1543 matches found
CVE-2026-43000
A flaw was found in OpenStack Keystone. An attacker with a member role on a project can escalate their privileges to an administrator role. This is achieved by combining an application credential impersonation vulnerability with the misuse of Keystone trusts. The system incorrectly validates...
CVE-2026-42999
A flaw was found in OpenStack Keystone. This vulnerability allows an authenticated user to bypass Role-Based Access Control RBAC checks by injecting arbitrary policy target attributes into the request body. This enables the user to perform unauthorized operations on resources belonging to other...
CVE-2026-42997
A flaw was found in OpenStack Ironic. During the import process, a user invoking molds can request that authorization credentials be sent to a remote endpoint. This can lead to the disclosure of a time-limited Keystone token, which grants access to OpenStack services Ironic is authorized for, or...
Keystone 安全漏洞
Keystone is a powerful CMS developed by OpenStack. It helps you build and expand faster than any other CMS or application framework. Keystone versions prior to 20260319 have security vulnerabilities. These vulnerabilities stem from unknown code in the...
[SECURITY] [DLA 4611-1] keystone security update
Debian LTS Advisory DLA-4611-1 [email protected] https://www.debian.org/lts/security/ Santiago Ruano Rincón May 31, 2026 https://wiki.debian.org/LTS Package : keystone Version : 2:18.1.0-1+deb11u3 CVE ID : CVE-2026-33551 CVE-2026-40683 CVE-2026-42998 CVE-2026-42999 CVE-2026-43000...
Debian dla-4611 : keystone - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4611 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4611-1 [email protected]...
CVE-2026-42998
An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in the authentication request matches the owner of the application credential. An attacker can authenticate with their own application...
CVE-2026-42999
An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforcecall unconditionally merges the raw JSON request body into the policy enforcement dictionary via policydict.updatejsoninput.copy, overwriting trusted target data that was previously set from...
CVE-2026-43000
An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token...
Linux Distros Unpatched Vulnerability : CVE-2026-43000
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the memb...
Linux Distros Unpatched Vulnerability : CVE-2026-42999
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforcecall unconditionally merges the raw JSON request body...
Linux Distros Unpatched Vulnerability : CVE-2026-42998
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in...
Linux Distros Unpatched Vulnerability : CVE-2026-44394
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to...
CVE-2026-44394
An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to the newly issued token. When a federated user rescopes a token via POST /v3/auth/tokens, the handlescopedtoken function in the mapped...
CVE-2026-42999
An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforcecall unconditionally merges the raw JSON request body into the policy enforcement dictionary via policydict.updatejsoninput.copy, overwriting trusted target data that was previously set from...
CVE-2026-42998
An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in the authentication request matches the owner of the application credential. An attacker can authenticate with their own application...
CVE-2026-43000
An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token...
UBUNTU-CVE-2026-44394
An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to the newly issued token. When a federated user rescopes a token via POST /v3/auth/tokens, the handlescopedtoken function in the mapped...
UBUNTU-CVE-2026-42999
An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforcecall unconditionally merges the raw JSON request body into the policy enforcement dictionary via policydict.updatejsoninput.copy, overwriting trusted target data that was previously set from...
UBUNTU-CVE-2026-43000
An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token...