1543 matches found
CVE-2026-40683
In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the userenabledinvert configuration option is False the default. The ldaprestomodel method in the UserApi class only performed string-to-boolean conversion when...
DEBIAN-CVE-2026-40683
In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the userenabledinvert configuration option is False the default. The ldaprestomodel method in the UserApi class only performed string-to-boolean conversion when...
CVE-2026-40683
In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the userenabledinvert configuration option is False the default. The ldaprestomodel method in the UserApi class only performed string-to-boolean conversion when...
UBUNTU-CVE-2026-40683
In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the userenabledinvert configuration option is False the default. The ldaprestomodel method in the UserApi class only performed string-to-boolean conversion when...
CVE-2026-40683
In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the userenabledinvert configuration option is False the default. The ldaprestomodel method in the UserApi class only performed string-to-boolean conversion when...
CVE-2026-40683
In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the userenabledinvert configuration option is False the default. The ldaprestomodel method in the UserApi class only performed string-to-boolean conversion when...
CVE-2026-40683
In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the userenabledinvert configuration option is False the default. The ldaprestomodel method in the UserApi class only performed string-to-boolean conversion when...
CVE-2026-40683
Keystone (OpenStack) LDAP identity backend vulnerability CVE-2026-40683: before 28.0.1, the user_enabled_invert setting is not applied when False, causing non-empty string values like 'FALSE' to be treated as enabled; this permits authentication and actions for users disabled in LDAP. All deploym...
CVE-2026-40683
In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the userenabledinvert configuration option is False the default. The ldaprestomodel method in the UserApi class only performed string-to-boolean conversion when...
PT-2026-32909
Name of the Vulnerable Software and Affected Versions OpenStack Keystone versions prior to 28.0.1 Description The LDAP identity backend fails to convert the user enabled attribute to a boolean value when the user enabled invert configuration option is set to False. Specifically, the ldap res to...
OpenStack Keystone 安全漏洞
OpenStack Keystone is a core authentication component library of the OpenStack open-source project. Versions of OpenStack Keystone prior to 28.0.1 had security vulnerabilities. These vulnerabilities stemmed from the fact that the LDAP identity backend did not convert user enablement properties in...
CVE-2026-33551
A flaw was found in OpenStack Keystone. An authenticated user with a reader role can exploit a vulnerability in the EC2 credential creation endpoint. By using a restricted application credential to call the EC2 credential creation API, the user may obtain EC2/S3 credentials that carry the full se...
Incorrect Authorization
Overview keystone is a package that provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. Affected versions of this package are vulnerable to Incorrect Authorization through the UserOSEC2CredentialsResourceListCreat...
a10-octavia (>=1.0.0 <=2.2.0) potentially affected by CVE-2026-33551 via keystone (>=15.0.1 <=18.0.0)
keystone PYPI version =15.0.1, =1.0.0, =2.2.0 Source cves: CVE-2026-33551 Source advisory: SNYK:PYTHON-KEYSTONE-16000074...
a10-octavia (>=1.0.0 <=2.2.0) potentially affected by CVE-2026-33551 via keystone (>=15.0.1 <=18.0.0)
keystone PYPI version =15.0.1, =1.0.0, =2.2.0 Source cves: CVE-2026-33551 Source advisory: OSV:GHSA-4PHW-6824-6CFP...
OpenStack Keystone: Restricted application credentials can create EC2 credentials
An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...
GHSA-4PHW-6824-6CFP OpenStack Keystone: Restricted application credentials can create EC2 credentials
An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...
PYSEC-2026-202
An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...
a10-octavia (>=1.0.0 <=2.2.0) potentially affected by CVE-2026-33551 via keystone (>=15.0.1 <=18.0.0)
keystone PYPI version =15.0.1, =1.0.0, =2.2.0 Source cves: CVE-2026-33551 Source advisory: OSV:PYSEC-2026-202...
PYSEC-2026-202
An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...