USN-7926-1: OpenStack Keystone vulnerabilities

Kay discovered that OpenStack Keystone incorrectly handled the ec2tokens and s3tokens APIs. A remote attacker could possibly use this issue to obtain unauthorized access and escalate privileges. CVE-2025-65073 It was discovered that OpenStack Keystone only validated the first 72 bytes of an...

EUVD-2012-0015

Malware in sbrugna...

GHSA-GMVP-5RF9-MXCM OpenStack Identity (Keystone) Multiple vulnerabilities in revocation events

The MySQL token driver in OpenStack Identity Keystone 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token...

Ubuntu 12.04 LTS / 12.10 : keystone vulnerabilities (USN-1730-1)

Nathanael Burton discovered that Keystone did not properly verify disabled users. An authenticated but disabled user would continue to have access rights that were removed. CVE-2013-0282 Jonathan Murray discovered that Keystone would allow XML entity processing. A remote unauthenticated attacker...