Keystone Security Vulnerabilities and Issues — Keystone CVE List

Lucene search

OpenstackKeystone

3 matches found

CVE•added 2019/11/01 7:15 p.m.•169 views

CVE-2013-2255

HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.

5.9CVSS5.7AI score0.00414EPSS

CVE•added 2019/12/09 6:15 p.m.•56 views

CVE-2019-19687

OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforce_scope is false. Users with a role on a project are able to view any other users' credentials, whi...

8.8CVSS8.2AI score0.00766EPSS

CVE•added 2019/11/12 5:15 p.m.•49 views

CVE-2012-1572

OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space

7.5CVSS7.3AI score0.00416EPSS