1573 matches found
Keystone 6 Login Page - Open Redirect and Cross-Site Scripting
On the login page, there is a "from=" parameter in URL which is vulnerable to open redirect and can be escalated to reflected XSS. id: CVE-2022-0087 info: name: Keystone 6 Login Page - Open Redirect and Cross-Site Scripting author: ShivanshKhari severity: medium description: | On the login page,...
GHSA-WHQR-FGM5-X77Q vulnerabilities
Vulnerabilities for packages: openstack-keystone-2026.1-fips, openstack-keystone-2025.2-fips, openstack-keystone-2026.1, openstack-keystone-2025.2, openstack-keystone-2025.1-fips, openstack-keystone-2025.1...
GHSA-8F8M-WRVR-WCVF vulnerabilities
Vulnerabilities for packages: openstack-keystone-2026.1-fips, openstack-keystone-2025.2-fips, openstack-keystone-2026.1, openstack-keystone-2025.2, openstack-keystone-2025.1-fips, openstack-keystone-2025.1...
GHSA-Q623-F4J4-P4XJ vulnerabilities
Vulnerabilities for packages: openstack-keystone-2026.1-fips, openstack-keystone-2025.2-fips, openstack-keystone-2026.1, openstack-keystone-2025.2, openstack-keystone-2025.1-fips, openstack-keystone-2025.1...
CVE-2026-42998 vulnerabilities
Vulnerabilities for packages: openstack-keystone-2026.1-fips, openstack-keystone-2025.2-fips, openstack-keystone-2026.1, openstack-keystone-2025.2, openstack-keystone-2025.1-fips, openstack-keystone-2025.1...
GHSA-2R23-2G6V-2M5F vulnerabilities
Vulnerabilities for packages: openstack-keystone-2026.1-fips, openstack-keystone-2025.2-fips, openstack-keystone-2026.1, openstack-keystone-2025.2, openstack-keystone-2025.1-fips, openstack-keystone-2025.1...
CVE-2026-43000 vulnerabilities
Vulnerabilities for packages: openstack-keystone-2026.1-fips, openstack-keystone-2025.2-fips, openstack-keystone-2026.1, openstack-keystone-2025.2, openstack-keystone-2025.1-fips, openstack-keystone-2025.1...
CVE-2026-44394 vulnerabilities
Vulnerabilities for packages: openstack-keystone-2026.1-fips, openstack-keystone-2025.2-fips, openstack-keystone-2026.1, openstack-keystone-2025.2, openstack-keystone-2025.1-fips, openstack-keystone-2025.1...
CVE-2026-42999 vulnerabilities
Vulnerabilities for packages: openstack-keystone-2026.1-fips, openstack-keystone-2025.2-fips, openstack-keystone-2026.1, openstack-keystone-2025.2, openstack-keystone-2025.1-fips, openstack-keystone-2025.1...
PYSEC-2026-370 Openstack Keystone Incorrect Authorization vulnerability
A flaw was found in openstack-keystone, only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity. A patch is...
RHSA-2026:28044 Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (openstack-keystone) security update
Bulletin has no description...
GHSA-3J69-69WJ-XQX2 vulnerabilities
Vulnerabilities for packages: openstack-glance-2025.2-fips, openstack-glance-2025.2, openstack-keystone-2025.2-fips, openstack-keystone-2025.1, openstack-horizon-2025.2, openstack-glance-2025.1-fips, openstack-placement-2025.2-fips, openstack-placement-2025.1, openstack-keystone-2026.1,...
CVE-2026-54911 vulnerabilities
Vulnerabilities for packages: openstack-glance-2025.2-fips, openstack-glance-2025.2, openstack-keystone-2025.2-fips, openstack-keystone-2025.1, openstack-horizon-2025.2, openstack-glance-2025.1-fips, openstack-placement-2025.2-fips, openstack-placement-2025.1, openstack-keystone-2026.1,...
GHSA-6V7P-G79W-8964 vulnerabilities
Vulnerabilities for packages: superset, openstack-glance-2025.2-fips, datadog-agent, datadog-agent-fips, openstack-glance-2025.2, openstack-keystone-2025.2-fips, lmcache-cuda-12.8, dask-kubernetes, synapse, nemo, jupyter-all-spark-notebook, openstack-keystone-2025.1, openstack-horizon-2025.2,...
openstack-keystone: OpenStack Keystone: Privilege escalation through EC2 credential creation
A flaw was found in OpenStack Keystone. An authenticated user with a reader role can exploit a vulnerability in the EC2 credential creation endpoint. By using a restricted application credential to call the EC2 credential creation API, the user may obtain EC2/S3 credentials that carry the full se...
openstack-keystone: OpenStack Keystone: Unauthorized access and privilege escalation via AWS signature validation flaw
A flaw was found in OpenStack Keystone. This vulnerability allows an attacker to obtain a valid OpenStack's Keystone token, leading to access to unauthorized resources or privilege escalation within the OpenStack instance via sending a valid AWS Amazon Web Services signature to the /v3/ec2tokens ...
Important: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (openstack-keystone) security update
An update for openstack-keystone is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : OpenStack Keystone vulnerabilities (USN-8433-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8433-1 advisory. It was discovered that OpenStack Keystone allowed restricted application credentials to create EC2 credentials. An...
GHSA-JQ35-7PRP-9V3F vulnerabilities
Vulnerabilities for packages: superset, netbox, openstack-glance-2025.2-fips, datadog-agent, datadog-agent-fips, openstack-glance-2025.2, openstack-keystone-2025.2-fips, airflow-postgres-fips, openstack-keystone-2025.1, openstack-horizon-2025.2, openstack-glance-2025.1-fips,...
GHSA-FHV5-28VV-H8M8 vulnerabilities
Vulnerabilities for packages: superset, netbox, openstack-glance-2025.2-fips, datadog-agent, datadog-agent-fips, openstack-glance-2025.2, openstack-keystone-2025.2-fips, airflow-postgres-fips, openstack-keystone-2025.1, openstack-horizon-2025.2, openstack-glance-2025.1-fips,...