Lucene search
K

6 matches found

Ubuntu
Ubuntu
added 2026/06/16 1:45 p.m.8 views

USN-8433-1: OpenStack Keystone vulnerabilities

It was discovered that OpenStack Keystone allowed restricted application credentials to create EC2 credentials. An authenticated attacker with only a reader role could possibly use this issue to bypass the role restrictions imposed on the application credential. CVE-2026-33551 It was discovered...

8.8CVSS5.8AI score0.00446EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-43000

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the memb...

8.8CVSS5.5AI score0.00328EPSS
Exploits1References2
OSV
OSV
added 2026/05/28 9:32 p.m.2 views

GHSA-Q623-F4J4-P4XJ OpenStack Keystone has an Incorrect Authorization issue

An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token...

6CVSS5.8AI score0.00328EPSS
Exploits1References8
OSV
OSV
added 2026/05/28 7:16 p.m.3 views

PYSEC-2026-601

An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token...

8.8CVSS5.8AI score0.00328EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/05/28 12:0 a.m.8 views

CVE-2026-43000

An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token...

6CVSS5.8AI score0.00328EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/28 12:0 a.m.4 views

Incorrect Privilege Assignment

Overview keystone is a package that provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. Affected versions of this package are vulnerable to Incorrect Privilege Assignment through the improper validation of delegat...

8.8CVSS6AI score0.00328EPSS
Exploits1References2
Rows per page
Query Builder