding an unrestricted application credential could exploit a vulnerability in the POST /v3/credentials endpoint where the caller-supplied projectid for an EC2-type credential was not validated against the project of the authenticating...

8CVSS5.8AI score0.00446EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.8 views

PT-2026-36306

Name of the Vulnerable Software and Affected Versions OpenStack Keystone versions 13 through 29 Description An issue exists where the 'POST /v3/credentials' endpoint fails to validate that the project id provided by the caller for an EC2-type credential matches the project of the authenticating...

8CVSS5.8AI score0.00446EPSS
Exploits1References25
EUVD
EUVD
added 2026/05/01 12:0 a.m.7 views

EUVD-2026-26488

An issue was discovered in OpenStack Keystone 13 through 29. POST /v3/credentials did not validate that the caller-supplied projectid for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted application credentia...

7.9CVSS5.8AI score0.00446EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/01 12:0 a.m.14 views

CVE-2026-43001

An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate that the caller-supplied projectid for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted application credentia...

8.5CVSS5.8AI score0.00446EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/13 7:37 p.m.6 views

CVE-2026-33551

A flaw was found in OpenStack Keystone. An authenticated user with a reader role can exploit a vulnerability in the EC2 credential creation endpoint. By using a restricted application credential to call the EC2 credential creation API, the user may obtain EC2/S3 credentials that carry the full se...

3.5CVSS5.8AI score0.0022EPSS
Exploits1References6
OSV
OSV
added 2026/04/10 3:31 a.m.3 views

GHSA-4PHW-6824-6CFP OpenStack Keystone: Restricted application credentials can create EC2 credentials

An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...

3.5CVSS5.8AI score0.0022EPSS
Exploits1References6
PyPA
PyPA
added 2026/04/10 3:16 a.m.11 views

PYSEC-2026-202

An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...

5.3CVSS5.5AI score0.0022EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/04/10 3:16 a.m.3 views

DEBIAN-CVE-2026-33551

An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...

5.3CVSS5.4AI score0.0022EPSS
Exploits1References1
OSV
OSV
added 2026/04/10 3:16 a.m.9 views

PYSEC-2026-202

An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...

5.3CVSS5.5AI score0.0022EPSS
Exploits1References4
NVD
NVD
added 2026/04/10 3:16 a.m.12 views

CVE-2026-33551

An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...

5.3CVSS0.0022EPSS
Exploits1References3
OSV
OSV
added 2026/04/10 3:16 a.m.3 views

UBUNTU-CVE-2026-33551

An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...

5.3CVSS5.8AI score0.0022EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2026/04/10 3:16 a.m.11 views

CVE-2026-33551

An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...

3.5CVSS5.8AI score0.0022EPSS
Exploits1References3
CVE
CVE
added 2026/04/10 12:0 a.m.40 views

CVE-2026-33551

OpenStack Keystone vulnerability CVE-2026-33551 allows an authenticated user with only a reader role to obtain EC2/S3 credentials via restricted application credentials when using the EC2/S3 compatibility API (swift3/s3api). Affected products/versions: Keystone 14 through 26 before 26.1.1, 27.0.0...

5.3CVSS5.9AI score0.0022EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/10 12:0 a.m.3 views

CVE-2026-33551

An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...

3.5CVSS5.9AI score0.0022EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/04/10 12:0 a.m.4 views

CVE-2026-33551

An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...

5.3CVSS5.4AI score0.0022EPSS
Exploits1
EUVD
EUVD
added 2026/03/11 7:24 p.m.3 views

EUVD-2026-11307

Shopware vulnerable to a potential take over of app credentials...

8.9CVSS5.8AI score0.00267EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-13482

Malware in sbrugna...

7.2CVSS6.9AI score0.0129EPSS
Exploits0References6
Rows per page
Query Builder