68 matches found
Ubuntu: Security Advisory (USN-8008-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-8008-1 python-keystonemiddleware vulnerability
Grzegorz Grasza discovered that the Keystone Middleware incorrectly sanitized authentication headers before processing OAuth 2.0 tokens. An attacker could possibly use this issue to escalate privileges or impersonate other users...
Debian dsa-6104 : python-keystonemiddleware-doc - security update
The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6104 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6104-1 [email protected] https://www.debian.org/security/ Moritz...
Debian: Security Advisory (DSA-6104-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 6104-1] python-keystonemiddleware security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6104-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 20, 2026 https://www.debian.org/security/faq -...
DSA-6104-1 python-keystonemiddleware - security update
Bulletin has no description...
python-keystonemiddleware-doc-10.12.0-2.1 on GA media (moderate)
python-keystonemiddleware-doc-10.12.0-2.1 on GA media Announcement ID: openSUSE-SU-2026:10070-1 Rating: moderate Cross-References: CVE-2026-22797 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed i...
CVE-2026-22797
A flaw was found in OpenStack keystonemiddleware. The externaloauth2token middleware fails to properly sanitize incoming authentication headers. An authenticated attacker can exploit this by sending forged identity headers, such as X-Is-Admin-Project, X-Roles, or X-User-Id. This can lead to...
CVE-2026-22797
An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The externaloauth2token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged...
UBUNTU-CVE-2026-22797
An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The externaloauth2token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged...
Authentication Bypass by Spoofing
Overview Affected versions of this package are vulnerable to Authentication Bypass by Spoofing in the externaloauth2token middleware. An attacker can gain unauthorized access or escalate privileges by sending forged authentication headers such as X-Is-Admin-Project, X-Roles, or X-User-Id...
CVE-2026-22797
An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The externaloauth2token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged...
CVE-2026-22797
An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The externaloauth2token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged...
CVE-2026-22797
An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The externaloauth2token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged...
OPENSUSE-SU-2026:10070-1 python-keystonemiddleware-doc-10.12.0-2.1 on GA media
These are all security issues fixed in the python-keystonemiddleware-doc-10.12.0-2.1 package on the GA media of openSUSE Tumbleweed...
EUVD-2026-3202
An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The externaloauth2token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged...
CVE-2026-22797
CVE-2026-22797 : OpenStack keystonemiddleware vulnerable to header sanitization flaw in external_oauth2_token middleware. Attackers can forge identity headers (X-Is-Admin-Project, X-Roles, X-User-Id) to escalate privileges or impersonate other users, impacting all deployments using this middlewar...
Linux Distros Unpatched Vulnerability : CVE-2026-22797
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. Th...
PT-2026-3233
Name of the Vulnerable Software and Affected Versions OpenStack affected versions not specified Description An issue exists in OpenStack’s keystonemiddleware component that could allow for privilege escalation or impersonation. An authenticated attacker may be able to elevate their privileges or...
EUVD-2015-0028
Malware in sbrugna...