Lucene search
K

14 matches found

OSV
OSV
added 2026/06/16 1:45 p.m.5 views

USN-8433-1 keystone vulnerabilities

It was discovered that OpenStack Keystone allowed restricted application credentials to create EC2 credentials. An authenticated attacker with only a reader role could possibly use this issue to bypass the role restrictions imposed on the application credential. CVE-2026-33551 It was discovered...

8.8CVSS5.7AI score0.00446EPSS
Exploits6References8
Ubuntu
Ubuntu
added 2026/06/16 1:45 p.m.9 views

USN-8433-1: OpenStack Keystone vulnerabilities

It was discovered that OpenStack Keystone allowed restricted application credentials to create EC2 credentials. An authenticated attacker with only a reader role could possibly use this issue to bypass the role restrictions imposed on the application credential. CVE-2026-33551 It was discovered...

8.8CVSS5.8AI score0.00446EPSS
Exploits6
RedhatCVE
RedhatCVE
added 2026/06/04 12:13 a.m.14 views

CVE-2026-43000

A flaw was found in OpenStack Keystone. An attacker with a member role on a project can escalate their privileges to an administrator role. This is achieved by combining an application credential impersonation vulnerability with the misuse of Keystone trusts. The system incorrectly validates...

8.8CVSS5.7AI score0.00328EPSS
Exploits1References5
OSV
OSV
added 2026/05/28 9:32 p.m.3 views

GHSA-8F8M-WRVR-WCVF OpenStack Keystone doesn't verify that the user supplied in the authentication request matches the owner of the application credential

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in the authentication request matches the owner of the application credential. An attacker can authenticate with their own application...

6CVSS5.8AI score0.00303EPSS
Exploits1References5
NVD
NVD
added 2026/05/28 7:16 p.m.12 views

CVE-2026-42998

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in the authentication request matches the owner of the application credential. An attacker can authenticate with their own application...

8.8CVSS0.00303EPSS
Exploits1References2
OSV
OSV
added 2026/05/28 7:16 p.m.10 views

UBUNTU-CVE-2026-42998

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in the authentication request matches the owner of the application credential. An attacker can authenticate with their own application...

8.8CVSS5.8AI score0.00303EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/05/28 12:0 a.m.29 views

CVE-2026-42998

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in the authentication request matches the owner of the application credential. An attacker can authenticate with their own application...

6CVSS0.00303EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/28 12:0 a.m.7 views

CVE-2026-42998

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in the authentication request matches the owner of the application credential. An attacker can authenticate with their own application...

6CVSS5.8AI score0.00303EPSS
Exploits1References2
OSV
OSV
added 2026/05/01 9:30 a.m.4 views

GHSA-HHQ2-3832-XXCV OpenStack Keystone has an Incorrect Authorization Issue

An issue was discovered in OpenStack Keystone 13 through 29. POST /v3/credentials did not validate that the caller-supplied projectid for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted application credentia...

7.9CVSS5.8AI score0.00446EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/05/01 9:30 a.m.9 views

OpenStack Keystone has an Incorrect Authorization Issue

An issue was discovered in OpenStack Keystone 13 through 29. POST /v3/credentials did not validate that the caller-supplied projectid for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted application credentia...

8CVSS5.8AI score0.00446EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/05/01 9:16 a.m.11 views

CVE-2026-43001

An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate that the caller-supplied projectid for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted application credentia...

8CVSS0.00446EPSS
Exploits1References6
CVE
CVE
added 2026/05/01 12:0 a.m.19 views

CVE-2026-43001

CVE-2026-43001 affects OpenStack Keystone (versions 13–29) where POST /v3/credentials does not validate that the caller-supplied project_id for an EC2-type credential matches the authenticating application credential’s project. An attacker with an unrestricted app_cred for project A can create an...

8CVSS5.8AI score0.00446EPSS
Exploits1References6Affected Software1
Snyk
Snyk
added 2026/04/10 3:31 a.m.4 views

Incorrect Authorization

Overview keystone is a package that provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. Affected versions of this package are vulnerable to Incorrect Authorization through the UserOSEC2CredentialsResourceListCreat...

6CVSS5.8AI score0.0022EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2020/06/24 12:43 p.m.4 views

openstack-keystone: EC2 and credential endpoints are not protected from a scoped context

A vulnerability was found in Keystone's EC2 credentials API. This flaw allows any user authenticated within a limited scope trust/OAuth/application credential to create an EC2 credential with escalated permissions, for example, obtaining an "admin" role, while the user is on a limited "viewer" ro...

8.8CVSS5.8AI score0.01562EPSS
Exploits0References5
Rows per page
Query Builder