Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/keystone@2012.1.1-13%2Bwheezy1
Typedeb
Namespacedebian
Namekeystone
Version2012.1.1-13+wheezy1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2:29.0.0-3
Latest_non_vulnerable_version2:29.0.1-1
Affected_by_vulnerabilities
0
url VCID-44u3-6h7t-dbah
vulnerability_id VCID-44u3-6h7t-dbah
summary The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, related to an "interaction between eventlet and python-memcached."
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2014-0382.html
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
2
value LOW
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0382.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-0409.html
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
2
value LOW
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0409.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0105.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0105.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0105
reference_id
reference_type
scores
0
value 0.00371
scoring_system epss
scoring_elements 0.58939
published_at 2026-04-21T12:55:00Z
1
value 0.00371
scoring_system epss
scoring_elements 0.58819
published_at 2026-04-01T12:55:00Z
2
value 0.00371
scoring_system epss
scoring_elements 0.58894
published_at 2026-04-02T12:55:00Z
3
value 0.00371
scoring_system epss
scoring_elements 0.58916
published_at 2026-04-04T12:55:00Z
4
value 0.00371
scoring_system epss
scoring_elements 0.58883
published_at 2026-04-07T12:55:00Z
5
value 0.00371
scoring_system epss
scoring_elements 0.58935
published_at 2026-04-08T12:55:00Z
6
value 0.00371
scoring_system epss
scoring_elements 0.5894
published_at 2026-04-09T12:55:00Z
7
value 0.00371
scoring_system epss
scoring_elements 0.58959
published_at 2026-04-11T12:55:00Z
8
value 0.00371
scoring_system epss
scoring_elements 0.58941
published_at 2026-04-12T12:55:00Z
9
value 0.00371
scoring_system epss
scoring_elements 0.58922
published_at 2026-04-13T12:55:00Z
10
value 0.00371
scoring_system epss
scoring_elements 0.58957
published_at 2026-04-16T12:55:00Z
11
value 0.00371
scoring_system epss
scoring_elements 0.5896
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0105
4
reference_url https://bugs.launchpad.net/python-keystoneclient/+bug/1282865
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
2
value LOW
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/python-keystoneclient/+bug/1282865
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0105
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0105
6
reference_url https://github.com/openstack/python-keystoneclient
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/python-keystoneclient
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/python-keystoneclient/PYSEC-2014-70.yaml
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/python-keystoneclient/PYSEC-2014-70.yaml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0105
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0105
9
reference_url https://review.opendev.org/c/openstack/python-keystoneclient/+/81078
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
2
value LOW
scoring_system generic_textual
scoring_elements
url https://review.opendev.org/c/openstack/python-keystoneclient/+/81078
10
reference_url http://www.openwall.com/lists/oss-security/2014/03/27/4
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
2
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/03/27/4
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1082165
reference_id 1082165
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1082165
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742898
reference_id 742898
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742898
13
reference_url https://github.com/advisories/GHSA-gwvq-rgqf-993f
reference_id GHSA-gwvq-rgqf-993f
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gwvq-rgqf-993f
14
reference_url https://access.redhat.com/errata/RHSA-2014:0382
reference_id RHSA-2014:0382
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0382
15
reference_url https://access.redhat.com/errata/RHSA-2014:0409
reference_id RHSA-2014:0409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0409
16
reference_url https://access.redhat.com/errata/RHSA-2014:0442
reference_id RHSA-2014:0442
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0442
fixed_packages
0
url pkg:deb/debian/keystone@2014.1.3-6
purl pkg:deb/debian/keystone@2014.1.3-6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-844e-r6mn-bqh5
1
vulnerability VCID-96bg-ytf8-9fhd
2
vulnerability VCID-9dhg-r711-yfg6
3
vulnerability VCID-gdk6-a746-6fac
4
vulnerability VCID-p5un-b12x-tuh5
5
vulnerability VCID-qyjh-md45-hyhh
6
vulnerability VCID-r25g-be38-b3be
7
vulnerability VCID-rgkw-6ews-rked
8
vulnerability VCID-t2ap-zxfa-fkhe
9
vulnerability VCID-w6e4-zd31-g7hu
10
vulnerability VCID-wc5s-25xb-rqaa
11
vulnerability VCID-ztee-sxym-zffv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6
aliases CVE-2014-0105, GHSA-gwvq-rgqf-993f, PYSEC-2014-70
risk_score 2.7
exploitability 0.5
weighted_severity 5.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-44u3-6h7t-dbah
1
url VCID-5atx-veu5-kud6
vulnerability_id VCID-5atx-veu5-kud6
summary OpenStack: Keystone disabling a tenant does not disable a user token
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4222.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4222.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4222
reference_id
reference_type
scores
0
value 0.0058
scoring_system epss
scoring_elements 0.68814
published_at 2026-04-01T12:55:00Z
1
value 0.0058
scoring_system epss
scoring_elements 0.68833
published_at 2026-04-02T12:55:00Z
2
value 0.0058
scoring_system epss
scoring_elements 0.68853
published_at 2026-04-04T12:55:00Z
3
value 0.0058
scoring_system epss
scoring_elements 0.68834
published_at 2026-04-07T12:55:00Z
4
value 0.0058
scoring_system epss
scoring_elements 0.68884
published_at 2026-04-08T12:55:00Z
5
value 0.0058
scoring_system epss
scoring_elements 0.68903
published_at 2026-04-09T12:55:00Z
6
value 0.0058
scoring_system epss
scoring_elements 0.68925
published_at 2026-04-11T12:55:00Z
7
value 0.0058
scoring_system epss
scoring_elements 0.68911
published_at 2026-04-21T12:55:00Z
8
value 0.0058
scoring_system epss
scoring_elements 0.68882
published_at 2026-04-13T12:55:00Z
9
value 0.0058
scoring_system epss
scoring_elements 0.68923
published_at 2026-04-16T12:55:00Z
10
value 0.0058
scoring_system epss
scoring_elements 0.68933
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4222
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4222
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4222
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719290
reference_id 719290
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719290
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=995598
reference_id 995598
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=995598
5
reference_url https://access.redhat.com/errata/RHSA-2013:1524
reference_id RHSA-2013:1524
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1524
6
reference_url https://usn.ubuntu.com/2002-1/
reference_id USN-2002-1
reference_type
scores
url https://usn.ubuntu.com/2002-1/
fixed_packages
0
url pkg:deb/debian/keystone@2014.1.3-6
purl pkg:deb/debian/keystone@2014.1.3-6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-844e-r6mn-bqh5
1
vulnerability VCID-96bg-ytf8-9fhd
2
vulnerability VCID-9dhg-r711-yfg6
3
vulnerability VCID-gdk6-a746-6fac
4
vulnerability VCID-p5un-b12x-tuh5
5
vulnerability VCID-qyjh-md45-hyhh
6
vulnerability VCID-r25g-be38-b3be
7
vulnerability VCID-rgkw-6ews-rked
8
vulnerability VCID-t2ap-zxfa-fkhe
9
vulnerability VCID-w6e4-zd31-g7hu
10
vulnerability VCID-wc5s-25xb-rqaa
11
vulnerability VCID-ztee-sxym-zffv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6
aliases CVE-2013-4222
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5atx-veu5-kud6
2
url VCID-655y-mj8k-dbb2
vulnerability_id VCID-655y-mj8k-dbb2
summary Keystone: trust circumvention through EC2-style tokens
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6391.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6391.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-6391
reference_id
reference_type
scores
0
value 0.00498
scoring_system epss
scoring_elements 0.65778
published_at 2026-04-01T12:55:00Z
1
value 0.00498
scoring_system epss
scoring_elements 0.65827
published_at 2026-04-02T12:55:00Z
2
value 0.00498
scoring_system epss
scoring_elements 0.65857
published_at 2026-04-04T12:55:00Z
3
value 0.00498
scoring_system epss
scoring_elements 0.65823
published_at 2026-04-07T12:55:00Z
4
value 0.00498
scoring_system epss
scoring_elements 0.65875
published_at 2026-04-08T12:55:00Z
5
value 0.00498
scoring_system epss
scoring_elements 0.65887
published_at 2026-04-09T12:55:00Z
6
value 0.00498
scoring_system epss
scoring_elements 0.65906
published_at 2026-04-11T12:55:00Z
7
value 0.00498
scoring_system epss
scoring_elements 0.65893
published_at 2026-04-12T12:55:00Z
8
value 0.00498
scoring_system epss
scoring_elements 0.65863
published_at 2026-04-13T12:55:00Z
9
value 0.00498
scoring_system epss
scoring_elements 0.65899
published_at 2026-04-16T12:55:00Z
10
value 0.00498
scoring_system epss
scoring_elements 0.65913
published_at 2026-04-18T12:55:00Z
11
value 0.00498
scoring_system epss
scoring_elements 0.65902
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-6391
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6391
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6391
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1039164
reference_id 1039164
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1039164
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731981
reference_id 731981
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731981
5
reference_url https://access.redhat.com/errata/RHSA-2014:0089
reference_id RHSA-2014:0089
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0089
6
reference_url https://access.redhat.com/errata/RHSA-2014:0368
reference_id RHSA-2014:0368
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0368
7
reference_url https://usn.ubuntu.com/2061-1/
reference_id USN-2061-1
reference_type
scores
url https://usn.ubuntu.com/2061-1/
fixed_packages
0
url pkg:deb/debian/keystone@2014.1.3-6
purl pkg:deb/debian/keystone@2014.1.3-6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-844e-r6mn-bqh5
1
vulnerability VCID-96bg-ytf8-9fhd
2
vulnerability VCID-9dhg-r711-yfg6
3
vulnerability VCID-gdk6-a746-6fac
4
vulnerability VCID-p5un-b12x-tuh5
5
vulnerability VCID-qyjh-md45-hyhh
6
vulnerability VCID-r25g-be38-b3be
7
vulnerability VCID-rgkw-6ews-rked
8
vulnerability VCID-t2ap-zxfa-fkhe
9
vulnerability VCID-w6e4-zd31-g7hu
10
vulnerability VCID-wc5s-25xb-rqaa
11
vulnerability VCID-ztee-sxym-zffv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6
aliases CVE-2013-6391
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-655y-mj8k-dbb2
3
url VCID-6cy4-grme-mka1
vulnerability_id VCID-6cy4-grme-mka1
summary 
OpenStack Identity Keystone Improper Privilege Management
OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0204.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0204.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0204
reference_id
reference_type
scores
0
value 0.00353
scoring_system epss
scoring_elements 0.57687
published_at 2026-04-12T12:55:00Z
1
value 0.00353
scoring_system epss
scoring_elements 0.57638
published_at 2026-04-02T12:55:00Z
2
value 0.00353
scoring_system epss
scoring_elements 0.5766
published_at 2026-04-04T12:55:00Z
3
value 0.00353
scoring_system epss
scoring_elements 0.57636
published_at 2026-04-07T12:55:00Z
4
value 0.00353
scoring_system epss
scoring_elements 0.5769
published_at 2026-04-08T12:55:00Z
5
value 0.00353
scoring_system epss
scoring_elements 0.57693
published_at 2026-04-18T12:55:00Z
6
value 0.00353
scoring_system epss
scoring_elements 0.57708
published_at 2026-04-11T12:55:00Z
7
value 0.00353
scoring_system epss
scoring_elements 0.57671
published_at 2026-04-21T12:55:00Z
8
value 0.00353
scoring_system epss
scoring_elements 0.57697
published_at 2026-04-16T12:55:00Z
9
value 0.00353
scoring_system epss
scoring_elements 0.57554
published_at 2026-04-01T12:55:00Z
10
value 0.00353
scoring_system epss
scoring_elements 0.57667
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0204
2
reference_url https://bugs.launchpad.net/keystone/+bug/1309228
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1309228
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0204
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0204
4
reference_url https://github.com/openstack/keystone/commit/729dcad7384ba66ee7494154969cdd7ae90d86ee
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/729dcad7384ba66ee7494154969cdd7ae90d86ee
5
reference_url https://github.com/openstack/keystone/commit/786af9829c5329a982e3451f77afebbfb21850bd
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/786af9829c5329a982e3451f77afebbfb21850bd
6
reference_url https://github.com/openstack/keystone/commit/97dfd55ad1b40365754dcbfce856f7ffae280a44
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/97dfd55ad1b40365754dcbfce856f7ffae280a44
7
reference_url https://github.com/openstack/keystone/commit/f0eee2f3b48dd0cffb9f75e396da2d914925cba5
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/f0eee2f3b48dd0cffb9f75e396da2d914925cba5
8
reference_url https://review.openstack.org/#/c/94396
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/c/94396
9
reference_url https://review.openstack.org/#/c/94396/
reference_id
reference_type
scores
url https://review.openstack.org/#/c/94396/
10
reference_url http://www.openwall.com/lists/oss-security/2014/05/21/3
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/05/21/3
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1095981
reference_id 1095981
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1095981
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749026
reference_id 749026
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749026
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0204
reference_id CVE-2014-0204
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0204
15
reference_url https://github.com/advisories/GHSA-c4p9-87h3-7vr4
reference_id GHSA-c4p9-87h3-7vr4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c4p9-87h3-7vr4
fixed_packages
0
url pkg:deb/debian/keystone@2014.1.3-6
purl pkg:deb/debian/keystone@2014.1.3-6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-844e-r6mn-bqh5
1
vulnerability VCID-96bg-ytf8-9fhd
2
vulnerability VCID-9dhg-r711-yfg6
3
vulnerability VCID-gdk6-a746-6fac
4
vulnerability VCID-p5un-b12x-tuh5
5
vulnerability VCID-qyjh-md45-hyhh
6
vulnerability VCID-r25g-be38-b3be
7
vulnerability VCID-rgkw-6ews-rked
8
vulnerability VCID-t2ap-zxfa-fkhe
9
vulnerability VCID-w6e4-zd31-g7hu
10
vulnerability VCID-wc5s-25xb-rqaa
11
vulnerability VCID-ztee-sxym-zffv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6
aliases CVE-2014-0204, GHSA-c4p9-87h3-7vr4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6cy4-grme-mka1
4
url VCID-844e-r6mn-bqh5
vulnerability_id VCID-844e-r6mn-bqh5
summary The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers, which allows remote authenticated users to bypass intended access restrictions and gain access to cloud resources by manipulating byte fields within a revoked token.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7546.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7546.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-7546
reference_id
reference_type
scores
0
value 0.00105
scoring_system epss
scoring_elements 0.28612
published_at 2026-04-01T12:55:00Z
1
value 0.00105
scoring_system epss
scoring_elements 0.28512
published_at 2026-04-21T12:55:00Z
2
value 0.00105
scoring_system epss
scoring_elements 0.28561
published_at 2026-04-18T12:55:00Z
3
value 0.00105
scoring_system epss
scoring_elements 0.28586
published_at 2026-04-16T12:55:00Z
4
value 0.00105
scoring_system epss
scoring_elements 0.28566
published_at 2026-04-13T12:55:00Z
5
value 0.00105
scoring_system epss
scoring_elements 0.28614
published_at 2026-04-12T12:55:00Z
6
value 0.00105
scoring_system epss
scoring_elements 0.28658
published_at 2026-04-11T12:55:00Z
7
value 0.00105
scoring_system epss
scoring_elements 0.28656
published_at 2026-04-09T12:55:00Z
8
value 0.00105
scoring_system epss
scoring_elements 0.28616
published_at 2026-04-08T12:55:00Z
9
value 0.00105
scoring_system epss
scoring_elements 0.28551
published_at 2026-04-07T12:55:00Z
10
value 0.00105
scoring_system epss
scoring_elements 0.28743
published_at 2026-04-04T12:55:00Z
11
value 0.00105
scoring_system epss
scoring_elements 0.28695
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-7546
2
reference_url https://bugs.launchpad.net/keystone/+bug/1490804
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1490804
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7546
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7546
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv2
scoring_elements AV:A/AC:M/Au:N/C:P/I:P/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/openstack/keystone/commit/bff03b5726fe5cac93d44a66715eea49b89c8cb0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/bff03b5726fe5cac93d44a66715eea49b89c8cb0
6
reference_url https://github.com/openstack/keystone/commit/d5378f173da14a34ca010271477337879002d6d0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/d5378f173da14a34ca010271477337879002d6d0
7
reference_url https://github.com/openstack/keystonemiddleware/commit/96ab58e6863c92575ada57615b19652e502adfd8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystonemiddleware/commit/96ab58e6863c92575ada57615b19652e502adfd8
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystonemiddleware/PYSEC-2016-20.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystonemiddleware/PYSEC-2016-20.yaml
9
reference_url https://security.openstack.org/ossa/OSSA-2016-005.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2016-005.html
10
reference_url https://web.archive.org/web/20200228002640/http://www.securityfocus.com/bid/80498
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228002640/http://www.securityfocus.com/bid/80498
11
reference_url https://wiki.openstack.org/wiki/OSSN/OSSN-0062
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://wiki.openstack.org/wiki/OSSN/OSSN-0062
12
reference_url http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
13
reference_url http://www.securityfocus.com/bid/80498
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/80498
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1290774
reference_id 1290774
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1290774
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystonemiddleware:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystonemiddleware:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystonemiddleware:*:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
reference_id cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-7546
reference_id CVE-2015-7546
reference_type
scores
0
value 6.0
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:P/I:P/A:P
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-7546
19
reference_url https://github.com/advisories/GHSA-8c4w-v65p-jvcv
reference_id GHSA-8c4w-v65p-jvcv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8c4w-v65p-jvcv
fixed_packages
0
url pkg:deb/debian/keystone@2:9.0.0-2~bpo8%2B1
purl pkg:deb/debian/keystone@2:9.0.0-2~bpo8%2B1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-96bg-ytf8-9fhd
1
vulnerability VCID-gdk6-a746-6fac
2
vulnerability VCID-p5un-b12x-tuh5
3
vulnerability VCID-qyjh-md45-hyhh
4
vulnerability VCID-r25g-be38-b3be
5
vulnerability VCID-rgkw-6ews-rked
6
vulnerability VCID-t2ap-zxfa-fkhe
7
vulnerability VCID-w6e4-zd31-g7hu
8
vulnerability VCID-wc5s-25xb-rqaa
9
vulnerability VCID-ztee-sxym-zffv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:9.0.0-2~bpo8%252B1
aliases CVE-2015-7546, GHSA-8c4w-v65p-jvcv, PYSEC-2016-20
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-844e-r6mn-bqh5
5
url VCID-8bat-qwmh-fyer
vulnerability_id VCID-8bat-qwmh-fyer
summary 
OpenStack Identity (Keystone) Denial of Service
OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-July/111914.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2013-July/111914.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2014
reference_id
reference_type
scores
0
value 0.02372
scoring_system epss
scoring_elements 0.84981
published_at 2026-04-21T12:55:00Z
1
value 0.02372
scoring_system epss
scoring_elements 0.84923
published_at 2026-04-07T12:55:00Z
2
value 0.02372
scoring_system epss
scoring_elements 0.84946
published_at 2026-04-08T12:55:00Z
3
value 0.02372
scoring_system epss
scoring_elements 0.84952
published_at 2026-04-09T12:55:00Z
4
value 0.02372
scoring_system epss
scoring_elements 0.84968
published_at 2026-04-11T12:55:00Z
5
value 0.02372
scoring_system epss
scoring_elements 0.84966
published_at 2026-04-12T12:55:00Z
6
value 0.02372
scoring_system epss
scoring_elements 0.84962
published_at 2026-04-13T12:55:00Z
7
value 0.02372
scoring_system epss
scoring_elements 0.84983
published_at 2026-04-16T12:55:00Z
8
value 0.02372
scoring_system epss
scoring_elements 0.84984
published_at 2026-04-18T12:55:00Z
9
value 0.02372
scoring_system epss
scoring_elements 0.84884
published_at 2026-04-01T12:55:00Z
10
value 0.02372
scoring_system epss
scoring_elements 0.849
published_at 2026-04-02T12:55:00Z
11
value 0.02372
scoring_system epss
scoring_elements 0.84918
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2014
2
reference_url https://bugs.launchpad.net/keystone/+bug/1098177
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1098177
3
reference_url https://bugs.launchpad.net/keystone/+bug/1099025
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1099025
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2014
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2014
5
reference_url http://secunia.com/advisories/53397
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/53397
6
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/84347
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/84347
7
reference_url https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8
8
reference_url http://www.securityfocus.com/bid/59936
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/59936
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708515
reference_id 708515
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708515
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2014
reference_id CVE-2013-2014
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-2014
11
reference_url https://github.com/advisories/GHSA-7332-36h8-8jh8
reference_id GHSA-7332-36h8-8jh8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7332-36h8-8jh8
fixed_packages
0
url pkg:deb/debian/keystone@2014.1.3-6
purl pkg:deb/debian/keystone@2014.1.3-6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-844e-r6mn-bqh5
1
vulnerability VCID-96bg-ytf8-9fhd
2
vulnerability VCID-9dhg-r711-yfg6
3
vulnerability VCID-gdk6-a746-6fac
4
vulnerability VCID-p5un-b12x-tuh5
5
vulnerability VCID-qyjh-md45-hyhh
6
vulnerability VCID-r25g-be38-b3be
7
vulnerability VCID-rgkw-6ews-rked
8
vulnerability VCID-t2ap-zxfa-fkhe
9
vulnerability VCID-w6e4-zd31-g7hu
10
vulnerability VCID-wc5s-25xb-rqaa
11
vulnerability VCID-ztee-sxym-zffv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6
aliases CVE-2013-2014, GHSA-7332-36h8-8jh8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8bat-qwmh-fyer
6
url VCID-8tkd-pcuy-d7ax
vulnerability_id VCID-8tkd-pcuy-d7ax
summary The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being invalidated by bulk token revocation and allows the trustee to bypass intended access restrictions.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2014-0580.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2014-0580.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2237.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2237.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-2237
reference_id
reference_type
scores
0
value 0.00188
scoring_system epss
scoring_elements 0.40614
published_at 2026-04-01T12:55:00Z
1
value 0.00188
scoring_system epss
scoring_elements 0.40611
published_at 2026-04-21T12:55:00Z
2
value 0.00188
scoring_system epss
scoring_elements 0.40687
published_at 2026-04-18T12:55:00Z
3
value 0.00188
scoring_system epss
scoring_elements 0.40716
published_at 2026-04-16T12:55:00Z
4
value 0.00188
scoring_system epss
scoring_elements 0.40671
published_at 2026-04-13T12:55:00Z
5
value 0.00188
scoring_system epss
scoring_elements 0.4069
published_at 2026-04-12T12:55:00Z
6
value 0.00188
scoring_system epss
scoring_elements 0.40724
published_at 2026-04-11T12:55:00Z
7
value 0.00188
scoring_system epss
scoring_elements 0.40707
published_at 2026-04-09T12:55:00Z
8
value 0.00188
scoring_system epss
scoring_elements 0.40701
published_at 2026-04-08T12:55:00Z
9
value 0.00188
scoring_system epss
scoring_elements 0.40651
published_at 2026-04-07T12:55:00Z
10
value 0.00188
scoring_system epss
scoring_elements 0.40728
published_at 2026-04-04T12:55:00Z
11
value 0.00188
scoring_system epss
scoring_elements 0.40699
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-2237
3
reference_url https://bugs.launchpad.net/keystone/+bug/1260080
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1260080
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2237
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2237
5
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
6
reference_url https://github.com/openstack/keystone/commit/813d1254eb4f7a7d40009b23bbadbc4c5cc5daac
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/813d1254eb4f7a7d40009b23bbadbc4c5cc5daac
7
reference_url https://github.com/openstack/keystone/commit/a411c944af78c36f2fdb87d305ba452dc52d7ed3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/a411c944af78c36f2fdb87d305ba452dc52d7ed3
8
reference_url https://github.com/openstack/keystone/commit/b6f0e26da0e2ab0892a5658da281a065e668637b
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/b6f0e26da0e2ab0892a5658da281a065e668637b
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-105.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-105.yaml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-2237
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-2237
11
reference_url https://rhn.redhat.com/errata/RHSA-2014-0580.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://rhn.redhat.com/errata/RHSA-2014-0580.html
12
reference_url http://www.openwall.com/lists/oss-security/2014/03/04/16
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/03/04/16
13
reference_url http://www.securityfocus.com/bid/65895
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/65895
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1071434
reference_id 1071434
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1071434
15
reference_url https://github.com/advisories/GHSA-23x9-8hxr-978c
reference_id GHSA-23x9-8hxr-978c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-23x9-8hxr-978c
16
reference_url https://access.redhat.com/errata/RHSA-2014:0368
reference_id RHSA-2014:0368
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0368
17
reference_url https://access.redhat.com/errata/RHSA-2014:0580
reference_id RHSA-2014:0580
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0580
fixed_packages
0
url pkg:deb/debian/keystone@2014.1.3-6
purl pkg:deb/debian/keystone@2014.1.3-6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-844e-r6mn-bqh5
1
vulnerability VCID-96bg-ytf8-9fhd
2
vulnerability VCID-9dhg-r711-yfg6
3
vulnerability VCID-gdk6-a746-6fac
4
vulnerability VCID-p5un-b12x-tuh5
5
vulnerability VCID-qyjh-md45-hyhh
6
vulnerability VCID-r25g-be38-b3be
7
vulnerability VCID-rgkw-6ews-rked
8
vulnerability VCID-t2ap-zxfa-fkhe
9
vulnerability VCID-w6e4-zd31-g7hu
10
vulnerability VCID-wc5s-25xb-rqaa
11
vulnerability VCID-ztee-sxym-zffv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6
aliases CVE-2014-2237, GHSA-23x9-8hxr-978c, PYSEC-2014-105
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8tkd-pcuy-d7ax
7
url VCID-91k2-z5s1-gbbx
vulnerability_id VCID-91k2-z5s1-gbbx
summary openstack-keystone: Authentication bypass when using LDAP backend
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2157.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2157.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2157
reference_id
reference_type
scores
0
value 0.00288
scoring_system epss
scoring_elements 0.5217
published_at 2026-04-01T12:55:00Z
1
value 0.00288
scoring_system epss
scoring_elements 0.52213
published_at 2026-04-02T12:55:00Z
2
value 0.00288
scoring_system epss
scoring_elements 0.5224
published_at 2026-04-04T12:55:00Z
3
value 0.00288
scoring_system epss
scoring_elements 0.52204
published_at 2026-04-07T12:55:00Z
4
value 0.00288
scoring_system epss
scoring_elements 0.52258
published_at 2026-04-08T12:55:00Z
5
value 0.00288
scoring_system epss
scoring_elements 0.52253
published_at 2026-04-09T12:55:00Z
6
value 0.00288
scoring_system epss
scoring_elements 0.52304
published_at 2026-04-11T12:55:00Z
7
value 0.00288
scoring_system epss
scoring_elements 0.52288
published_at 2026-04-12T12:55:00Z
8
value 0.00288
scoring_system epss
scoring_elements 0.52273
published_at 2026-04-13T12:55:00Z
9
value 0.00288
scoring_system epss
scoring_elements 0.52311
published_at 2026-04-16T12:55:00Z
10
value 0.00288
scoring_system epss
scoring_elements 0.52315
published_at 2026-04-18T12:55:00Z
11
value 0.00288
scoring_system epss
scoring_elements 0.52297
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2157
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2157
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2157
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712160
reference_id 712160
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712160
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=971884
reference_id 971884
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=971884
5
reference_url https://access.redhat.com/errata/RHSA-2013:0994
reference_id RHSA-2013:0994
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0994
6
reference_url https://access.redhat.com/errata/RHSA-2013:1083
reference_id RHSA-2013:1083
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1083
7
reference_url https://usn.ubuntu.com/1875-1/
reference_id USN-1875-1
reference_type
scores
url https://usn.ubuntu.com/1875-1/
fixed_packages
0
url pkg:deb/debian/keystone@2014.1.3-6
purl pkg:deb/debian/keystone@2014.1.3-6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-844e-r6mn-bqh5
1
vulnerability VCID-96bg-ytf8-9fhd
2
vulnerability VCID-9dhg-r711-yfg6
3
vulnerability VCID-gdk6-a746-6fac
4
vulnerability VCID-p5un-b12x-tuh5
5
vulnerability VCID-qyjh-md45-hyhh
6
vulnerability VCID-r25g-be38-b3be
7
vulnerability VCID-rgkw-6ews-rked
8
vulnerability VCID-t2ap-zxfa-fkhe
9
vulnerability VCID-w6e4-zd31-g7hu
10
vulnerability VCID-wc5s-25xb-rqaa
11
vulnerability VCID-ztee-sxym-zffv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6
aliases CVE-2013-2157
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-91k2-z5s1-gbbx
8
url VCID-96bg-ytf8-9fhd
vulnerability_id VCID-96bg-ytf8-9fhd
summary An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles.
references
0
reference_url https://access.redhat.com/errata/RHSA-2017:1461
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:1461
1
reference_url https://access.redhat.com/errata/RHSA-2017:1597
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:1597
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2673.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2673.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-2673
reference_id
reference_type
scores
0
value 0.00572
scoring_system epss
scoring_elements 0.68596
published_at 2026-04-07T12:55:00Z
1
value 0.00572
scoring_system epss
scoring_elements 0.68619
published_at 2026-04-04T12:55:00Z
2
value 0.00572
scoring_system epss
scoring_elements 0.68601
published_at 2026-04-02T12:55:00Z
3
value 0.00572
scoring_system epss
scoring_elements 0.68583
published_at 2026-04-01T12:55:00Z
4
value 0.00572
scoring_system epss
scoring_elements 0.68647
published_at 2026-04-13T12:55:00Z
5
value 0.00572
scoring_system epss
scoring_elements 0.687
published_at 2026-04-18T12:55:00Z
6
value 0.00572
scoring_system epss
scoring_elements 0.6868
published_at 2026-04-21T12:55:00Z
7
value 0.00572
scoring_system epss
scoring_elements 0.68665
published_at 2026-04-09T12:55:00Z
8
value 0.00572
scoring_system epss
scoring_elements 0.68689
published_at 2026-04-16T12:55:00Z
9
value 0.00572
scoring_system epss
scoring_elements 0.68676
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-2673
4
reference_url https://bugs.launchpad.net/keystone/+bug/1677723
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1677723
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1439586
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1439586
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2673
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2673
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2673
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2673
8
reference_url http://seclists.org/oss-sec/2017/q2/125
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/oss-sec/2017/q2/125
9
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv2
scoring_elements AV:L/AC:M/Au:S/C:C/I:C/A:C
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
11
reference_url https://github.com/openstack/keystone/commit/05a129e54573b6cbda1ec095f4526f2b9ba90a90
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/05a129e54573b6cbda1ec095f4526f2b9ba90a90
12
reference_url https://github.com/openstack/keystone/commit/2139639eeabc8f6941f4461fc87d609cde3118c2
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/2139639eeabc8f6941f4461fc87d609cde3118c2
13
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2018-152.yaml
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2018-152.yaml
14
reference_url http://www.securityfocus.com/bid/98032
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/98032
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861189
reference_id 861189
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861189
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*
18
reference_url https://access.redhat.com/security/cve/CVE-2017-2673
reference_id CVE-2017-2673
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2017-2673
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2673
reference_id CVE-2017-2673
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
1
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
2
value 7.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
3
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
4
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
5
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-2673
20
reference_url https://github.com/advisories/GHSA-j36m-hv43-7w7m
reference_id GHSA-j36m-hv43-7w7m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j36m-hv43-7w7m
21
reference_url https://usn.ubuntu.com/3448-1/
reference_id USN-3448-1
reference_type
scores
url https://usn.ubuntu.com/3448-1/
fixed_packages
0
url pkg:deb/debian/keystone@2:10.0.0-9%2Bdeb9u1
purl pkg:deb/debian/keystone@2:10.0.0-9%2Bdeb9u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gdk6-a746-6fac
1
vulnerability VCID-p5un-b12x-tuh5
2
vulnerability VCID-qyjh-md45-hyhh
3
vulnerability VCID-r25g-be38-b3be
4
vulnerability VCID-rgkw-6ews-rked
5
vulnerability VCID-w6e4-zd31-g7hu
6
vulnerability VCID-wc5s-25xb-rqaa
7
vulnerability VCID-ztee-sxym-zffv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:10.0.0-9%252Bdeb9u1
aliases CVE-2017-2673, GHSA-j36m-hv43-7w7m, PYSEC-2018-152
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-96bg-ytf8-9fhd
9
url VCID-9dhg-r711-yfg6
vulnerability_id VCID-9dhg-r711-yfg6
summary 
Exposure of Sensitive Information to an Unauthorized Actor
OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs.
references
0
reference_url http://lists.openstack.org/pipermail/openstack-announce/2015-May/000356.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.openstack.org/pipermail/openstack-announce/2015-May/000356.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3646.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3646.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-3646
reference_id
reference_type
scores
0
value 0.00177
scoring_system epss
scoring_elements 0.39118
published_at 2026-04-21T12:55:00Z
1
value 0.00177
scoring_system epss
scoring_elements 0.39156
published_at 2026-04-07T12:55:00Z
2
value 0.00177
scoring_system epss
scoring_elements 0.3921
published_at 2026-04-08T12:55:00Z
3
value 0.00177
scoring_system epss
scoring_elements 0.39226
published_at 2026-04-09T12:55:00Z
4
value 0.00177
scoring_system epss
scoring_elements 0.39238
published_at 2026-04-11T12:55:00Z
5
value 0.00177
scoring_system epss
scoring_elements 0.39201
published_at 2026-04-12T12:55:00Z
6
value 0.00177
scoring_system epss
scoring_elements 0.39182
published_at 2026-04-13T12:55:00Z
7
value 0.00177
scoring_system epss
scoring_elements 0.39207
published_at 2026-04-18T12:55:00Z
8
value 0.00177
scoring_system epss
scoring_elements 0.39029
published_at 2026-04-01T12:55:00Z
9
value 0.00177
scoring_system epss
scoring_elements 0.39214
published_at 2026-04-02T12:55:00Z
10
value 0.00177
scoring_system epss
scoring_elements 0.39236
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-3646
3
reference_url https://bugs.launchpad.net/keystone/+bug/1443598
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1443598
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3646
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3646
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:P/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
7
reference_url https://web.archive.org/web/20210122154200/http://www.securityfocus.com/bid/74456
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210122154200/http://www.securityfocus.com/bid/74456
8
reference_url http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1218640
reference_id 1218640
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1218640
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-3646
reference_id CVE-2015-3646
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-3646
11
reference_url https://github.com/advisories/GHSA-jwpw-ppj5-7h4w
reference_id GHSA-jwpw-ppj5-7h4w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jwpw-ppj5-7h4w
fixed_packages
0
url pkg:deb/debian/keystone@2:9.0.0-2~bpo8%2B1
purl pkg:deb/debian/keystone@2:9.0.0-2~bpo8%2B1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-96bg-ytf8-9fhd
1
vulnerability VCID-gdk6-a746-6fac
2
vulnerability VCID-p5un-b12x-tuh5
3
vulnerability VCID-qyjh-md45-hyhh
4
vulnerability VCID-r25g-be38-b3be
5
vulnerability VCID-rgkw-6ews-rked
6
vulnerability VCID-t2ap-zxfa-fkhe
7
vulnerability VCID-w6e4-zd31-g7hu
8
vulnerability VCID-wc5s-25xb-rqaa
9
vulnerability VCID-ztee-sxym-zffv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:9.0.0-2~bpo8%252B1
aliases CVE-2015-3646, GHSA-jwpw-ppj5-7h4w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9dhg-r711-yfg6
10
url VCID-am2m-2fgu-xkfk
vulnerability_id VCID-am2m-2fgu-xkfk
summary openstack-keystone: Keystone V2 trusts privilege escalation through user supplied project id
references
0
reference_url http://lists.openstack.org/pipermail/openstack-announce/2014-July/000248.html
reference_id
reference_type
scores
url http://lists.openstack.org/pipermail/openstack-announce/2014-July/000248.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3520.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3520.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3520
reference_id
reference_type
scores
0
value 0.00428
scoring_system epss
scoring_elements 0.62484
published_at 2026-04-18T12:55:00Z
1
value 0.00428
scoring_system epss
scoring_elements 0.62327
published_at 2026-04-01T12:55:00Z
2
value 0.00428
scoring_system epss
scoring_elements 0.62385
published_at 2026-04-02T12:55:00Z
3
value 0.00428
scoring_system epss
scoring_elements 0.62416
published_at 2026-04-04T12:55:00Z
4
value 0.00428
scoring_system epss
scoring_elements 0.62381
published_at 2026-04-07T12:55:00Z
5
value 0.00428
scoring_system epss
scoring_elements 0.62429
published_at 2026-04-08T12:55:00Z
6
value 0.00428
scoring_system epss
scoring_elements 0.62447
published_at 2026-04-09T12:55:00Z
7
value 0.00428
scoring_system epss
scoring_elements 0.62466
published_at 2026-04-21T12:55:00Z
8
value 0.00428
scoring_system epss
scoring_elements 0.62456
published_at 2026-04-12T12:55:00Z
9
value 0.00428
scoring_system epss
scoring_elements 0.62433
published_at 2026-04-13T12:55:00Z
10
value 0.00428
scoring_system epss
scoring_elements 0.62477
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3520
3
reference_url https://bugs.launchpad.net/keystone/+bug/1331912
reference_id
reference_type
scores
url https://bugs.launchpad.net/keystone/+bug/1331912
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3520
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3520
5
reference_url http://secunia.com/advisories/59426
reference_id
reference_type
scores
url http://secunia.com/advisories/59426
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1112668
reference_id 1112668
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1112668
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753511
reference_id 753511
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753511
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3520
reference_id CVE-2014-3520
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
url https://nvd.nist.gov/vuln/detail/CVE-2014-3520
10
reference_url https://access.redhat.com/errata/RHSA-2014:0994
reference_id RHSA-2014:0994
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0994
11
reference_url https://usn.ubuntu.com/2324-1/
reference_id USN-2324-1
reference_type
scores
url https://usn.ubuntu.com/2324-1/
fixed_packages
0
url pkg:deb/debian/keystone@2014.1.3-6
purl pkg:deb/debian/keystone@2014.1.3-6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-844e-r6mn-bqh5
1
vulnerability VCID-96bg-ytf8-9fhd
2
vulnerability VCID-9dhg-r711-yfg6
3
vulnerability VCID-gdk6-a746-6fac
4
vulnerability VCID-p5un-b12x-tuh5
5
vulnerability VCID-qyjh-md45-hyhh
6
vulnerability VCID-r25g-be38-b3be
7
vulnerability VCID-rgkw-6ews-rked
8
vulnerability VCID-t2ap-zxfa-fkhe
9
vulnerability VCID-w6e4-zd31-g7hu
10
vulnerability VCID-wc5s-25xb-rqaa
11
vulnerability VCID-ztee-sxym-zffv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6
aliases CVE-2014-3520
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-am2m-2fgu-xkfk
11
url VCID-cg74-2jr1-2fhp
vulnerability_id VCID-cg74-2jr1-2fhp
summary OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106220.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106220.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2013-06/msg00085.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-06/msg00085.html
3
reference_url http://osvdb.org/93134
reference_id
reference_type
scores
url http://osvdb.org/93134
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2059
reference_id
reference_type
scores
0
value 0.00908
scoring_system epss
scoring_elements 0.75791
published_at 2026-04-21T12:55:00Z
1
value 0.00908
scoring_system epss
scoring_elements 0.75707
published_at 2026-04-01T12:55:00Z
2
value 0.00908
scoring_system epss
scoring_elements 0.75709
published_at 2026-04-02T12:55:00Z
3
value 0.00908
scoring_system epss
scoring_elements 0.7574
published_at 2026-04-04T12:55:00Z
4
value 0.00908
scoring_system epss
scoring_elements 0.75719
published_at 2026-04-07T12:55:00Z
5
value 0.00908
scoring_system epss
scoring_elements 0.75753
published_at 2026-04-08T12:55:00Z
6
value 0.00908
scoring_system epss
scoring_elements 0.75764
published_at 2026-04-13T12:55:00Z
7
value 0.00908
scoring_system epss
scoring_elements 0.75789
published_at 2026-04-11T12:55:00Z
8
value 0.00908
scoring_system epss
scoring_elements 0.7577
published_at 2026-04-12T12:55:00Z
9
value 0.00908
scoring_system epss
scoring_elements 0.75802
published_at 2026-04-16T12:55:00Z
10
value 0.00908
scoring_system epss
scoring_elements 0.75806
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2059
5
reference_url https://bugs.launchpad.net/keystone/+bug/1166670
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1166670
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2059
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2059
7
reference_url http://secunia.com/advisories/53326
reference_id
reference_type
scores
url http://secunia.com/advisories/53326
8
reference_url http://secunia.com/advisories/53339
reference_id
reference_type
scores
url http://secunia.com/advisories/53339
9
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/84135
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/84135
10
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
11
reference_url https://github.com/openstack/keystone/commit/33214f311aa36b17f8f5ff06bee2130bf061df8f
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/33214f311aa36b17f8f5ff06bee2130bf061df8f
12
reference_url https://github.com/openstack/keystone/commit/678b06a91f772d6be82eb54ed11f27e20f446b57
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/678b06a91f772d6be82eb54ed11f27e20f446b57
13
reference_url https://github.com/openstack/keystone/commit/992466d1dbf80a940190703dedf800d6d12dede8
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/992466d1dbf80a940190703dedf800d6d12dede8
14
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-41.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-41.yaml
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2059
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:P/I:P/A:P
1
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-2059
16
reference_url http://www.openwall.com/lists/oss-security/2013/05/09/3
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/05/09/3
17
reference_url http://www.openwall.com/lists/oss-security/2013/05/09/4
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/05/09/4
18
reference_url http://www.securityfocus.com/bid/59787
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/59787
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707598
reference_id 707598
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707598
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2012.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:2012.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2012.1:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:2013.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:*:*:*:*:*:*:*
22
reference_url https://github.com/advisories/GHSA-hj89-qmx9-8qmh
reference_id GHSA-hj89-qmx9-8qmh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hj89-qmx9-8qmh
23
reference_url https://usn.ubuntu.com/1830-1/
reference_id USN-1830-1
reference_type
scores
url https://usn.ubuntu.com/1830-1/
fixed_packages
0
url pkg:deb/debian/keystone@2014.1.3-6
purl pkg:deb/debian/keystone@2014.1.3-6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-844e-r6mn-bqh5
1
vulnerability VCID-96bg-ytf8-9fhd
2
vulnerability VCID-9dhg-r711-yfg6
3
vulnerability VCID-gdk6-a746-6fac
4
vulnerability VCID-p5un-b12x-tuh5
5
vulnerability VCID-qyjh-md45-hyhh
6
vulnerability VCID-r25g-be38-b3be
7
vulnerability VCID-rgkw-6ews-rked
8
vulnerability VCID-t2ap-zxfa-fkhe
9
vulnerability VCID-w6e4-zd31-g7hu
10
vulnerability VCID-wc5s-25xb-rqaa
11
vulnerability VCID-ztee-sxym-zffv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6
aliases CVE-2013-2059, GHSA-hj89-qmx9-8qmh, PYSEC-2013-41
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cg74-2jr1-2fhp
12
url VCID-gdk6-a746-6fac
vulnerability_id VCID-gdk6-a746-6fac
summary OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforce_scope is false. Users with a role on a project are able to view any other users' credentials, which could (for example) leak sign-on information for Time-based One Time Passwords (TOTP). Deployments with enforce_scope set to false are affected. (There will be a slight performance impact for the list credentials API once this issue is fixed.)
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:4358
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:4358
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19687.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19687.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-19687
reference_id
reference_type
scores
0
value 0.00728
scoring_system epss
scoring_elements 0.72565
published_at 2026-04-01T12:55:00Z
1
value 0.00728
scoring_system epss
scoring_elements 0.72655
published_at 2026-04-21T12:55:00Z
2
value 0.00728
scoring_system epss
scoring_elements 0.72664
published_at 2026-04-18T12:55:00Z
3
value 0.00728
scoring_system epss
scoring_elements 0.72654
published_at 2026-04-16T12:55:00Z
4
value 0.00728
scoring_system epss
scoring_elements 0.72566
published_at 2026-04-07T12:55:00Z
5
value 0.00728
scoring_system epss
scoring_elements 0.72589
published_at 2026-04-04T12:55:00Z
6
value 0.00728
scoring_system epss
scoring_elements 0.72573
published_at 2026-04-02T12:55:00Z
7
value 0.00728
scoring_system epss
scoring_elements 0.72612
published_at 2026-04-13T12:55:00Z
8
value 0.00728
scoring_system epss
scoring_elements 0.72622
published_at 2026-04-12T12:55:00Z
9
value 0.00728
scoring_system epss
scoring_elements 0.72639
published_at 2026-04-11T12:55:00Z
10
value 0.00728
scoring_system epss
scoring_elements 0.72616
published_at 2026-04-09T12:55:00Z
11
value 0.00728
scoring_system epss
scoring_elements 0.72604
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-19687
3
reference_url https://bugs.launchpad.net/keystone/+bug/1855080
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1855080
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1781470
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1781470
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19687
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19687
6
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
7
reference_url https://github.com/openstack/keystone/commit/17947516b0095c51da5cff94771247f2e7c44ee6
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/17947516b0095c51da5cff94771247f2e7c44ee6
8
reference_url https://github.com/openstack/keystone/commit/17c337dbdbfb9d548ad531c2ad0483c9bce5b98f
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/17c337dbdbfb9d548ad531c2ad0483c9bce5b98f
9
reference_url https://github.com/openstack/keystone/commit/bd3f63787151183f4daa43578aa491856fefae5b
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/bd3f63787151183f4daa43578aa491856fefae5b
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2019-29.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2019-29.yaml
11
reference_url https://git.openstack.org/cgit/openstack/keystone/commit/?id=17947516b0095c51da5cff94771247f2e7c44ee6
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://git.openstack.org/cgit/openstack/keystone/commit/?id=17947516b0095c51da5cff94771247f2e7c44ee6
12
reference_url https://git.openstack.org/cgit/openstack/keystone/commit/?id=17c337dbdbfb9d548ad531c2ad0483c9bce5b98f
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://git.openstack.org/cgit/openstack/keystone/commit/?id=17c337dbdbfb9d548ad531c2ad0483c9bce5b98f
13
reference_url https://git.openstack.org/cgit/openstack/keystone/commit/?id=bd3f63787151183f4daa43578aa491856fefae5b
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://git.openstack.org/cgit/openstack/keystone/commit/?id=bd3f63787151183f4daa43578aa491856fefae5b
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-19687
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-19687
15
reference_url https://review.opendev.org/#/c/697355
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://review.opendev.org/#/c/697355
16
reference_url https://review.opendev.org/#/c/697355/
reference_id
reference_type
scores
url https://review.opendev.org/#/c/697355/
17
reference_url https://review.opendev.org/#/c/697611
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://review.opendev.org/#/c/697611
18
reference_url https://review.opendev.org/#/c/697611/
reference_id
reference_type
scores
url https://review.opendev.org/#/c/697611/
19
reference_url https://review.opendev.org/#/c/697731
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://review.opendev.org/#/c/697731
20
reference_url https://review.opendev.org/#/c/697731/
reference_id
reference_type
scores
url https://review.opendev.org/#/c/697731/
21
reference_url https://security.openstack.org/ossa/OSSA-2019-006.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2019-006.html
22
reference_url https://usn.ubuntu.com/4262-1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4262-1
23
reference_url https://usn.ubuntu.com/4262-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4262-1/
24
reference_url http://www.openwall.com/lists/oss-security/2019/12/11/8
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/12/11/8
25
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946614
reference_id 946614
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946614
26
reference_url https://github.com/advisories/GHSA-2j23-fwqm-mgwr
reference_id GHSA-2j23-fwqm-mgwr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2j23-fwqm-mgwr
fixed_packages
0
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
2
vulnerability VCID-r25g-be38-b3be
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1
aliases CVE-2019-19687, GHSA-2j23-fwqm-mgwr, PYSEC-2019-29
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gdk6-a746-6fac
13
url VCID-h1xa-f7tm-tudx
vulnerability_id VCID-h1xa-f7tm-tudx
summary OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2014-1121.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1121.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-1122.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1122.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5253.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5253.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-5253
reference_id
reference_type
scores
0
value 0.0031
scoring_system epss
scoring_elements 0.54207
published_at 2026-04-11T12:55:00Z
1
value 0.0031
scoring_system epss
scoring_elements 0.54157
published_at 2026-04-09T12:55:00Z
2
value 0.0031
scoring_system epss
scoring_elements 0.54159
published_at 2026-04-08T12:55:00Z
3
value 0.0031
scoring_system epss
scoring_elements 0.54133
published_at 2026-04-04T12:55:00Z
4
value 0.0031
scoring_system epss
scoring_elements 0.54103
published_at 2026-04-02T12:55:00Z
5
value 0.0031
scoring_system epss
scoring_elements 0.54086
published_at 2026-04-01T12:55:00Z
6
value 0.0031
scoring_system epss
scoring_elements 0.54108
published_at 2026-04-07T12:55:00Z
7
value 0.0031
scoring_system epss
scoring_elements 0.54191
published_at 2026-04-21T12:55:00Z
8
value 0.0031
scoring_system epss
scoring_elements 0.5421
published_at 2026-04-18T12:55:00Z
9
value 0.0031
scoring_system epss
scoring_elements 0.54206
published_at 2026-04-16T12:55:00Z
10
value 0.0031
scoring_system epss
scoring_elements 0.54168
published_at 2026-04-13T12:55:00Z
11
value 0.0031
scoring_system epss
scoring_elements 0.54189
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-5253
4
reference_url https://bugs.launchpad.net/keystone/+bug/1349597
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1349597
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5253
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5253
6
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
7
reference_url https://github.com/openstack/keystone/commit/317f9d34b4da20c21edd5b851889298b67c843e1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/317f9d34b4da20c21edd5b851889298b67c843e1
8
reference_url https://github.com/openstack/keystone/commit/3e035ebb726167aef43c4a865c7e7f7d3b0978fb
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/3e035ebb726167aef43c4a865c7e7f7d3b0978fb
9
reference_url https://github.com/openstack/keystone/commit/c4447f16da036fe878382ce4e1b05b84bdcc4d4e
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/c4447f16da036fe878382ce4e1b05b84bdcc4d4e
10
reference_url https://github.com/openstack/keystone/commit/cccc3f3239c68479de0f6a41bd64badf2a9ec9e7
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/cccc3f3239c68479de0f6a41bd64badf2a9ec9e7
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-109.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-109.yaml
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-5253
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:P/I:P/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-5253
13
reference_url http://www.openwall.com/lists/oss-security/2014/08/15/6
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/08/15/6
14
reference_url http://www.ubuntu.com/usn/USN-2324-1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2324-1
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1127253
reference_id 1127253
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1127253
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:juno-1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-1:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:juno-2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-2:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
21
reference_url https://github.com/advisories/GHSA-77w8-qv8m-386h
reference_id GHSA-77w8-qv8m-386h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-77w8-qv8m-386h
22
reference_url https://access.redhat.com/errata/RHSA-2014:1121
reference_id RHSA-2014:1121
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:1121
23
reference_url https://access.redhat.com/errata/RHSA-2014:1122
reference_id RHSA-2014:1122
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:1122
24
reference_url https://usn.ubuntu.com/2324-1/
reference_id USN-2324-1
reference_type
scores
url https://usn.ubuntu.com/2324-1/
fixed_packages
0
url pkg:deb/debian/keystone@2014.1.3-6
purl pkg:deb/debian/keystone@2014.1.3-6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-844e-r6mn-bqh5
1
vulnerability VCID-96bg-ytf8-9fhd
2
vulnerability VCID-9dhg-r711-yfg6
3
vulnerability VCID-gdk6-a746-6fac
4
vulnerability VCID-p5un-b12x-tuh5
5
vulnerability VCID-qyjh-md45-hyhh
6
vulnerability VCID-r25g-be38-b3be
7
vulnerability VCID-rgkw-6ews-rked
8
vulnerability VCID-t2ap-zxfa-fkhe
9
vulnerability VCID-w6e4-zd31-g7hu
10
vulnerability VCID-wc5s-25xb-rqaa
11
vulnerability VCID-ztee-sxym-zffv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6
aliases CVE-2014-5253, GHSA-77w8-qv8m-386h, PYSEC-2014-109
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h1xa-f7tm-tudx
14
url VCID-hjrj-k1wk-jbha
vulnerability_id VCID-hjrj-k1wk-jbha
summary The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2014-1121.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1121.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-1122.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1122.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5251.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5251.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-5251
reference_id
reference_type
scores
0
value 0.0031
scoring_system epss
scoring_elements 0.54168
published_at 2026-04-13T12:55:00Z
1
value 0.0031
scoring_system epss
scoring_elements 0.54189
published_at 2026-04-12T12:55:00Z
2
value 0.0031
scoring_system epss
scoring_elements 0.54207
published_at 2026-04-11T12:55:00Z
3
value 0.0031
scoring_system epss
scoring_elements 0.54157
published_at 2026-04-09T12:55:00Z
4
value 0.0031
scoring_system epss
scoring_elements 0.54159
published_at 2026-04-08T12:55:00Z
5
value 0.0031
scoring_system epss
scoring_elements 0.54133
published_at 2026-04-04T12:55:00Z
6
value 0.0031
scoring_system epss
scoring_elements 0.54108
published_at 2026-04-07T12:55:00Z
7
value 0.0031
scoring_system epss
scoring_elements 0.54086
published_at 2026-04-01T12:55:00Z
8
value 0.0031
scoring_system epss
scoring_elements 0.54103
published_at 2026-04-02T12:55:00Z
9
value 0.0031
scoring_system epss
scoring_elements 0.54191
published_at 2026-04-21T12:55:00Z
10
value 0.0031
scoring_system epss
scoring_elements 0.5421
published_at 2026-04-18T12:55:00Z
11
value 0.0031
scoring_system epss
scoring_elements 0.54206
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-5251
4
reference_url https://bugs.launchpad.net/keystone/+bug/1347961
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1347961
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5251
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5251
6
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
7
reference_url https://github.com/openstack/keystone/commit/6cbf835542d62e6e5db4b4aef7141b1731cad9dc
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/6cbf835542d62e6e5db4b4aef7141b1731cad9dc
8
reference_url https://github.com/openstack/keystone/commit/7aee6304f653475a4130dc3e5be602e91481f108
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/7aee6304f653475a4130dc3e5be602e91481f108
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-107.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-107.yaml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-5251
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:P/I:P/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-5251
11
reference_url http://www.openwall.com/lists/oss-security/2014/08/15/6
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/08/15/6
12
reference_url http://www.ubuntu.com/usn/USN-2324-1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2324-1
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1127259
reference_id 1127259
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1127259
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:juno-1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-1:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:juno-2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-2:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
19
reference_url https://github.com/advisories/GHSA-gmvp-5rf9-mxcm
reference_id GHSA-gmvp-5rf9-mxcm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gmvp-5rf9-mxcm
20
reference_url https://access.redhat.com/errata/RHSA-2014:1121
reference_id RHSA-2014:1121
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:1121
21
reference_url https://access.redhat.com/errata/RHSA-2014:1122
reference_id RHSA-2014:1122
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:1122
22
reference_url https://usn.ubuntu.com/2324-1/
reference_id USN-2324-1
reference_type
scores
url https://usn.ubuntu.com/2324-1/
fixed_packages
0
url pkg:deb/debian/keystone@2014.1.3-6
purl pkg:deb/debian/keystone@2014.1.3-6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-844e-r6mn-bqh5
1
vulnerability VCID-96bg-ytf8-9fhd
2
vulnerability VCID-9dhg-r711-yfg6
3
vulnerability VCID-gdk6-a746-6fac
4
vulnerability VCID-p5un-b12x-tuh5
5
vulnerability VCID-qyjh-md45-hyhh
6
vulnerability VCID-r25g-be38-b3be
7
vulnerability VCID-rgkw-6ews-rked
8
vulnerability VCID-t2ap-zxfa-fkhe
9
vulnerability VCID-w6e4-zd31-g7hu
10
vulnerability VCID-wc5s-25xb-rqaa
11
vulnerability VCID-ztee-sxym-zffv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6
aliases CVE-2014-5251, GHSA-gmvp-5rf9-mxcm, PYSEC-2014-107
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hjrj-k1wk-jbha
15
url VCID-ksj4-14rq-uyb7
vulnerability_id VCID-ksj4-14rq-uyb7
summary The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the same authentication method in a request, aka "authentication chaining."
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2014-1688.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1688.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2828.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2828.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-2828
reference_id
reference_type
scores
0
value 0.00864
scoring_system epss
scoring_elements 0.7513
published_at 2026-04-16T12:55:00Z
1
value 0.00864
scoring_system epss
scoring_elements 0.75092
published_at 2026-04-13T12:55:00Z
2
value 0.00864
scoring_system epss
scoring_elements 0.75102
published_at 2026-04-12T12:55:00Z
3
value 0.00864
scoring_system epss
scoring_elements 0.75123
published_at 2026-04-11T12:55:00Z
4
value 0.00864
scoring_system epss
scoring_elements 0.75101
published_at 2026-04-09T12:55:00Z
5
value 0.00864
scoring_system epss
scoring_elements 0.75089
published_at 2026-04-08T12:55:00Z
6
value 0.00864
scoring_system epss
scoring_elements 0.75056
published_at 2026-04-07T12:55:00Z
7
value 0.00864
scoring_system epss
scoring_elements 0.75079
published_at 2026-04-04T12:55:00Z
8
value 0.00864
scoring_system epss
scoring_elements 0.7505
published_at 2026-04-02T12:55:00Z
9
value 0.00864
scoring_system epss
scoring_elements 0.75136
published_at 2026-04-18T12:55:00Z
10
value 0.00864
scoring_system epss
scoring_elements 0.75047
published_at 2026-04-01T12:55:00Z
11
value 0.00864
scoring_system epss
scoring_elements 0.75126
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-2828
3
reference_url https://bugs.launchpad.net/keystone/+bug/1300274
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1300274
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2828
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2828
5
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
6
reference_url https://github.com/openstack/keystone/commit/ce6cedb30c5c4b4cf4db9380f09443de22414b39
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/ce6cedb30c5c4b4cf4db9380f09443de22414b39
7
reference_url https://github.com/openstack/keystone/commit/e364ba5b12de8e4c11bd80bcca903f9615dcfc2e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/e364ba5b12de8e4c11bd80bcca903f9615dcfc2e
8
reference_url https://github.com/openstack/keystone/commit/ef868ad92c00e23a4a5e9eb71e3e0bf5ae2fff0c
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/ef868ad92c00e23a4a5e9eb71e3e0bf5ae2fff0c
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-106.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-106.yaml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-2828
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-2828
11
reference_url http://www.openwall.com/lists/oss-security/2014/04/10/20
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/04/10/20
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1086211
reference_id 1086211
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1086211
13
reference_url https://github.com/advisories/GHSA-6mv3-p2gr-wgqf
reference_id GHSA-6mv3-p2gr-wgqf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6mv3-p2gr-wgqf
fixed_packages
0
url pkg:deb/debian/keystone@2014.1.3-6
purl pkg:deb/debian/keystone@2014.1.3-6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-844e-r6mn-bqh5
1
vulnerability VCID-96bg-ytf8-9fhd
2
vulnerability VCID-9dhg-r711-yfg6
3
vulnerability VCID-gdk6-a746-6fac
4
vulnerability VCID-p5un-b12x-tuh5
5
vulnerability VCID-qyjh-md45-hyhh
6
vulnerability VCID-r25g-be38-b3be
7
vulnerability VCID-rgkw-6ews-rked
8
vulnerability VCID-t2ap-zxfa-fkhe
9
vulnerability VCID-w6e4-zd31-g7hu
10
vulnerability VCID-wc5s-25xb-rqaa
11
vulnerability VCID-ztee-sxym-zffv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6
aliases CVE-2014-2828, GHSA-6mv3-p2gr-wgqf, PYSEC-2014-106
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ksj4-14rq-uyb7
16
url VCID-my7j-6x5y-97a1
vulnerability_id VCID-my7j-6x5y-97a1
summary 
OpenStack Identity Keystone Exposure of Sensitive Information
The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2014-1688.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1688.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-1789.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1789.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2014-1790.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1790.html
3
reference_url https://access.redhat.com/errata/RHSA-2014:1688
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2014:1688
4
reference_url https://access.redhat.com/errata/RHSA-2014:1789
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2014:1789
5
reference_url https://access.redhat.com/errata/RHSA-2014:1790
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2014:1790
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3621.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3621.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3621
reference_id
reference_type
scores
0
value 0.00426
scoring_system epss
scoring_elements 0.6227
published_at 2026-04-08T12:55:00Z
1
value 0.00426
scoring_system epss
scoring_elements 0.62313
published_at 2026-04-21T12:55:00Z
2
value 0.00426
scoring_system epss
scoring_elements 0.62328
published_at 2026-04-18T12:55:00Z
3
value 0.00426
scoring_system epss
scoring_elements 0.6222
published_at 2026-04-07T12:55:00Z
4
value 0.00426
scoring_system epss
scoring_elements 0.62288
published_at 2026-04-09T12:55:00Z
5
value 0.00426
scoring_system epss
scoring_elements 0.62321
published_at 2026-04-16T12:55:00Z
6
value 0.00426
scoring_system epss
scoring_elements 0.62275
published_at 2026-04-13T12:55:00Z
7
value 0.00426
scoring_system epss
scoring_elements 0.62296
published_at 2026-04-12T12:55:00Z
8
value 0.00426
scoring_system epss
scoring_elements 0.62167
published_at 2026-04-01T12:55:00Z
9
value 0.00426
scoring_system epss
scoring_elements 0.62306
published_at 2026-04-11T12:55:00Z
10
value 0.00426
scoring_system epss
scoring_elements 0.62224
published_at 2026-04-02T12:55:00Z
11
value 0.00426
scoring_system epss
scoring_elements 0.62253
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3621
8
reference_url https://bugs.launchpad.net/keystone/+bug/1354208
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1354208
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1139937
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1139937
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3621
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3621
11
reference_url https://github.com/openstack/keystone/commit/2989ff257e4fde6a168e25b926805e700406aa80
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/2989ff257e4fde6a168e25b926805e700406aa80
12
reference_url https://github.com/openstack/keystone/commit/52714633c9a4dae5e60279217090859aa6dbcb4f
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/52714633c9a4dae5e60279217090859aa6dbcb4f
13
reference_url http://www.openwall.com/lists/oss-security/2014/09/16/10
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/09/16/10
14
reference_url http://www.ubuntu.com/usn/USN-2406-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2406-1
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
21
reference_url https://access.redhat.com/security/cve/CVE-2014-3621
reference_id CVE-2014-3621
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2014-3621
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3621
reference_id CVE-2014-3621
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3621
23
reference_url https://github.com/advisories/GHSA-8v8f-vc72-pmhc
reference_id GHSA-8v8f-vc72-pmhc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8v8f-vc72-pmhc
24
reference_url https://usn.ubuntu.com/2406-1/
reference_id USN-2406-1
reference_type
scores
url https://usn.ubuntu.com/2406-1/
fixed_packages
0
url pkg:deb/debian/keystone@2014.1.3-6
purl pkg:deb/debian/keystone@2014.1.3-6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-844e-r6mn-bqh5
1
vulnerability VCID-96bg-ytf8-9fhd
2
vulnerability VCID-9dhg-r711-yfg6
3
vulnerability VCID-gdk6-a746-6fac
4
vulnerability VCID-p5un-b12x-tuh5
5
vulnerability VCID-qyjh-md45-hyhh
6
vulnerability VCID-r25g-be38-b3be
7
vulnerability VCID-rgkw-6ews-rked
8
vulnerability VCID-t2ap-zxfa-fkhe
9
vulnerability VCID-w6e4-zd31-g7hu
10
vulnerability VCID-wc5s-25xb-rqaa
11
vulnerability VCID-ztee-sxym-zffv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6
aliases CVE-2014-3621, GHSA-8v8f-vc72-pmhc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-my7j-6x5y-97a1
17
url VCID-p5un-b12x-tuh5
vulnerability_id VCID-p5un-b12x-tuh5
summary 
OpenStack Keystone allows information disclosure during account locking
OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). By guessing the name of an account and failing to authenticate multiple times, any unauthenticated actor could both confirm the account exists and obtain that account's corresponding UUID, which might be leveraged for other unrelated attacks. All deployments enabling security_compliance.lockout_failure_attempts are affected.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-38155
reference_id
reference_type
scores
0
value 0.00737
scoring_system epss
scoring_elements 0.72775
published_at 2026-04-01T12:55:00Z
1
value 0.00737
scoring_system epss
scoring_elements 0.72874
published_at 2026-04-21T12:55:00Z
2
value 0.00737
scoring_system epss
scoring_elements 0.72882
published_at 2026-04-18T12:55:00Z
3
value 0.00737
scoring_system epss
scoring_elements 0.72872
published_at 2026-04-16T12:55:00Z
4
value 0.00737
scoring_system epss
scoring_elements 0.72838
published_at 2026-04-12T12:55:00Z
5
value 0.00737
scoring_system epss
scoring_elements 0.72855
published_at 2026-04-11T12:55:00Z
6
value 0.00737
scoring_system epss
scoring_elements 0.7283
published_at 2026-04-13T12:55:00Z
7
value 0.00737
scoring_system epss
scoring_elements 0.72817
published_at 2026-04-08T12:55:00Z
8
value 0.00737
scoring_system epss
scoring_elements 0.72779
published_at 2026-04-07T12:55:00Z
9
value 0.00737
scoring_system epss
scoring_elements 0.72802
published_at 2026-04-04T12:55:00Z
10
value 0.00737
scoring_system epss
scoring_elements 0.72781
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-38155
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38155
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38155
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
4
reference_url https://github.com/openstack/keystone/commit/1b573ae7d1c20e0ebfbde79bbe7538a09589c75d
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/1b573ae7d1c20e0ebfbde79bbe7538a09589c75d
5
reference_url https://github.com/openstack/keystone/commit/8ab4eb27be4c13c9bab2b3ea700f00a190521bf8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/8ab4eb27be4c13c9bab2b3ea700f00a190521bf8
6
reference_url https://github.com/openstack/keystone/commit/ac2631ae33445877094cdae796fbcdce8833a626
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/ac2631ae33445877094cdae796fbcdce8833a626
7
reference_url https://launchpad.net/bugs/1688137
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://launchpad.net/bugs/1688137
8
reference_url https://lists.debian.org/debian-lts-announce/2024/01/msg00007.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/01/msg00007.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-38155
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-38155
10
reference_url https://security.openstack.org/ossa/OSSA-2021-003.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2021-003.html
11
reference_url http://www.openwall.com/lists/oss-security/2021/08/10/5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/08/10/5
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992070
reference_id 992070
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992070
13
reference_url https://github.com/advisories/GHSA-4225-97pr-rr52
reference_id GHSA-4225-97pr-rr52
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4225-97pr-rr52
fixed_packages
0
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
2
vulnerability VCID-r25g-be38-b3be
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1
aliases CVE-2021-38155, GHSA-4225-97pr-rr52
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p5un-b12x-tuh5
18
url VCID-qdd1-jvk8-73hd
vulnerability_id VCID-qdd1-jvk8-73hd
summary 
Permission Issues
The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges.
references
0
reference_url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4477
reference_id
reference_type
scores
url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4477
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-0113.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0113.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4477.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4477.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4477
reference_id
reference_type
scores
0
value 0.00151
scoring_system epss
scoring_elements 0.3574
published_at 2026-04-21T12:55:00Z
1
value 0.00151
scoring_system epss
scoring_elements 0.3579
published_at 2026-04-18T12:55:00Z
2
value 0.00151
scoring_system epss
scoring_elements 0.35801
published_at 2026-04-16T12:55:00Z
3
value 0.00151
scoring_system epss
scoring_elements 0.35793
published_at 2026-04-08T12:55:00Z
4
value 0.00151
scoring_system epss
scoring_elements 0.35816
published_at 2026-04-09T12:55:00Z
5
value 0.00151
scoring_system epss
scoring_elements 0.35761
published_at 2026-04-13T12:55:00Z
6
value 0.00151
scoring_system epss
scoring_elements 0.35784
published_at 2026-04-12T12:55:00Z
7
value 0.00151
scoring_system epss
scoring_elements 0.35685
published_at 2026-04-01T12:55:00Z
8
value 0.00151
scoring_system epss
scoring_elements 0.35882
published_at 2026-04-02T12:55:00Z
9
value 0.00151
scoring_system epss
scoring_elements 0.35824
published_at 2026-04-11T12:55:00Z
10
value 0.00151
scoring_system epss
scoring_elements 0.35912
published_at 2026-04-04T12:55:00Z
11
value 0.00151
scoring_system epss
scoring_elements 0.35743
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4477
4
reference_url https://bugs.launchpad.net/keystone/+bug/1242855
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1242855
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4477
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4477
6
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
7
reference_url https://github.com/openstack/keystone/commit/b17e7bec768bd53d3977352486378698a3db3cfa
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/b17e7bec768bd53d3977352486378698a3db3cfa
8
reference_url https://github.com/openstack/keystone/commit/c6800c
reference_id
reference_type
scores
url https://github.com/openstack/keystone/commit/c6800c
9
reference_url https://github.com/openstack/keystone/commit/c6800ca1ac984c879e75826df6694d6199444ea0
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/c6800ca1ac984c879e75826df6694d6199444ea0
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4477
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4477
11
reference_url http://www.openwall.com/lists/oss-security/2013/10/30/6
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/10/30/6
12
reference_url http://www.ubuntu.com/usn/USN-2034-1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2034-1
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1024401
reference_id 1024401
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1024401
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728233
reference_id 728233
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728233
15
reference_url https://github.com/advisories/GHSA-f889-wfwm-6p7m
reference_id GHSA-f889-wfwm-6p7m
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f889-wfwm-6p7m
16
reference_url https://access.redhat.com/errata/RHSA-2014:0113
reference_id RHSA-2014:0113
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0113
17
reference_url https://usn.ubuntu.com/2034-1/
reference_id USN-2034-1
reference_type
scores
url https://usn.ubuntu.com/2034-1/
fixed_packages
0
url pkg:deb/debian/keystone@2014.1.3-6
purl pkg:deb/debian/keystone@2014.1.3-6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-844e-r6mn-bqh5
1
vulnerability VCID-96bg-ytf8-9fhd
2
vulnerability VCID-9dhg-r711-yfg6
3
vulnerability VCID-gdk6-a746-6fac
4
vulnerability VCID-p5un-b12x-tuh5
5
vulnerability VCID-qyjh-md45-hyhh
6
vulnerability VCID-r25g-be38-b3be
7
vulnerability VCID-rgkw-6ews-rked
8
vulnerability VCID-t2ap-zxfa-fkhe
9
vulnerability VCID-w6e4-zd31-g7hu
10
vulnerability VCID-wc5s-25xb-rqaa
11
vulnerability VCID-ztee-sxym-zffv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6
aliases CVE-2013-4477, GHSA-f889-wfwm-6p7m
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qdd1-jvk8-73hd
19
url VCID-qmyj-ffvg-tbe8
vulnerability_id VCID-qmyj-ffvg-tbe8
summary 
OpenStack Keystone Denial of Service vulnerability via a large HTTP request
OpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a large HTTP request, as demonstrated by a long tenant_name when requesting a token.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2013-0708.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0708.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0270.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0270.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-0270
reference_id
reference_type
scores
0
value 0.01809
scoring_system epss
scoring_elements 0.82792
published_at 2026-04-04T12:55:00Z
1
value 0.01809
scoring_system epss
scoring_elements 0.82762
published_at 2026-04-01T12:55:00Z
2
value 0.01809
scoring_system epss
scoring_elements 0.82778
published_at 2026-04-02T12:55:00Z
3
value 0.02681
scoring_system epss
scoring_elements 0.85859
published_at 2026-04-21T12:55:00Z
4
value 0.02681
scoring_system epss
scoring_elements 0.85844
published_at 2026-04-13T12:55:00Z
5
value 0.02681
scoring_system epss
scoring_elements 0.85826
published_at 2026-04-08T12:55:00Z
6
value 0.02681
scoring_system epss
scoring_elements 0.85862
published_at 2026-04-16T12:55:00Z
7
value 0.02681
scoring_system epss
scoring_elements 0.85867
published_at 2026-04-18T12:55:00Z
8
value 0.02681
scoring_system epss
scoring_elements 0.85808
published_at 2026-04-07T12:55:00Z
9
value 0.02681
scoring_system epss
scoring_elements 0.85848
published_at 2026-04-12T12:55:00Z
10
value 0.02681
scoring_system epss
scoring_elements 0.85851
published_at 2026-04-11T12:55:00Z
11
value 0.02681
scoring_system epss
scoring_elements 0.85836
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-0270
3
reference_url https://bugs.launchpad.net/keystone/+bug/1099025
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1099025
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=909012
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=909012
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0270
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0270
6
reference_url https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8
7
reference_url https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276d6fdc
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276d6fdc
8
reference_url https://launchpad.net/keystone/grizzly/2013.1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://launchpad.net/keystone/grizzly/2013.1
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone1:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:2013.1:milestone1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone1:*:*:*:*:*:*
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone2:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:2013.1:milestone2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone2:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone3:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:2013.1:milestone3:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone3:*:*:*:*:*:*
13
reference_url https://access.redhat.com/security/cve/CVE-2013-0270
reference_id CVE-2013-0270
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2013-0270
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-0270
reference_id CVE-2013-0270
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-0270
15
reference_url https://github.com/advisories/GHSA-4ppj-4p4v-jf4p
reference_id GHSA-4ppj-4p4v-jf4p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4ppj-4p4v-jf4p
fixed_packages
0
url pkg:deb/debian/keystone@2014.1.3-6
purl pkg:deb/debian/keystone@2014.1.3-6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-844e-r6mn-bqh5
1
vulnerability VCID-96bg-ytf8-9fhd
2
vulnerability VCID-9dhg-r711-yfg6
3
vulnerability VCID-gdk6-a746-6fac
4
vulnerability VCID-p5un-b12x-tuh5
5
vulnerability VCID-qyjh-md45-hyhh
6
vulnerability VCID-r25g-be38-b3be
7
vulnerability VCID-rgkw-6ews-rked
8
vulnerability VCID-t2ap-zxfa-fkhe
9
vulnerability VCID-w6e4-zd31-g7hu
10
vulnerability VCID-wc5s-25xb-rqaa
11
vulnerability VCID-ztee-sxym-zffv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6
aliases CVE-2013-0270, GHSA-4ppj-4p4v-jf4p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qmyj-ffvg-tbe8
20
url VCID-qyjh-md45-hyhh
vulnerability_id VCID-qyjh-md45-hyhh
summary An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12691.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12691.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-12691
reference_id
reference_type
scores
0
value 0.03566
scoring_system epss
scoring_elements 0.87665
published_at 2026-04-01T12:55:00Z
1
value 0.03566
scoring_system epss
scoring_elements 0.8773
published_at 2026-04-21T12:55:00Z
2
value 0.03566
scoring_system epss
scoring_elements 0.87733
published_at 2026-04-18T12:55:00Z
3
value 0.03566
scoring_system epss
scoring_elements 0.87734
published_at 2026-04-16T12:55:00Z
4
value 0.03566
scoring_system epss
scoring_elements 0.87719
published_at 2026-04-13T12:55:00Z
5
value 0.03566
scoring_system epss
scoring_elements 0.87722
published_at 2026-04-12T12:55:00Z
6
value 0.03566
scoring_system epss
scoring_elements 0.87728
published_at 2026-04-11T12:55:00Z
7
value 0.03566
scoring_system epss
scoring_elements 0.87675
published_at 2026-04-02T12:55:00Z
8
value 0.03566
scoring_system epss
scoring_elements 0.87688
published_at 2026-04-04T12:55:00Z
9
value 0.03566
scoring_system epss
scoring_elements 0.87689
published_at 2026-04-07T12:55:00Z
10
value 0.03566
scoring_system epss
scoring_elements 0.8771
published_at 2026-04-08T12:55:00Z
11
value 0.03566
scoring_system epss
scoring_elements 0.87717
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-12691
2
reference_url https://bugs.launchpad.net/keystone/+bug/1872733
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1872733
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
9
reference_url https://github.com/openstack/keystone/commit/37e9907a176dad6843819b1bec4946c3aecc4548
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/37e9907a176dad6843819b1bec4946c3aecc4548
10
reference_url https://github.com/openstack/keystone/commit/40cbb7bebd50276412daa1981ff5a7c7b3b899a5
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/40cbb7bebd50276412daa1981ff5a7c7b3b899a5
11
reference_url https://github.com/openstack/keystone/commit/95b2bbeab113d9f04d1c81f7f1b48bf692bce979
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/95b2bbeab113d9f04d1c81f7f1b48bf692bce979
12
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-55.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-55.yaml
13
reference_url https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa@%3Ccommits.druid.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-12691
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-12691
16
reference_url https://security.openstack.org/ossa/OSSA-2020-004.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2020-004.html
17
reference_url https://usn.ubuntu.com/4480-1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4480-1
18
reference_url https://usn.ubuntu.com/4480-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4480-1/
19
reference_url https://www.openwall.com/lists/oss-security/2020/05/06/5
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2020/05/06/5
20
reference_url http://www.openwall.com/lists/oss-security/2020/05/07/2
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/05/07/2
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1830384
reference_id 1830384
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1830384
22
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900
reference_id 959900
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900
23
reference_url https://github.com/advisories/GHSA-4427-7f3w-mqv6
reference_id GHSA-4427-7f3w-mqv6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4427-7f3w-mqv6
24
reference_url https://access.redhat.com/errata/RHSA-2020:2732
reference_id RHSA-2020:2732
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2732
25
reference_url https://access.redhat.com/errata/RHSA-2020:3096
reference_id RHSA-2020:3096
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3096
26
reference_url https://access.redhat.com/errata/RHSA-2020:3102
reference_id RHSA-2020:3102
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3102
27
reference_url https://access.redhat.com/errata/RHSA-2020:3105
reference_id RHSA-2020:3105
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3105
fixed_packages
0
url pkg:deb/debian/keystone@2:14.2.0-0%2Bdeb10u1
purl pkg:deb/debian/keystone@2:14.2.0-0%2Bdeb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gdk6-a746-6fac
1
vulnerability VCID-p5un-b12x-tuh5
2
vulnerability VCID-qyjh-md45-hyhh
3
vulnerability VCID-r25g-be38-b3be
4
vulnerability VCID-rgkw-6ews-rked
5
vulnerability VCID-w6e4-zd31-g7hu
6
vulnerability VCID-wc5s-25xb-rqaa
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:14.2.0-0%252Bdeb10u1
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
2
vulnerability VCID-r25g-be38-b3be
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1
aliases CVE-2020-12691, GHSA-4427-7f3w-mqv6, PYSEC-2020-55
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qyjh-md45-hyhh
21
url VCID-r25g-be38-b3be
vulnerability_id VCID-r25g-be38-b3be
summary 
OpenStack Keystone allows /v3/ec2tokens or /v3/s3tokens request with valid AWS Signature to provide Keystone authorization.
OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65073.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65073.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-65073
reference_id
reference_type
scores
0
value 0.00026
scoring_system epss
scoring_elements 0.07203
published_at 2026-04-18T12:55:00Z
1
value 0.00026
scoring_system epss
scoring_elements 0.07329
published_at 2026-04-21T12:55:00Z
2
value 0.00026
scoring_system epss
scoring_elements 0.07208
published_at 2026-04-16T12:55:00Z
3
value 0.00049
scoring_system epss
scoring_elements 0.15087
published_at 2026-04-08T12:55:00Z
4
value 0.00049
scoring_system epss
scoring_elements 0.15193
published_at 2026-04-04T12:55:00Z
5
value 0.00049
scoring_system epss
scoring_elements 0.14999
published_at 2026-04-07T12:55:00Z
6
value 0.00049
scoring_system epss
scoring_elements 0.15139
published_at 2026-04-09T12:55:00Z
7
value 0.00049
scoring_system epss
scoring_elements 0.15006
published_at 2026-04-13T12:55:00Z
8
value 0.00049
scoring_system epss
scoring_elements 0.15067
published_at 2026-04-12T12:55:00Z
9
value 0.00049
scoring_system epss
scoring_elements 0.15126
published_at 2026-04-02T12:55:00Z
10
value 0.00049
scoring_system epss
scoring_elements 0.15105
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-65073
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65073
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65073
3
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
4
reference_url https://www.openwall.com/lists/oss-security/2025/11/04/2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-17T16:34:17Z/
url https://www.openwall.com/lists/oss-security/2025/11/04/2
5
reference_url http://www.openwall.com/lists/oss-security/2025/11/17/6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/11/17/6
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120053
reference_id 1120053
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120053
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2415344
reference_id 2415344
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2415344
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-65073
reference_id CVE-2025-65073
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-65073
9
reference_url https://github.com/advisories/GHSA-hcqg-5g63-7j9h
reference_id GHSA-hcqg-5g63-7j9h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hcqg-5g63-7j9h
10
reference_url https://access.redhat.com/errata/RHSA-2026:1958
reference_id RHSA-2026:1958
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1958
11
reference_url https://usn.ubuntu.com/7926-1/
reference_id USN-7926-1
reference_type
scores
url https://usn.ubuntu.com/7926-1/
fixed_packages
0
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1
aliases CVE-2025-65073, GHSA-hcqg-5g63-7j9h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r25g-be38-b3be
22
url VCID-rgkw-6ews-rked
vulnerability_id VCID-rgkw-6ews-rked
summary An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12689.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12689.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-12689
reference_id
reference_type
scores
0
value 0.01066
scoring_system epss
scoring_elements 0.77637
published_at 2026-04-01T12:55:00Z
1
value 0.01066
scoring_system epss
scoring_elements 0.77725
published_at 2026-04-21T12:55:00Z
2
value 0.01066
scoring_system epss
scoring_elements 0.77731
published_at 2026-04-18T12:55:00Z
3
value 0.01066
scoring_system epss
scoring_elements 0.77732
published_at 2026-04-16T12:55:00Z
4
value 0.01066
scoring_system epss
scoring_elements 0.77695
published_at 2026-04-13T12:55:00Z
5
value 0.01066
scoring_system epss
scoring_elements 0.77696
published_at 2026-04-12T12:55:00Z
6
value 0.01066
scoring_system epss
scoring_elements 0.77713
published_at 2026-04-11T12:55:00Z
7
value 0.01066
scoring_system epss
scoring_elements 0.77686
published_at 2026-04-09T12:55:00Z
8
value 0.01066
scoring_system epss
scoring_elements 0.77681
published_at 2026-04-08T12:55:00Z
9
value 0.01066
scoring_system epss
scoring_elements 0.77653
published_at 2026-04-07T12:55:00Z
10
value 0.01066
scoring_system epss
scoring_elements 0.77671
published_at 2026-04-04T12:55:00Z
11
value 0.01066
scoring_system epss
scoring_elements 0.77644
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-12689
2
reference_url https://bugs.launchpad.net/keystone/+bug/1872735
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1872735
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
9
reference_url https://github.com/openstack/keystone/commit/37e9907a176dad6843819b1bec4946c3aecc4548
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/37e9907a176dad6843819b1bec4946c3aecc4548
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-53.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-53.yaml
11
reference_url https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-12689
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-12689
13
reference_url https://security.openstack.org/ossa/OSSA-2020-004.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2020-004.html
14
reference_url https://usn.ubuntu.com/4480-1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4480-1
15
reference_url https://usn.ubuntu.com/4480-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4480-1/
16
reference_url https://www.openwall.com/lists/oss-security/2020/05/06/5
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2020/05/06/5
17
reference_url http://www.openwall.com/lists/oss-security/2020/05/07/2
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/05/07/2
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1830396
reference_id 1830396
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1830396
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900
reference_id 959900
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900
20
reference_url https://github.com/advisories/GHSA-chgw-36xv-47cw
reference_id GHSA-chgw-36xv-47cw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-chgw-36xv-47cw
21
reference_url https://access.redhat.com/errata/RHSA-2020:2732
reference_id RHSA-2020:2732
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2732
22
reference_url https://access.redhat.com/errata/RHSA-2020:3096
reference_id RHSA-2020:3096
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3096
23
reference_url https://access.redhat.com/errata/RHSA-2020:3102
reference_id RHSA-2020:3102
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3102
24
reference_url https://access.redhat.com/errata/RHSA-2020:3105
reference_id RHSA-2020:3105
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3105
fixed_packages
0
url pkg:deb/debian/keystone@2:14.2.0-0%2Bdeb10u1
purl pkg:deb/debian/keystone@2:14.2.0-0%2Bdeb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gdk6-a746-6fac
1
vulnerability VCID-p5un-b12x-tuh5
2
vulnerability VCID-qyjh-md45-hyhh
3
vulnerability VCID-r25g-be38-b3be
4
vulnerability VCID-rgkw-6ews-rked
5
vulnerability VCID-w6e4-zd31-g7hu
6
vulnerability VCID-wc5s-25xb-rqaa
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:14.2.0-0%252Bdeb10u1
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
2
vulnerability VCID-r25g-be38-b3be
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1
aliases CVE-2020-12689, GHSA-chgw-36xv-47cw, PYSEC-2020-53
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rgkw-6ews-rked
23
url VCID-s3gc-cxxf-63ed
vulnerability_id VCID-s3gc-cxxf-63ed
summary The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification (1) GET or (2) HEAD request to v3/auth/tokens/.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2014-1121.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1121.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-1122.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1122.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5252.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5252.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-5252
reference_id
reference_type
scores
0
value 0.00287
scoring_system epss
scoring_elements 0.52198
published_at 2026-04-13T12:55:00Z
1
value 0.00287
scoring_system epss
scoring_elements 0.52212
published_at 2026-04-12T12:55:00Z
2
value 0.00287
scoring_system epss
scoring_elements 0.52229
published_at 2026-04-11T12:55:00Z
3
value 0.00287
scoring_system epss
scoring_elements 0.52178
published_at 2026-04-09T12:55:00Z
4
value 0.00287
scoring_system epss
scoring_elements 0.52182
published_at 2026-04-08T12:55:00Z
5
value 0.00287
scoring_system epss
scoring_elements 0.52165
published_at 2026-04-04T12:55:00Z
6
value 0.00287
scoring_system epss
scoring_elements 0.5213
published_at 2026-04-07T12:55:00Z
7
value 0.00287
scoring_system epss
scoring_elements 0.52095
published_at 2026-04-01T12:55:00Z
8
value 0.00287
scoring_system epss
scoring_elements 0.52138
published_at 2026-04-02T12:55:00Z
9
value 0.00287
scoring_system epss
scoring_elements 0.52222
published_at 2026-04-21T12:55:00Z
10
value 0.00287
scoring_system epss
scoring_elements 0.5224
published_at 2026-04-18T12:55:00Z
11
value 0.00287
scoring_system epss
scoring_elements 0.52237
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-5252
4
reference_url https://bugs.launchpad.net/keystone/+bug/1348820
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1348820
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5252
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5252
6
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
7
reference_url https://github.com/openstack/keystone/commit/556fb860311675fc437585651e4602b2908451eb
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/556fb860311675fc437585651e4602b2908451eb
8
reference_url https://github.com/openstack/keystone/commit/a4c73e4382cb062aa9f30fe1960d5014d3c49cc2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/a4c73e4382cb062aa9f30fe1960d5014d3c49cc2
9
reference_url https://github.com/openstack/keystone/commit/bdb88c662ac2035f9b0d8a229a5db5f60f5f16ae
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/bdb88c662ac2035f9b0d8a229a5db5f60f5f16ae
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-108.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-108.yaml
11
reference_url http://www.openwall.com/lists/oss-security/2014/08/15/6
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/08/15/6
12
reference_url http://www.ubuntu.com/usn/USN-2324-1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2324-1
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1127250
reference_id 1127250
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1127250
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:juno-1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-1:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:juno-2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-2:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-5252
reference_id CVE-2014-5252
reference_type
scores
0
value 4.9
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:P/I:P/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-5252
20
reference_url https://github.com/advisories/GHSA-v8fq-gq9j-3v7h
reference_id GHSA-v8fq-gq9j-3v7h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v8fq-gq9j-3v7h
21
reference_url https://access.redhat.com/errata/RHSA-2014:1121
reference_id RHSA-2014:1121
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:1121
22
reference_url https://access.redhat.com/errata/RHSA-2014:1122
reference_id RHSA-2014:1122
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:1122
23
reference_url https://usn.ubuntu.com/2324-1/
reference_id USN-2324-1
reference_type
scores
url https://usn.ubuntu.com/2324-1/
fixed_packages
0
url pkg:deb/debian/keystone@2014.1.3-6
purl pkg:deb/debian/keystone@2014.1.3-6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-844e-r6mn-bqh5
1
vulnerability VCID-96bg-ytf8-9fhd
2
vulnerability VCID-9dhg-r711-yfg6
3
vulnerability VCID-gdk6-a746-6fac
4
vulnerability VCID-p5un-b12x-tuh5
5
vulnerability VCID-qyjh-md45-hyhh
6
vulnerability VCID-r25g-be38-b3be
7
vulnerability VCID-rgkw-6ews-rked
8
vulnerability VCID-t2ap-zxfa-fkhe
9
vulnerability VCID-w6e4-zd31-g7hu
10
vulnerability VCID-wc5s-25xb-rqaa
11
vulnerability VCID-ztee-sxym-zffv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6
aliases CVE-2014-5252, GHSA-v8fq-gq9j-3v7h, PYSEC-2014-108
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s3gc-cxxf-63ed
24
url VCID-s5ab-apmg-dqd9
vulnerability_id VCID-s5ab-apmg-dqd9
summary 
OpenStack Identity Keystone is vulnerable to Block delegation escalation of privilege
OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a (1) trust or (2) OAuth token with impersonation enabled to create a new token with additional roles.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00031.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00031.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3476.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3476.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3476
reference_id
reference_type
scores
0
value 0.00721
scoring_system epss
scoring_elements 0.72535
published_at 2026-04-21T12:55:00Z
1
value 0.00721
scoring_system epss
scoring_elements 0.72448
published_at 2026-04-07T12:55:00Z
2
value 0.00721
scoring_system epss
scoring_elements 0.72486
published_at 2026-04-08T12:55:00Z
3
value 0.00721
scoring_system epss
scoring_elements 0.72499
published_at 2026-04-09T12:55:00Z
4
value 0.00721
scoring_system epss
scoring_elements 0.72522
published_at 2026-04-11T12:55:00Z
5
value 0.00721
scoring_system epss
scoring_elements 0.72504
published_at 2026-04-12T12:55:00Z
6
value 0.00721
scoring_system epss
scoring_elements 0.72494
published_at 2026-04-13T12:55:00Z
7
value 0.00721
scoring_system epss
scoring_elements 0.72536
published_at 2026-04-16T12:55:00Z
8
value 0.00721
scoring_system epss
scoring_elements 0.72546
published_at 2026-04-18T12:55:00Z
9
value 0.00721
scoring_system epss
scoring_elements 0.72449
published_at 2026-04-01T12:55:00Z
10
value 0.00721
scoring_system epss
scoring_elements 0.72454
published_at 2026-04-02T12:55:00Z
11
value 0.00721
scoring_system epss
scoring_elements 0.72472
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3476
3
reference_url https://bugs.launchpad.net/keystone/+bug/1324592
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1324592
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3476
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3476
5
reference_url http://secunia.com/advisories/57886
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/57886
6
reference_url http://secunia.com/advisories/59547
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/59547
7
reference_url http://www.openwall.com/lists/oss-security/2014/06/12/3
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/06/12/3
8
reference_url http://www.securityfocus.com/bid/68026
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/68026
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1104524
reference_id 1104524
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1104524
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751454
reference_id 751454
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751454
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:cloud:3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:suse:cloud:3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:cloud:3:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3476
reference_id CVE-2014-3476
reference_type
scores
0
value 6.0
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:P/I:P/A:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3476
14
reference_url https://github.com/advisories/GHSA-274v-r947-v34r
reference_id GHSA-274v-r947-v34r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-274v-r947-v34r
15
reference_url https://access.redhat.com/errata/RHSA-2014:0994
reference_id RHSA-2014:0994
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0994
16
reference_url https://usn.ubuntu.com/2324-1/
reference_id USN-2324-1
reference_type
scores
url https://usn.ubuntu.com/2324-1/
fixed_packages
0
url pkg:deb/debian/keystone@2014.1.3-6
purl pkg:deb/debian/keystone@2014.1.3-6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-844e-r6mn-bqh5
1
vulnerability VCID-96bg-ytf8-9fhd
2
vulnerability VCID-9dhg-r711-yfg6
3
vulnerability VCID-gdk6-a746-6fac
4
vulnerability VCID-p5un-b12x-tuh5
5
vulnerability VCID-qyjh-md45-hyhh
6
vulnerability VCID-r25g-be38-b3be
7
vulnerability VCID-rgkw-6ews-rked
8
vulnerability VCID-t2ap-zxfa-fkhe
9
vulnerability VCID-w6e4-zd31-g7hu
10
vulnerability VCID-wc5s-25xb-rqaa
11
vulnerability VCID-ztee-sxym-zffv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6
aliases CVE-2014-3476, GHSA-274v-r947-v34r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s5ab-apmg-dqd9
25
url VCID-snpz-wwd6-dkb6
vulnerability_id VCID-snpz-wwd6-dkb6
summary OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106220.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106220.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2013-0806.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0806.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2006.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2006.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2006
reference_id
reference_type
scores
0
value 0.00039
scoring_system epss
scoring_elements 0.11773
published_at 2026-04-21T12:55:00Z
1
value 0.00039
scoring_system epss
scoring_elements 0.11758
published_at 2026-04-01T12:55:00Z
2
value 0.00039
scoring_system epss
scoring_elements 0.11876
published_at 2026-04-02T12:55:00Z
3
value 0.00039
scoring_system epss
scoring_elements 0.11922
published_at 2026-04-04T12:55:00Z
4
value 0.00039
scoring_system epss
scoring_elements 0.11707
published_at 2026-04-07T12:55:00Z
5
value 0.00039
scoring_system epss
scoring_elements 0.11791
published_at 2026-04-08T12:55:00Z
6
value 0.00039
scoring_system epss
scoring_elements 0.11843
published_at 2026-04-09T12:55:00Z
7
value 0.00039
scoring_system epss
scoring_elements 0.11854
published_at 2026-04-11T12:55:00Z
8
value 0.00039
scoring_system epss
scoring_elements 0.11815
published_at 2026-04-12T12:55:00Z
9
value 0.00039
scoring_system epss
scoring_elements 0.11788
published_at 2026-04-13T12:55:00Z
10
value 0.00039
scoring_system epss
scoring_elements 0.11653
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2006
5
reference_url https://bugs.launchpad.net/keystone/+bug/1172195
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1172195
6
reference_url https://bugs.launchpad.net/ossn/+bug/1168252
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/ossn/+bug/1168252
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2006
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2006
8
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
9
reference_url https://github.com/openstack/keystone/commit/c5037dd6b82909efaaa8720e8cfa8bdb8b4a0edd
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/c5037dd6b82909efaaa8720e8cfa8bdb8b4a0edd
10
reference_url https://github.com/openstack/keystone/commit/d43e2a51a1ed7adbed3c5ddf001d46bc4a824ae8
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/d43e2a51a1ed7adbed3c5ddf001d46bc4a824ae8
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-40.yaml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-40.yaml
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2006
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:N/C:P/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-2006
13
reference_url http://www.openwall.com/lists/oss-security/2013/04/24/1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/04/24/1
14
reference_url http://www.openwall.com/lists/oss-security/2013/04/24/2
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/04/24/2
15
reference_url http://www.securityfocus.com/bid/59411
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/59411
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=956007
reference_id 956007
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=956007
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:2013.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1.1:*:*:*:*:*:*:*
18
reference_url https://github.com/advisories/GHSA-rxrm-xvp4-jqvh
reference_id GHSA-rxrm-xvp4-jqvh
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rxrm-xvp4-jqvh
19
reference_url https://access.redhat.com/errata/RHSA-2013:0806
reference_id RHSA-2013:0806
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0806
fixed_packages
0
url pkg:deb/debian/keystone@2014.1.3-6
purl pkg:deb/debian/keystone@2014.1.3-6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-844e-r6mn-bqh5
1
vulnerability VCID-96bg-ytf8-9fhd
2
vulnerability VCID-9dhg-r711-yfg6
3
vulnerability VCID-gdk6-a746-6fac
4
vulnerability VCID-p5un-b12x-tuh5
5
vulnerability VCID-qyjh-md45-hyhh
6
vulnerability VCID-r25g-be38-b3be
7
vulnerability VCID-rgkw-6ews-rked
8
vulnerability VCID-t2ap-zxfa-fkhe
9
vulnerability VCID-w6e4-zd31-g7hu
10
vulnerability VCID-wc5s-25xb-rqaa
11
vulnerability VCID-ztee-sxym-zffv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6
aliases CVE-2013-2006, GHSA-rxrm-xvp4-jqvh, PYSEC-2013-40
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-snpz-wwd6-dkb6
26
url VCID-t2ap-zxfa-fkhe
vulnerability_id VCID-t2ap-zxfa-fkhe
summary The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4911.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4911.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-4911
reference_id
reference_type
scores
0
value 0.00304
scoring_system epss
scoring_elements 0.53592
published_at 2026-04-01T12:55:00Z
1
value 0.00304
scoring_system epss
scoring_elements 0.537
published_at 2026-04-21T12:55:00Z
2
value 0.00304
scoring_system epss
scoring_elements 0.53718
published_at 2026-04-18T12:55:00Z
3
value 0.00304
scoring_system epss
scoring_elements 0.53714
published_at 2026-04-16T12:55:00Z
4
value 0.00304
scoring_system epss
scoring_elements 0.53676
published_at 2026-04-13T12:55:00Z
5
value 0.00304
scoring_system epss
scoring_elements 0.53693
published_at 2026-04-12T12:55:00Z
6
value 0.00304
scoring_system epss
scoring_elements 0.5371
published_at 2026-04-11T12:55:00Z
7
value 0.00304
scoring_system epss
scoring_elements 0.53661
published_at 2026-04-09T12:55:00Z
8
value 0.00304
scoring_system epss
scoring_elements 0.53663
published_at 2026-04-08T12:55:00Z
9
value 0.00304
scoring_system epss
scoring_elements 0.53611
published_at 2026-04-07T12:55:00Z
10
value 0.00304
scoring_system epss
scoring_elements 0.53644
published_at 2026-04-04T12:55:00Z
11
value 0.00304
scoring_system epss
scoring_elements 0.53616
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-4911
2
reference_url https://bugs.launchpad.net/keystone/+bug/1577558
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1577558
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4911
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4911
4
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
5
reference_url https://github.com/openstack/keystone/commit/0d376025bae61bf5ee19d992c7f336b99ac69240
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/0d376025bae61bf5ee19d992c7f336b99ac69240
6
reference_url https://github.com/openstack/keystone/commit/ee1dc941042d1f71699971c5c30566af1b348572
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/ee1dc941042d1f71699971c5c30566af1b348572
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2016-38.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2016-38.yaml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-4911
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:P/A:N
1
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
2
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-4911
9
reference_url https://review.openstack.org/#/c/311886
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/c/311886
10
reference_url https://review.openstack.org/#/c/311886/
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
url https://review.openstack.org/#/c/311886/
11
reference_url https://security.openstack.org/ossa/OSSA-2016-008.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2016-008.html
12
reference_url http://www.openwall.com/lists/oss-security/2016/05/17/10
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/05/17/10
13
reference_url http://www.openwall.com/lists/oss-security/2016/05/17/11
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/05/17/11
14
reference_url http://www.securityfocus.com/bid/90728
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
url http://www.securityfocus.com/bid/90728
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1337079
reference_id 1337079
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1337079
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824683
reference_id 824683
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824683
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc1:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc2:*:*:*:*:*:*
reference_id cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc2:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc3:*:*:*:*:*:*
reference_id cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc3:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc3:*:*:*:*:*:*
20
reference_url https://github.com/advisories/GHSA-f82m-w3p3-cgp3
reference_id GHSA-f82m-w3p3-cgp3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f82m-w3p3-cgp3
fixed_packages
0
url pkg:deb/debian/keystone@2:10.0.0-9%2Bdeb9u1
purl pkg:deb/debian/keystone@2:10.0.0-9%2Bdeb9u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gdk6-a746-6fac
1
vulnerability VCID-p5un-b12x-tuh5
2
vulnerability VCID-qyjh-md45-hyhh
3
vulnerability VCID-r25g-be38-b3be
4
vulnerability VCID-rgkw-6ews-rked
5
vulnerability VCID-w6e4-zd31-g7hu
6
vulnerability VCID-wc5s-25xb-rqaa
7
vulnerability VCID-ztee-sxym-zffv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:10.0.0-9%252Bdeb9u1
aliases CVE-2016-4911, GHSA-f82m-w3p3-cgp3, PYSEC-2016-38
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t2ap-zxfa-fkhe
27
url VCID-uexc-7rt7-hbgx
vulnerability_id VCID-uexc-7rt7-hbgx
summary 
OpenStack Keystone and other components vulnerable to Improper Certificate Validation
HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2255.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2255.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2255
reference_id
reference_type
scores
0
value 0.00414
scoring_system epss
scoring_elements 0.61656
published_at 2026-04-16T12:55:00Z
1
value 0.00414
scoring_system epss
scoring_elements 0.61614
published_at 2026-04-13T12:55:00Z
2
value 0.00414
scoring_system epss
scoring_elements 0.61634
published_at 2026-04-12T12:55:00Z
3
value 0.00414
scoring_system epss
scoring_elements 0.61645
published_at 2026-04-21T12:55:00Z
4
value 0.00414
scoring_system epss
scoring_elements 0.61624
published_at 2026-04-09T12:55:00Z
5
value 0.00414
scoring_system epss
scoring_elements 0.61609
published_at 2026-04-08T12:55:00Z
6
value 0.00414
scoring_system epss
scoring_elements 0.61561
published_at 2026-04-07T12:55:00Z
7
value 0.00414
scoring_system epss
scoring_elements 0.6159
published_at 2026-04-04T12:55:00Z
8
value 0.00414
scoring_system epss
scoring_elements 0.61562
published_at 2026-04-02T12:55:00Z
9
value 0.00414
scoring_system epss
scoring_elements 0.61661
published_at 2026-04-18T12:55:00Z
10
value 0.00414
scoring_system epss
scoring_elements 0.61487
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2255
2
reference_url https://bugs.launchpad.net/ossn/+bug/1188189
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/ossn/+bug/1188189
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2255
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2255
4
reference_url https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-2255
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-2255
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2255
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2255
6
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/85562
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/85562
7
reference_url https://github.com/openstack/cinder/commit/0f9652d92e175a1f7dc3c2a37ab444b8f189375a
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/cinder/commit/0f9652d92e175a1f7dc3c2a37ab444b8f189375a
8
reference_url https://github.com/openstack/keystone/commit/5bd4c2984d329625a2a8442b316fa235dbb88a3d
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/5bd4c2984d329625a2a8442b316fa235dbb88a3d
9
reference_url https://github.com/openstack/neutron/commit/7255e056092f034daaeb4246a812900645d46911
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/neutron/commit/7255e056092f034daaeb4246a812900645d46911
10
reference_url https://github.com/openstack/python-keystoneclient/commit/20e166fd8a943ee3f91ba362a47e9c14c7cc5f4c
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/python-keystoneclient/commit/20e166fd8a943ee3f91ba362a47e9c14c7cc5f4c
11
reference_url https://web.archive.org/web/20200229073508/https://www.securityfocus.com/bid/61118
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200229073508/https://www.securityfocus.com/bid/61118
12
reference_url https://www.securityfocus.com/bid/61118
reference_id
reference_type
scores
url https://www.securityfocus.com/bid/61118
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=924514
reference_id 924514
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=924514
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:compute:2013.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:compute:2013.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:compute:2013.1:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:2013:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
21
reference_url https://access.redhat.com/security/cve/cve-2013-2255
reference_id CVE-2013-2255
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/cve-2013-2255
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2255
reference_id CVE-2013-2255
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:P/A:N
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-2255
23
reference_url https://security-tracker.debian.org/tracker/CVE-2013-2255
reference_id CVE-2013-2255
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security-tracker.debian.org/tracker/CVE-2013-2255
24
reference_url https://github.com/advisories/GHSA-qh2x-hpf9-cf2g
reference_id GHSA-qh2x-hpf9-cf2g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qh2x-hpf9-cf2g
fixed_packages
0
url pkg:deb/debian/keystone@2014.1.3-6
purl pkg:deb/debian/keystone@2014.1.3-6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-844e-r6mn-bqh5
1
vulnerability VCID-96bg-ytf8-9fhd
2
vulnerability VCID-9dhg-r711-yfg6
3
vulnerability VCID-gdk6-a746-6fac
4
vulnerability VCID-p5un-b12x-tuh5
5
vulnerability VCID-qyjh-md45-hyhh
6
vulnerability VCID-r25g-be38-b3be
7
vulnerability VCID-rgkw-6ews-rked
8
vulnerability VCID-t2ap-zxfa-fkhe
9
vulnerability VCID-w6e4-zd31-g7hu
10
vulnerability VCID-wc5s-25xb-rqaa
11
vulnerability VCID-ztee-sxym-zffv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6
aliases CVE-2013-2255, GHSA-qh2x-hpf9-cf2g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uexc-7rt7-hbgx
28
url VCID-w6e4-zd31-g7hu
vulnerability_id VCID-w6e4-zd31-g7hu
summary An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. This results in the provided keystone token having more role assignments than the creator intended, possibly giving unintended escalated access.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12690.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12690.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-12690
reference_id
reference_type
scores
0
value 0.00817
scoring_system epss
scoring_elements 0.74373
published_at 2026-04-21T12:55:00Z
1
value 0.00817
scoring_system epss
scoring_elements 0.7438
published_at 2026-04-18T12:55:00Z
2
value 0.00817
scoring_system epss
scoring_elements 0.74372
published_at 2026-04-16T12:55:00Z
3
value 0.00817
scoring_system epss
scoring_elements 0.74288
published_at 2026-04-01T12:55:00Z
4
value 0.00817
scoring_system epss
scoring_elements 0.74335
published_at 2026-04-13T12:55:00Z
5
value 0.00817
scoring_system epss
scoring_elements 0.74343
published_at 2026-04-12T12:55:00Z
6
value 0.00817
scoring_system epss
scoring_elements 0.74363
published_at 2026-04-11T12:55:00Z
7
value 0.00817
scoring_system epss
scoring_elements 0.74342
published_at 2026-04-09T12:55:00Z
8
value 0.00817
scoring_system epss
scoring_elements 0.74327
published_at 2026-04-08T12:55:00Z
9
value 0.00817
scoring_system epss
scoring_elements 0.74294
published_at 2026-04-07T12:55:00Z
10
value 0.00817
scoring_system epss
scoring_elements 0.74321
published_at 2026-04-04T12:55:00Z
11
value 0.00817
scoring_system epss
scoring_elements 0.74293
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-12690
2
reference_url https://bugs.launchpad.net/keystone/+bug/1873290
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1873290
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/advisories/GHSA-6m8p-x4qw-gh5j
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-6m8p-x4qw-gh5j
9
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-54.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-54.yaml
11
reference_url https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-12690
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-12690
13
reference_url https://security.openstack.org/ossa/OSSA-2020-005.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2020-005.html
14
reference_url https://usn.ubuntu.com/4480-1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4480-1
15
reference_url https://usn.ubuntu.com/4480-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4480-1/
16
reference_url https://www.openwall.com/lists/oss-security/2020/05/06/6
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2020/05/06/6
17
reference_url http://www.openwall.com/lists/oss-security/2020/05/07/3
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/05/07/3
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1830395
reference_id 1830395
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1830395
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900
reference_id 959900
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900
20
reference_url https://access.redhat.com/errata/RHSA-2020:3102
reference_id RHSA-2020:3102
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3102
21
reference_url https://access.redhat.com/errata/RHSA-2020:3105
reference_id RHSA-2020:3105
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3105
fixed_packages
0
url pkg:deb/debian/keystone@2:14.2.0-0%2Bdeb10u1
purl pkg:deb/debian/keystone@2:14.2.0-0%2Bdeb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gdk6-a746-6fac
1
vulnerability VCID-p5un-b12x-tuh5
2
vulnerability VCID-qyjh-md45-hyhh
3
vulnerability VCID-r25g-be38-b3be
4
vulnerability VCID-rgkw-6ews-rked
5
vulnerability VCID-w6e4-zd31-g7hu
6
vulnerability VCID-wc5s-25xb-rqaa
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:14.2.0-0%252Bdeb10u1
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
2
vulnerability VCID-r25g-be38-b3be
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1
aliases CVE-2020-12690, GHSA-6m8p-x4qw-gh5j, PYSEC-2020-54
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w6e4-zd31-g7hu
29
url VCID-wc5s-25xb-rqaa
vulnerability_id VCID-wc5s-25xb-rqaa
summary An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12692.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12692.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-12692
reference_id
reference_type
scores
0
value 0.0014
scoring_system epss
scoring_elements 0.34158
published_at 2026-04-21T12:55:00Z
1
value 0.0014
scoring_system epss
scoring_elements 0.34194
published_at 2026-04-18T12:55:00Z
2
value 0.0014
scoring_system epss
scoring_elements 0.34207
published_at 2026-04-16T12:55:00Z
3
value 0.0014
scoring_system epss
scoring_elements 0.33931
published_at 2026-04-01T12:55:00Z
4
value 0.0014
scoring_system epss
scoring_elements 0.34174
published_at 2026-04-13T12:55:00Z
5
value 0.0014
scoring_system epss
scoring_elements 0.34197
published_at 2026-04-12T12:55:00Z
6
value 0.0014
scoring_system epss
scoring_elements 0.34238
published_at 2026-04-11T12:55:00Z
7
value 0.0014
scoring_system epss
scoring_elements 0.34209
published_at 2026-04-08T12:55:00Z
8
value 0.0014
scoring_system epss
scoring_elements 0.34166
published_at 2026-04-07T12:55:00Z
9
value 0.0014
scoring_system epss
scoring_elements 0.34303
published_at 2026-04-04T12:55:00Z
10
value 0.0014
scoring_system epss
scoring_elements 0.3427
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-12692
2
reference_url https://bugs.launchpad.net/keystone/+bug/1872737
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1872737
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-56.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-56.yaml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-12692
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-12692
11
reference_url https://opendev.org/openstack/keystone/commit/ab89ea749013e7f2c46260f68504f5687763e019
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/keystone/commit/ab89ea749013e7f2c46260f68504f5687763e019
12
reference_url https://security.openstack.org/ossa/OSSA-2020-003.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2020-003.html
13
reference_url https://usn.ubuntu.com/4480-1
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4480-1
14
reference_url https://usn.ubuntu.com/4480-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4480-1/
15
reference_url https://www.openwall.com/lists/oss-security/2020/05/06/4
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2020/05/06/4
16
reference_url http://www.openwall.com/lists/oss-security/2020/05/07/1
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/05/07/1
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1833164
reference_id 1833164
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1833164
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900
reference_id 959900
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900
19
reference_url https://github.com/advisories/GHSA-rqw2-hhrf-7936
reference_id GHSA-rqw2-hhrf-7936
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rqw2-hhrf-7936
20
reference_url https://access.redhat.com/errata/RHSA-2020:2732
reference_id RHSA-2020:2732
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2732
21
reference_url https://access.redhat.com/errata/RHSA-2020:3102
reference_id RHSA-2020:3102
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3102
22
reference_url https://access.redhat.com/errata/RHSA-2020:3105
reference_id RHSA-2020:3105
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3105
fixed_packages
0
url pkg:deb/debian/keystone@2:14.2.0-0%2Bdeb10u1
purl pkg:deb/debian/keystone@2:14.2.0-0%2Bdeb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gdk6-a746-6fac
1
vulnerability VCID-p5un-b12x-tuh5
2
vulnerability VCID-qyjh-md45-hyhh
3
vulnerability VCID-r25g-be38-b3be
4
vulnerability VCID-rgkw-6ews-rked
5
vulnerability VCID-w6e4-zd31-g7hu
6
vulnerability VCID-wc5s-25xb-rqaa
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:14.2.0-0%252Bdeb10u1
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
2
vulnerability VCID-r25g-be38-b3be
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1
aliases CVE-2020-12692, GHSA-rqw2-hhrf-7936, PYSEC-2020-56
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wc5s-25xb-rqaa
30
url VCID-wm8s-rmkk-mugb
vulnerability_id VCID-wm8s-rmkk-mugb
summary The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.
references
0
reference_url http://osvdb.org/97237
reference_id
reference_type
scores
url http://osvdb.org/97237
1
reference_url http://rhn.redhat.com/errata/RHSA-2013-1285.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1285.html
2
reference_url https://access.redhat.com/errata/RHSA-2013:1285
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2013:1285
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4294.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4294.json
4
reference_url https://access.redhat.com/security/cve/CVE-2013-4294
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2013-4294
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4294
reference_id
reference_type
scores
0
value 0.008
scoring_system epss
scoring_elements 0.7399
published_at 2026-04-01T12:55:00Z
1
value 0.008
scoring_system epss
scoring_elements 0.74086
published_at 2026-04-18T12:55:00Z
2
value 0.008
scoring_system epss
scoring_elements 0.74077
published_at 2026-04-21T12:55:00Z
3
value 0.008
scoring_system epss
scoring_elements 0.74038
published_at 2026-04-13T12:55:00Z
4
value 0.008
scoring_system epss
scoring_elements 0.74045
published_at 2026-04-12T12:55:00Z
5
value 0.008
scoring_system epss
scoring_elements 0.74064
published_at 2026-04-11T12:55:00Z
6
value 0.008
scoring_system epss
scoring_elements 0.74027
published_at 2026-04-08T12:55:00Z
7
value 0.008
scoring_system epss
scoring_elements 0.73994
published_at 2026-04-07T12:55:00Z
8
value 0.008
scoring_system epss
scoring_elements 0.74023
published_at 2026-04-04T12:55:00Z
9
value 0.008
scoring_system epss
scoring_elements 0.73997
published_at 2026-04-02T12:55:00Z
10
value 0.008
scoring_system epss
scoring_elements 0.74042
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4294
6
reference_url https://bugs.launchpad.net/keystone/+bug/1202952
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1202952
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1004452
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1004452
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4294
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4294
9
reference_url http://seclists.org/oss-sec/2013/q3/586
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/oss-sec/2013/q3/586
10
reference_url http://secunia.com/advisories/54706
reference_id
reference_type
scores
url http://secunia.com/advisories/54706
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-42.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-42.yaml
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4294
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4294
13
reference_url https://opendev.org/openstack/keystone
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/keystone
14
reference_url http://www.ubuntu.com/usn/USN-2002-1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2002-1
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722505
reference_id 722505
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722505
16
reference_url https://github.com/advisories/GHSA-5qpp-v56f-mqfm
reference_id GHSA-5qpp-v56f-mqfm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5qpp-v56f-mqfm
17
reference_url https://usn.ubuntu.com/2002-1/
reference_id USN-2002-1
reference_type
scores
url https://usn.ubuntu.com/2002-1/
fixed_packages
0
url pkg:deb/debian/keystone@2014.1.3-6
purl pkg:deb/debian/keystone@2014.1.3-6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-844e-r6mn-bqh5
1
vulnerability VCID-96bg-ytf8-9fhd
2
vulnerability VCID-9dhg-r711-yfg6
3
vulnerability VCID-gdk6-a746-6fac
4
vulnerability VCID-p5un-b12x-tuh5
5
vulnerability VCID-qyjh-md45-hyhh
6
vulnerability VCID-r25g-be38-b3be
7
vulnerability VCID-rgkw-6ews-rked
8
vulnerability VCID-t2ap-zxfa-fkhe
9
vulnerability VCID-w6e4-zd31-g7hu
10
vulnerability VCID-wc5s-25xb-rqaa
11
vulnerability VCID-ztee-sxym-zffv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6
aliases CVE-2013-4294, GHSA-5qpp-v56f-mqfm, PYSEC-2013-42
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wm8s-rmkk-mugb
31
url VCID-ztee-sxym-zffv
vulnerability_id VCID-ztee-sxym-zffv
summary security update
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14432.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14432.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14432
reference_id
reference_type
scores
0
value 0.01139
scoring_system epss
scoring_elements 0.78351
published_at 2026-04-01T12:55:00Z
1
value 0.01139
scoring_system epss
scoring_elements 0.78357
published_at 2026-04-02T12:55:00Z
2
value 0.01139
scoring_system epss
scoring_elements 0.78388
published_at 2026-04-04T12:55:00Z
3
value 0.01139
scoring_system epss
scoring_elements 0.78372
published_at 2026-04-07T12:55:00Z
4
value 0.01139
scoring_system epss
scoring_elements 0.78398
published_at 2026-04-08T12:55:00Z
5
value 0.01139
scoring_system epss
scoring_elements 0.78404
published_at 2026-04-09T12:55:00Z
6
value 0.01139
scoring_system epss
scoring_elements 0.7843
published_at 2026-04-11T12:55:00Z
7
value 0.01139
scoring_system epss
scoring_elements 0.78412
published_at 2026-04-12T12:55:00Z
8
value 0.01139
scoring_system epss
scoring_elements 0.78405
published_at 2026-04-13T12:55:00Z
9
value 0.01139
scoring_system epss
scoring_elements 0.78434
published_at 2026-04-16T12:55:00Z
10
value 0.01139
scoring_system epss
scoring_elements 0.78432
published_at 2026-04-18T12:55:00Z
11
value 0.01139
scoring_system epss
scoring_elements 0.78428
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14432
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14432
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1606868
reference_id 1606868
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1606868
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904616
reference_id 904616
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904616
6
reference_url https://access.redhat.com/errata/RHSA-2018:2523
reference_id RHSA-2018:2523
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2523
7
reference_url https://access.redhat.com/errata/RHSA-2018:2533
reference_id RHSA-2018:2533
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2533
8
reference_url https://access.redhat.com/errata/RHSA-2018:2543
reference_id RHSA-2018:2543
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2543
fixed_packages
0
url pkg:deb/debian/keystone@2:10.0.0-9%2Bdeb9u1
purl pkg:deb/debian/keystone@2:10.0.0-9%2Bdeb9u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gdk6-a746-6fac
1
vulnerability VCID-p5un-b12x-tuh5
2
vulnerability VCID-qyjh-md45-hyhh
3
vulnerability VCID-r25g-be38-b3be
4
vulnerability VCID-rgkw-6ews-rked
5
vulnerability VCID-w6e4-zd31-g7hu
6
vulnerability VCID-wc5s-25xb-rqaa
7
vulnerability VCID-ztee-sxym-zffv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:10.0.0-9%252Bdeb9u1
1
url pkg:deb/debian/keystone@2:14.2.0-0%2Bdeb10u1
purl pkg:deb/debian/keystone@2:14.2.0-0%2Bdeb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gdk6-a746-6fac
1
vulnerability VCID-p5un-b12x-tuh5
2
vulnerability VCID-qyjh-md45-hyhh
3
vulnerability VCID-r25g-be38-b3be
4
vulnerability VCID-rgkw-6ews-rked
5
vulnerability VCID-w6e4-zd31-g7hu
6
vulnerability VCID-wc5s-25xb-rqaa
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:14.2.0-0%252Bdeb10u1
aliases CVE-2018-14432
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ztee-sxym-zffv
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1.1-13%252Bwheezy1