Lucene search
K
OpenstackKeystone

11 matches found

CVE
CVE
added 2019/11/01 6:38 p.m.192 views

CVE-2013-2255

OpenStack CVE-2013-2255 affects HTTPSConnections in Keystone (2013) and OpenStack Compute (2013.1), and possibly other OpenStack components. Root cause: server-side SSL certificate validation is not performed, allowing potential impersonation or man-in-the-middle scenarios where untrusted certifi...

5.9CVSS5.7AI score0.00962EPSS
CVE
CVE
added 2020/05/06 11:42 p.m.100 views

CVE-2020-12692

OpenStack Keystone (CVE-2020-12692) is affected in versions prior to 15.0.1 and 16.0.0. The EC2 API does not perform a signature TTL check for AWS Signature V4, allowing an attacker who can sniff an Authorization header to reuse it to reissue an OpenStack token an unlimited number of times. Multi...

5.5CVSS5.5AI score0.00705EPSS
CVE
CVE
added 2018/07/31 2:0 p.m.89 views

CVE-2018-14432

Summary of CVE-2018-14432 (OpenStack Keystone federation) : An authenticated GET to /v3/OS-FEDERATION/projects could bypass access controls and disclose all projects and their attributes when Keystone’s /v3/OS-FEDERATION endpoint is enabled via policy.json. Affected releases include OpenStack Key...

5.3CVSS4.8AI score0.01618EPSS
CVE
CVE
added 2013/09/23 8:0 p.m.76 views

CVE-2013-4294

OpenStack Keystone (Identity) on Folsom 2012.2.x and Grizzly up to 2013.1.3/pre-2013.1.4 is affected where the memcache and KVS token back ends do not properly compare the PKI token revocation list with PKI tokens, allowing revoked tokens to bypass access controls. Red Hat advisory RHSA-2013:1285...

5CVSS6.4AI score0.02342EPSS
CVE
CVE
added 2013/12/14 5:0 p.m.76 views

CVE-2013-6391

Summary (CVE-2013-6391) OpenStack Keystone’s ec2token API could generate a token not scoped to a specific trust when converting a trust-scoped token, allowing remote trust users to obtain EC2 credentials and potentially elevate privileges. Affected releases include Keystone before Havana 2013.2.1...

5.8CVSS6.6AI score0.02239EPSS
CVE
CVE
added 2013/02/24 7:0 p.m.74 views

CVE-2013-0247

CVE-2013-0247 affects OpenStack Keystone: Essex 2012.1.3 and earlier; Folsom 2012.2.3 and earlier; Grizzly grizzly-2 and earlier. Root cause is excessive token-validation attempts generating many log entries, leading to disk usage and partial availability impact. Patches exist via OpenStack keyst...

5CVSS6.4AI score0.03243EPSS
CVE
CVE
added 2013/04/12 10:0 p.m.72 views

CVE-2013-0282

CVE-2013-0282 affects OpenStack Keystone (Grizzly 2013.1, Folsom 2012.1.3, Essex). The root cause is that EC2-style authentication did not properly verify that the (1) user, (2) tenant, or (3) domain is enabled, enabling context-dependent attackers to bypass access restrictions. Public documents ...

5CVSS6.3AI score0.01747EPSS
CVE
CVE
added 2014/06/02 3:0 p.m.65 views

CVE-2013-2014

OpenStack Identity (Keystone) prior to version 2013.1 is affected. The issue allows remote attackers to cause a denial of service by sending multiple long requests, leading to memory consumption and a crash. This is the stated impact in the CVE description. Remediation suggested in the related en...

5CVSS6.5AI score0.03244EPSS
CVE
CVE
added 2014/04/01 1:0 a.m.65 views

CVE-2014-2237

CVE-2014-2237 concerns the memcache token backend of OpenStack Keystone. When issuing a trust token with impersonation enabled, the trustee’s token-index-list is not updated, so bulk token revocation cannot invalidate the token, allowing bypass of access controls. Affected: Keystone releases from...

5CVSS6.2AI score0.01367EPSS
CVE
CVE
added 2018/12/17 6:0 a.m.57 views

CVE-2018-20170

OpenStack Keystone up to 14.0.1 is affected by a user enumeration vulnerability where invalid usernames yield faster responses than valid ones for POST /v3/auth/tokens. The root cause is a timing discrepancy in authentication processing. The vendor characterizes this as a hardening opportunity, n...

5.3CVSS5.3AI score0.0111EPSS
Web
CVE
CVE
added 2026/04/10 12:0 a.m.45 views

CVE-2026-33551

OpenStack Keystone vulnerability CVE-2026-33551 allows an authenticated user with only a reader role to obtain EC2/S3 credentials via restricted application credentials when using the EC2/S3 compatibility API (swift3/s3api). Affected products/versions: Keystone 14 through 26 before 26.1.1, 27.0.0...

5.3CVSS5.9AI score0.0022EPSS