Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/06/04 12:13 a.m.17 views

CVE-2026-44394

A flaw was found in OpenStack Keystone. The federated token rescoping mechanism does not correctly propagate the original token's expiry to newly issued tokens. This allows a federated user to repeatedly rescope a token before it expires, effectively maintaining indefinite access and bypassing...

8.1CVSS5.7AI score0.00249EPSS
Exploits1References5
OSV
OSV
added 2026/05/28 9:32 p.m.3 views

GHSA-WHQR-FGM5-X77Q OpenStack Keystone's federated token rescoping mechanism doesn't propagate the original token's expiry to the newly issued token

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to the newly issued token. When a federated user rescopes a token via POST /v3/auth/tokens, the handlescopedtoken function in the mapped...

6CVSS5.8AI score0.00249EPSS
Exploits1References5
NVD
NVD
added 2026/05/28 7:16 p.m.16 views

CVE-2026-44394

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to the newly issued token. When a federated user rescopes a token via POST /v3/auth/tokens, the handlescopedtoken function in the mapped...

8.1CVSS0.00249EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/28 12:0 a.m.30 views

CVE-2026-44394

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to the newly issued token. When a federated user rescopes a token via POST /v3/auth/tokens, the handlescopedtoken function in the mapped...

6CVSS0.00249EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/28 12:0 a.m.4 views

Insufficient Session Expiration

Overview keystone is a package that provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. Affected versions of this package are vulnerable to Insufficient Session Expiration via the federated token rescoping process...

8.1CVSS6AI score0.00249EPSS
Exploits1References2
Rows per page
Query Builder