Package Instance

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/05a129e54573b6cbda1ec095f4526f2b9ba90a90

reference_url

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/05a129e54573b6cbda1ec095f4526f2b9ba90a90

reference_url

https://github.com/openstack/keystone/commit/2139639eeabc8f6941f4461fc87d609cde3118c2

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/2139639eeabc8f6941f4461fc87d609cde3118c2

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2018-152.yaml

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2018-152.yaml

reference_url

http://www.securityfocus.com/bid/98032

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/98032

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861189
reference_id	861189
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861189

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:10:::::::*
reference_id	cpe:2.3:a:redhat:openstack:10:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:10:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:9:::::::*
reference_id	cpe:2.3:a:redhat:openstack:9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:9:::::::*

reference_url

https://access.redhat.com/security/cve/CVE-2017-2673

reference_id

CVE-2017-2673

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2017-2673

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-2673

reference_id

CVE-2017-2673

reference_type

scores

value	6.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:P/A:P

value	6.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	7.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-2673

reference_url

https://github.com/advisories/GHSA-j36m-hv43-7w7m

reference_id

GHSA-j36m-hv43-7w7m

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j36m-hv43-7w7m

reference_url	https://usn.ubuntu.com/3448-1/
reference_id	USN-3448-1
reference_type
scores
url	https://usn.ubuntu.com/3448-1/

fixed_packages

url pkg:deb/debian/keystone@2:10.0.0-9%2Bdeb9u1

purl pkg:deb/debian/keystone@2:10.0.0-9%2Bdeb9u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gdk6-a746-6fac

vulnerability	VCID-p5un-b12x-tuh5

vulnerability	VCID-qyjh-md45-hyhh

vulnerability	VCID-r25g-be38-b3be

vulnerability	VCID-rgkw-6ews-rked

vulnerability	VCID-w6e4-zd31-g7hu

vulnerability	VCID-wc5s-25xb-rqaa

vulnerability	VCID-ztee-sxym-zffv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:10.0.0-9%252Bdeb9u1

aliases CVE-2017-2673, GHSA-j36m-hv43-7w7m, PYSEC-2018-152

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-96bg-ytf8-9fhd

url VCID-9dhg-r711-yfg6

vulnerability_id VCID-9dhg-r711-yfg6

summary

Exposure of Sensitive Information to an Unauthorized Actor
OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs.

references

reference_url

http://lists.openstack.org/pipermail/openstack-announce/2015-May/000356.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.openstack.org/pipermail/openstack-announce/2015-May/000356.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3646.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3646.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-3646

reference_id

reference_type

scores

value	0.00177
scoring_system	epss
scoring_elements	0.39207
published_at	2026-04-18T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39236
published_at	2026-04-16T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39156
published_at	2026-04-07T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.3921
published_at	2026-04-08T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39226
published_at	2026-04-09T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39238
published_at	2026-04-11T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39201
published_at	2026-04-12T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39182
published_at	2026-04-13T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39029
published_at	2026-04-01T12:55:00Z

value	0.00177
scoring_system	epss
scoring_elements	0.39214
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-3646

reference_url

https://bugs.launchpad.net/keystone/+bug/1443598

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1443598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3646
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3646

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:P/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210122154200/http://www.securityfocus.com/bid/74456

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210122154200/http://www.securityfocus.com/bid/74456

reference_url

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1218640
reference_id	1218640
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1218640

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-3646

reference_id

CVE-2015-3646

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-3646

reference_url

https://github.com/advisories/GHSA-jwpw-ppj5-7h4w

reference_id

GHSA-jwpw-ppj5-7h4w

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jwpw-ppj5-7h4w

fixed_packages

url pkg:deb/debian/keystone@2:9.0.0-2~bpo8%2B1

purl pkg:deb/debian/keystone@2:9.0.0-2~bpo8%2B1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-96bg-ytf8-9fhd

vulnerability	VCID-gdk6-a746-6fac

vulnerability	VCID-p5un-b12x-tuh5

vulnerability	VCID-qyjh-md45-hyhh

vulnerability	VCID-r25g-be38-b3be

vulnerability	VCID-rgkw-6ews-rked

vulnerability	VCID-t2ap-zxfa-fkhe

vulnerability	VCID-w6e4-zd31-g7hu

vulnerability	VCID-wc5s-25xb-rqaa

vulnerability	VCID-ztee-sxym-zffv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:9.0.0-2~bpo8%252B1

aliases CVE-2015-3646, GHSA-jwpw-ppj5-7h4w

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9dhg-r711-yfg6

url VCID-gdk6-a746-6fac

vulnerability_id VCID-gdk6-a746-6fac

summary OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforce_scope is false. Users with a role on a project are able to view any other users' credentials, which could (for example) leak sign-on information for Time-based One Time Passwords (TOTP). Deployments with enforce_scope set to false are affected. (There will be a slight performance impact for the list credentials API once this issue is fixed.)

references

reference_url

https://access.redhat.com/errata/RHSA-2019:4358

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:4358

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19687.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19687.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-19687

reference_id

reference_type

scores

value	0.00728
scoring_system	epss
scoring_elements	0.72565
published_at	2026-04-01T12:55:00Z

value	0.00728
scoring_system	epss
scoring_elements	0.72664
published_at	2026-04-18T12:55:00Z

value	0.00728
scoring_system	epss
scoring_elements	0.72654
published_at	2026-04-16T12:55:00Z

value	0.00728
scoring_system	epss
scoring_elements	0.72612
published_at	2026-04-13T12:55:00Z

value	0.00728
scoring_system	epss
scoring_elements	0.72566
published_at	2026-04-07T12:55:00Z

value	0.00728
scoring_system	epss
scoring_elements	0.72589
published_at	2026-04-04T12:55:00Z

value	0.00728
scoring_system	epss
scoring_elements	0.72573
published_at	2026-04-02T12:55:00Z

value	0.00728
scoring_system	epss
scoring_elements	0.72622
published_at	2026-04-12T12:55:00Z

value	0.00728
scoring_system	epss
scoring_elements	0.72639
published_at	2026-04-11T12:55:00Z

value	0.00728
scoring_system	epss
scoring_elements	0.72616
published_at	2026-04-09T12:55:00Z

value	0.00728
scoring_system	epss
scoring_elements	0.72604
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-19687

reference_url

https://bugs.launchpad.net/keystone/+bug/1855080

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1855080

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1781470

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1781470

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19687
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19687

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/17947516b0095c51da5cff94771247f2e7c44ee6

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/17947516b0095c51da5cff94771247f2e7c44ee6

reference_url

https://github.com/openstack/keystone/commit/17c337dbdbfb9d548ad531c2ad0483c9bce5b98f

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/17c337dbdbfb9d548ad531c2ad0483c9bce5b98f

reference_url

https://github.com/openstack/keystone/commit/bd3f63787151183f4daa43578aa491856fefae5b

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/bd3f63787151183f4daa43578aa491856fefae5b

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2019-29.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2019-29.yaml

reference_url

https://git.openstack.org/cgit/openstack/keystone/commit/?id=17947516b0095c51da5cff94771247f2e7c44ee6

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://git.openstack.org/cgit/openstack/keystone/commit/?id=17947516b0095c51da5cff94771247f2e7c44ee6

reference_url

https://git.openstack.org/cgit/openstack/keystone/commit/?id=17c337dbdbfb9d548ad531c2ad0483c9bce5b98f

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://git.openstack.org/cgit/openstack/keystone/commit/?id=17c337dbdbfb9d548ad531c2ad0483c9bce5b98f

reference_url

https://git.openstack.org/cgit/openstack/keystone/commit/?id=bd3f63787151183f4daa43578aa491856fefae5b

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://git.openstack.org/cgit/openstack/keystone/commit/?id=bd3f63787151183f4daa43578aa491856fefae5b

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-19687

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-19687

reference_url

https://review.opendev.org/#/c/697355

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://review.opendev.org/#/c/697355

reference_url	https://review.opendev.org/#/c/697355/
reference_id
reference_type
scores
url	https://review.opendev.org/#/c/697355/

reference_url

https://review.opendev.org/#/c/697611

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://review.opendev.org/#/c/697611

reference_url	https://review.opendev.org/#/c/697611/
reference_id
reference_type
scores
url	https://review.opendev.org/#/c/697611/

reference_url

https://review.opendev.org/#/c/697731

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://review.opendev.org/#/c/697731

reference_url	https://review.opendev.org/#/c/697731/
reference_id
reference_type
scores
url	https://review.opendev.org/#/c/697731/

reference_url

https://security.openstack.org/ossa/OSSA-2019-006.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.openstack.org/ossa/OSSA-2019-006.html

reference_url

https://usn.ubuntu.com/4262-1

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://usn.ubuntu.com/4262-1

reference_url	https://usn.ubuntu.com/4262-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4262-1/

reference_url

http://www.openwall.com/lists/oss-security/2019/12/11/8

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2019/12/11/8

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946614
reference_id	946614
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946614

reference_url

https://github.com/advisories/GHSA-2j23-fwqm-mgwr

reference_id

GHSA-2j23-fwqm-mgwr

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2j23-fwqm-mgwr

fixed_packages

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6wj2-abbb-xqf6

vulnerability	VCID-93vc-hgec-nfe6

vulnerability	VCID-r25g-be38-b3be

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1

aliases CVE-2019-19687, GHSA-2j23-fwqm-mgwr, PYSEC-2019-29

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gdk6-a746-6fac

url VCID-p5un-b12x-tuh5

vulnerability_id VCID-p5un-b12x-tuh5

summary

OpenStack Keystone allows information disclosure during account locking
OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). By guessing the name of an account and failing to authenticate multiple times, any unauthenticated actor could both confirm the account exists and obtain that account's corresponding UUID, which might be leveraged for other unrelated attacks. All deployments enabling security_compliance.lockout_failure_attempts are affected.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-38155

reference_id

reference_type

scores

value	0.00737
scoring_system	epss
scoring_elements	0.72775
published_at	2026-04-01T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.72882
published_at	2026-04-18T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.72872
published_at	2026-04-16T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.72838
published_at	2026-04-12T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.72855
published_at	2026-04-11T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.7283
published_at	2026-04-13T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.72817
published_at	2026-04-08T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.72779
published_at	2026-04-07T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.72802
published_at	2026-04-04T12:55:00Z

value	0.00737
scoring_system	epss
scoring_elements	0.72781
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-38155

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38155
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38155

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/1b573ae7d1c20e0ebfbde79bbe7538a09589c75d

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/1b573ae7d1c20e0ebfbde79bbe7538a09589c75d

reference_url

https://github.com/openstack/keystone/commit/8ab4eb27be4c13c9bab2b3ea700f00a190521bf8

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/8ab4eb27be4c13c9bab2b3ea700f00a190521bf8

reference_url

https://github.com/openstack/keystone/commit/ac2631ae33445877094cdae796fbcdce8833a626

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/ac2631ae33445877094cdae796fbcdce8833a626

reference_url

https://launchpad.net/bugs/1688137

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://launchpad.net/bugs/1688137

reference_url

https://lists.debian.org/debian-lts-announce/2024/01/msg00007.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/01/msg00007.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-38155

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-38155

reference_url

https://security.openstack.org/ossa/OSSA-2021-003.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.openstack.org/ossa/OSSA-2021-003.html

reference_url

http://www.openwall.com/lists/oss-security/2021/08/10/5

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2021/08/10/5

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992070
reference_id	992070
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992070

reference_url

https://github.com/advisories/GHSA-4225-97pr-rr52

reference_id

GHSA-4225-97pr-rr52

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4225-97pr-rr52

fixed_packages

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6wj2-abbb-xqf6

vulnerability	VCID-93vc-hgec-nfe6

vulnerability	VCID-r25g-be38-b3be

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1

aliases CVE-2021-38155, GHSA-4225-97pr-rr52

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p5un-b12x-tuh5

url VCID-qyjh-md45-hyhh

vulnerability_id VCID-qyjh-md45-hyhh

summary An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12691.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12691.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-12691

reference_id

reference_type

scores

value	0.03566
scoring_system	epss
scoring_elements	0.87665
published_at	2026-04-01T12:55:00Z

value	0.03566
scoring_system	epss
scoring_elements	0.87722
published_at	2026-04-12T12:55:00Z

value	0.03566
scoring_system	epss
scoring_elements	0.87728
published_at	2026-04-11T12:55:00Z

value	0.03566
scoring_system	epss
scoring_elements	0.87717
published_at	2026-04-09T12:55:00Z

value	0.03566
scoring_system	epss
scoring_elements	0.8771
published_at	2026-04-08T12:55:00Z

value	0.03566
scoring_system	epss
scoring_elements	0.87689
published_at	2026-04-07T12:55:00Z

value	0.03566
scoring_system	epss
scoring_elements	0.87688
published_at	2026-04-04T12:55:00Z

value	0.03566
scoring_system	epss
scoring_elements	0.87675
published_at	2026-04-02T12:55:00Z

value	0.03566
scoring_system	epss
scoring_elements	0.87733
published_at	2026-04-18T12:55:00Z

value	0.03566
scoring_system	epss
scoring_elements	0.87734
published_at	2026-04-16T12:55:00Z

value	0.03566
scoring_system	epss
scoring_elements	0.87719
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-12691

reference_url

https://bugs.launchpad.net/keystone/+bug/1872733

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1872733

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/37e9907a176dad6843819b1bec4946c3aecc4548

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/37e9907a176dad6843819b1bec4946c3aecc4548

reference_url

https://github.com/openstack/keystone/commit/40cbb7bebd50276412daa1981ff5a7c7b3b899a5

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/40cbb7bebd50276412daa1981ff5a7c7b3b899a5

reference_url

https://github.com/openstack/keystone/commit/95b2bbeab113d9f04d1c81f7f1b48bf692bce979

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/95b2bbeab113d9f04d1c81f7f1b48bf692bce979

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-55.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-55.yaml

reference_url

https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-12691

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-12691

reference_url

https://security.openstack.org/ossa/OSSA-2020-004.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.openstack.org/ossa/OSSA-2020-004.html

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2020/05/06/5

reference_url	https://usn.ubuntu.com/4480-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4480-1/

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2020/05/06/5

reference_url

http://www.openwall.com/lists/oss-security/2020/05/07/2

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2020/05/07/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1830384
reference_id	1830384
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1830384

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900
reference_id	959900
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900

reference_url

https://github.com/advisories/GHSA-4427-7f3w-mqv6

reference_id

GHSA-4427-7f3w-mqv6

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4427-7f3w-mqv6

reference_url	https://access.redhat.com/errata/RHSA-2020:2732
reference_id	RHSA-2020:2732
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2732

reference_url	https://access.redhat.com/errata/RHSA-2020:3096
reference_id	RHSA-2020:3096
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3096

reference_url	https://access.redhat.com/errata/RHSA-2020:3102
reference_id	RHSA-2020:3102
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3102

reference_url	https://access.redhat.com/errata/RHSA-2020:3105
reference_id	RHSA-2020:3105
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3105

fixed_packages

url pkg:deb/debian/keystone@2:14.2.0-0%2Bdeb10u1

purl pkg:deb/debian/keystone@2:14.2.0-0%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gdk6-a746-6fac

vulnerability	VCID-p5un-b12x-tuh5

vulnerability	VCID-qyjh-md45-hyhh

vulnerability	VCID-r25g-be38-b3be

vulnerability	VCID-rgkw-6ews-rked

vulnerability	VCID-w6e4-zd31-g7hu

vulnerability	VCID-wc5s-25xb-rqaa

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:14.2.0-0%252Bdeb10u1

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6wj2-abbb-xqf6

vulnerability	VCID-93vc-hgec-nfe6

vulnerability	VCID-r25g-be38-b3be

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1

aliases CVE-2020-12691, GHSA-4427-7f3w-mqv6, PYSEC-2020-55

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qyjh-md45-hyhh

url VCID-r25g-be38-b3be

vulnerability_id VCID-r25g-be38-b3be

summary

OpenStack Keystone allows /v3/ec2tokens or /v3/s3tokens request with valid AWS Signature to provide Keystone authorization.
OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65073.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65073.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-65073

reference_id

reference_type

scores

value	0.00026
scoring_system	epss
scoring_elements	0.07203
published_at	2026-04-18T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07208
published_at	2026-04-16T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15126
published_at	2026-04-02T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15193
published_at	2026-04-04T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.14999
published_at	2026-04-07T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15087
published_at	2026-04-08T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15139
published_at	2026-04-09T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15105
published_at	2026-04-11T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15067
published_at	2026-04-12T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15006
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-65073

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65073
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65073

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2025/11/04/2

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-17T16:34:17Z/

url

https://www.openwall.com/lists/oss-security/2025/11/04/2

reference_url

http://www.openwall.com/lists/oss-security/2025/11/17/6

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2025/11/17/6

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120053
reference_id	1120053
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120053

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2415344
reference_id	2415344
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2415344

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-65073

reference_id

CVE-2025-65073

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-65073

reference_url

https://github.com/advisories/GHSA-hcqg-5g63-7j9h

reference_id

GHSA-hcqg-5g63-7j9h

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hcqg-5g63-7j9h

reference_url	https://access.redhat.com/errata/RHSA-2026:1958
reference_id	RHSA-2026:1958
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1958

reference_url	https://usn.ubuntu.com/7926-1/
reference_id	USN-7926-1
reference_type
scores
url	https://usn.ubuntu.com/7926-1/

fixed_packages

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6wj2-abbb-xqf6

vulnerability	VCID-93vc-hgec-nfe6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1

aliases CVE-2025-65073, GHSA-hcqg-5g63-7j9h

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r25g-be38-b3be

url VCID-rgkw-6ews-rked

vulnerability_id VCID-rgkw-6ews-rked

summary An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12689.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12689.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-12689

reference_id

reference_type

scores

value	0.01066
scoring_system	epss
scoring_elements	0.77637
published_at	2026-04-01T12:55:00Z

value	0.01066
scoring_system	epss
scoring_elements	0.77731
published_at	2026-04-18T12:55:00Z

value	0.01066
scoring_system	epss
scoring_elements	0.77732
published_at	2026-04-16T12:55:00Z

value	0.01066
scoring_system	epss
scoring_elements	0.77695
published_at	2026-04-13T12:55:00Z

value	0.01066
scoring_system	epss
scoring_elements	0.77696
published_at	2026-04-12T12:55:00Z

value	0.01066
scoring_system	epss
scoring_elements	0.77713
published_at	2026-04-11T12:55:00Z

value	0.01066
scoring_system	epss
scoring_elements	0.77686
published_at	2026-04-09T12:55:00Z

value	0.01066
scoring_system	epss
scoring_elements	0.77681
published_at	2026-04-08T12:55:00Z

value	0.01066
scoring_system	epss
scoring_elements	0.77653
published_at	2026-04-07T12:55:00Z

value	0.01066
scoring_system	epss
scoring_elements	0.77671
published_at	2026-04-04T12:55:00Z

value	0.01066
scoring_system	epss
scoring_elements	0.77644
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-12689

reference_url

https://bugs.launchpad.net/keystone/+bug/1872735

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1872735

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/37e9907a176dad6843819b1bec4946c3aecc4548

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/37e9907a176dad6843819b1bec4946c3aecc4548

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-53.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-53.yaml

reference_url

https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-12689

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-12689

reference_url

https://security.openstack.org/ossa/OSSA-2020-004.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.openstack.org/ossa/OSSA-2020-004.html

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2020/05/06/5

reference_url	https://usn.ubuntu.com/4480-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4480-1/

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2020/05/06/5

reference_url

http://www.openwall.com/lists/oss-security/2020/05/07/2

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2020/05/07/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1830396
reference_id	1830396
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1830396

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900
reference_id	959900
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900

reference_url

https://github.com/advisories/GHSA-chgw-36xv-47cw

reference_id

GHSA-chgw-36xv-47cw

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-chgw-36xv-47cw

reference_url	https://access.redhat.com/errata/RHSA-2020:2732
reference_id	RHSA-2020:2732
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2732

reference_url	https://access.redhat.com/errata/RHSA-2020:3096
reference_id	RHSA-2020:3096
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3096

reference_url	https://access.redhat.com/errata/RHSA-2020:3102
reference_id	RHSA-2020:3102
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3102

reference_url	https://access.redhat.com/errata/RHSA-2020:3105
reference_id	RHSA-2020:3105
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3105

fixed_packages

url pkg:deb/debian/keystone@2:14.2.0-0%2Bdeb10u1

purl pkg:deb/debian/keystone@2:14.2.0-0%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gdk6-a746-6fac

vulnerability	VCID-p5un-b12x-tuh5

vulnerability	VCID-qyjh-md45-hyhh

vulnerability	VCID-r25g-be38-b3be

vulnerability	VCID-rgkw-6ews-rked

vulnerability	VCID-w6e4-zd31-g7hu

vulnerability	VCID-wc5s-25xb-rqaa

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:14.2.0-0%252Bdeb10u1

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6wj2-abbb-xqf6

vulnerability	VCID-93vc-hgec-nfe6

vulnerability	VCID-r25g-be38-b3be

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1

aliases CVE-2020-12689, GHSA-chgw-36xv-47cw, PYSEC-2020-53

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rgkw-6ews-rked

url VCID-t2ap-zxfa-fkhe

vulnerability_id VCID-t2ap-zxfa-fkhe

summary The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4911.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4911.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-4911

reference_id

reference_type

scores

value	0.00304
scoring_system	epss
scoring_elements	0.53616
published_at	2026-04-02T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53718
published_at	2026-04-18T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53714
published_at	2026-04-16T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53676
published_at	2026-04-13T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53592
published_at	2026-04-01T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53611
published_at	2026-04-07T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53644
published_at	2026-04-04T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53693
published_at	2026-04-12T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.5371
published_at	2026-04-11T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53661
published_at	2026-04-09T12:55:00Z

value	0.00304
scoring_system	epss
scoring_elements	0.53663
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-4911

reference_url

https://bugs.launchpad.net/keystone/+bug/1577558

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1577558

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4911

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/0d376025bae61bf5ee19d992c7f336b99ac69240

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/0d376025bae61bf5ee19d992c7f336b99ac69240

reference_url

https://github.com/openstack/keystone/commit/ee1dc941042d1f71699971c5c30566af1b348572

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/ee1dc941042d1f71699971c5c30566af1b348572

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2016-38.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2016-38.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-4911

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:N/I:P/A:N

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-4911

reference_url

https://review.openstack.org/#/c/311886

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://review.openstack.org/#/c/311886

reference_url

https://review.openstack.org/#/c/311886/

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

url

https://review.openstack.org/#/c/311886/

reference_url

https://security.openstack.org/ossa/OSSA-2016-008.html

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.openstack.org/ossa/OSSA-2016-008.html

reference_url

http://www.openwall.com/lists/oss-security/2016/05/17/10

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/05/17/10

reference_url

http://www.openwall.com/lists/oss-security/2016/05/17/11

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/05/17/11

reference_url

http://www.securityfocus.com/bid/90728

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

url

http://www.securityfocus.com/bid/90728

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1337079
reference_id	1337079
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1337079

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824683
reference_id	824683
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824683

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc1::::::
reference_id	cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc2::::::
reference_id	cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc3::::::
reference_id	cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc3::::::

reference_url

https://github.com/advisories/GHSA-f82m-w3p3-cgp3

reference_id

GHSA-f82m-w3p3-cgp3

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-f82m-w3p3-cgp3

fixed_packages

url pkg:deb/debian/keystone@2:10.0.0-9%2Bdeb9u1

purl pkg:deb/debian/keystone@2:10.0.0-9%2Bdeb9u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gdk6-a746-6fac

vulnerability	VCID-p5un-b12x-tuh5

vulnerability	VCID-qyjh-md45-hyhh

vulnerability	VCID-r25g-be38-b3be

vulnerability	VCID-rgkw-6ews-rked

vulnerability	VCID-w6e4-zd31-g7hu

vulnerability	VCID-wc5s-25xb-rqaa

vulnerability	VCID-ztee-sxym-zffv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:10.0.0-9%252Bdeb9u1

aliases CVE-2016-4911, GHSA-f82m-w3p3-cgp3, PYSEC-2016-38

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t2ap-zxfa-fkhe

url VCID-w6e4-zd31-g7hu

vulnerability_id VCID-w6e4-zd31-g7hu

summary An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. This results in the provided keystone token having more role assignments than the creator intended, possibly giving unintended escalated access.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12690.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12690.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-12690

reference_id

reference_type

scores

value	0.00817
scoring_system	epss
scoring_elements	0.7438
published_at	2026-04-18T12:55:00Z

value	0.00817
scoring_system	epss
scoring_elements	0.74372
published_at	2026-04-16T12:55:00Z

value	0.00817
scoring_system	epss
scoring_elements	0.74335
published_at	2026-04-13T12:55:00Z

value	0.00817
scoring_system	epss
scoring_elements	0.74288
published_at	2026-04-01T12:55:00Z

value	0.00817
scoring_system	epss
scoring_elements	0.74343
published_at	2026-04-12T12:55:00Z

value	0.00817
scoring_system	epss
scoring_elements	0.74363
published_at	2026-04-11T12:55:00Z

value	0.00817
scoring_system	epss
scoring_elements	0.74342
published_at	2026-04-09T12:55:00Z

value	0.00817
scoring_system	epss
scoring_elements	0.74327
published_at	2026-04-08T12:55:00Z

value	0.00817
scoring_system	epss
scoring_elements	0.74294
published_at	2026-04-07T12:55:00Z

value	0.00817
scoring_system	epss
scoring_elements	0.74321
published_at	2026-04-04T12:55:00Z

value	0.00817
scoring_system	epss
scoring_elements	0.74293
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-12690

reference_url

https://bugs.launchpad.net/keystone/+bug/1873290

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1873290

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/advisories/GHSA-6m8p-x4qw-gh5j

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-6m8p-x4qw-gh5j

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-54.yaml

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-54.yaml

reference_url

https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-12690

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-12690

reference_url

https://security.openstack.org/ossa/OSSA-2020-005.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.openstack.org/ossa/OSSA-2020-005.html

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2020/05/06/6

reference_url	https://usn.ubuntu.com/4480-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4480-1/

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2020/05/06/6

reference_url

http://www.openwall.com/lists/oss-security/2020/05/07/3

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2020/05/07/3

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1830395
reference_id	1830395
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1830395

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900
reference_id	959900
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900

reference_url	https://access.redhat.com/errata/RHSA-2020:3102
reference_id	RHSA-2020:3102
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3102

reference_url	https://access.redhat.com/errata/RHSA-2020:3105
reference_id	RHSA-2020:3105
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3105

fixed_packages

url pkg:deb/debian/keystone@2:14.2.0-0%2Bdeb10u1

purl pkg:deb/debian/keystone@2:14.2.0-0%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gdk6-a746-6fac

vulnerability	VCID-p5un-b12x-tuh5

vulnerability	VCID-qyjh-md45-hyhh

vulnerability	VCID-r25g-be38-b3be

vulnerability	VCID-rgkw-6ews-rked

vulnerability	VCID-w6e4-zd31-g7hu

vulnerability	VCID-wc5s-25xb-rqaa

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:14.2.0-0%252Bdeb10u1

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6wj2-abbb-xqf6

vulnerability	VCID-93vc-hgec-nfe6

vulnerability	VCID-r25g-be38-b3be

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1

aliases CVE-2020-12690, GHSA-6m8p-x4qw-gh5j, PYSEC-2020-54

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w6e4-zd31-g7hu

url VCID-wc5s-25xb-rqaa

vulnerability_id VCID-wc5s-25xb-rqaa

summary An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12692.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12692.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-12692

reference_id

reference_type

scores

value	0.0014
scoring_system	epss
scoring_elements	0.34194
published_at	2026-04-18T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34207
published_at	2026-04-16T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34174
published_at	2026-04-13T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.33931
published_at	2026-04-01T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34197
published_at	2026-04-12T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34238
published_at	2026-04-11T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34209
published_at	2026-04-08T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34166
published_at	2026-04-07T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.34303
published_at	2026-04-04T12:55:00Z

value	0.0014
scoring_system	epss
scoring_elements	0.3427
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-12692

reference_url

https://bugs.launchpad.net/keystone/+bug/1872737

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1872737

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-56.yaml

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-56.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-12692

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-12692

reference_url

https://opendev.org/openstack/keystone/commit/ab89ea749013e7f2c46260f68504f5687763e019

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://opendev.org/openstack/keystone/commit/ab89ea749013e7f2c46260f68504f5687763e019

reference_url

https://security.openstack.org/ossa/OSSA-2020-003.html

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.openstack.org/ossa/OSSA-2020-003.html

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2020/05/06/4

reference_url	https://usn.ubuntu.com/4480-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4480-1/

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2020/05/06/4

reference_url

http://www.openwall.com/lists/oss-security/2020/05/07/1

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2020/05/07/1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1833164
reference_id	1833164
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1833164

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900
reference_id	959900
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900

reference_url

https://github.com/advisories/GHSA-rqw2-hhrf-7936

reference_id

GHSA-rqw2-hhrf-7936

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rqw2-hhrf-7936

reference_url	https://access.redhat.com/errata/RHSA-2020:2732
reference_id	RHSA-2020:2732
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2732

reference_url	https://access.redhat.com/errata/RHSA-2020:3102
reference_id	RHSA-2020:3102
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3102

reference_url	https://access.redhat.com/errata/RHSA-2020:3105
reference_id	RHSA-2020:3105
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3105

fixed_packages

url pkg:deb/debian/keystone@2:14.2.0-0%2Bdeb10u1

purl pkg:deb/debian/keystone@2:14.2.0-0%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gdk6-a746-6fac

vulnerability	VCID-p5un-b12x-tuh5

vulnerability	VCID-qyjh-md45-hyhh

vulnerability	VCID-r25g-be38-b3be

vulnerability	VCID-rgkw-6ews-rked

vulnerability	VCID-w6e4-zd31-g7hu

vulnerability	VCID-wc5s-25xb-rqaa

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:14.2.0-0%252Bdeb10u1

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6wj2-abbb-xqf6

vulnerability	VCID-93vc-hgec-nfe6

vulnerability	VCID-r25g-be38-b3be

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1

aliases CVE-2020-12692, GHSA-rqw2-hhrf-7936, PYSEC-2020-56

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wc5s-25xb-rqaa

url VCID-ztee-sxym-zffv

vulnerability_id VCID-ztee-sxym-zffv

summary security update

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14432.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14432.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14432

reference_id

reference_type

scores

value	0.01139
scoring_system	epss
scoring_elements	0.78351
published_at	2026-04-01T12:55:00Z

value	0.01139
scoring_system	epss
scoring_elements	0.78357
published_at	2026-04-02T12:55:00Z

value	0.01139
scoring_system	epss
scoring_elements	0.78388
published_at	2026-04-04T12:55:00Z

value	0.01139
scoring_system	epss
scoring_elements	0.78372
published_at	2026-04-07T12:55:00Z

value	0.01139
scoring_system	epss
scoring_elements	0.78398
published_at	2026-04-08T12:55:00Z

value	0.01139
scoring_system	epss
scoring_elements	0.78404
published_at	2026-04-09T12:55:00Z

value	0.01139
scoring_system	epss
scoring_elements	0.7843
published_at	2026-04-11T12:55:00Z

value	0.01139
scoring_system	epss
scoring_elements	0.78412
published_at	2026-04-12T12:55:00Z

value	0.01139
scoring_system	epss
scoring_elements	0.78405
published_at	2026-04-13T12:55:00Z

value	0.01139
scoring_system	epss
scoring_elements	0.78434
published_at	2026-04-16T12:55:00Z

value	0.01139
scoring_system	epss
scoring_elements	0.78432
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14432

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14432
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14432

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1606868
reference_id	1606868
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1606868

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904616
reference_id	904616
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904616

reference_url	https://access.redhat.com/errata/RHSA-2018:2523
reference_id	RHSA-2018:2523
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:2523

reference_url	https://access.redhat.com/errata/RHSA-2018:2533
reference_id	RHSA-2018:2533
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:2533

reference_url	https://access.redhat.com/errata/RHSA-2018:2543
reference_id	RHSA-2018:2543
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:2543

fixed_packages

url pkg:deb/debian/keystone@2:10.0.0-9%2Bdeb9u1

purl pkg:deb/debian/keystone@2:10.0.0-9%2Bdeb9u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gdk6-a746-6fac

vulnerability	VCID-p5un-b12x-tuh5

vulnerability	VCID-qyjh-md45-hyhh

vulnerability	VCID-r25g-be38-b3be

vulnerability	VCID-rgkw-6ews-rked

vulnerability	VCID-w6e4-zd31-g7hu

vulnerability	VCID-wc5s-25xb-rqaa

vulnerability	VCID-ztee-sxym-zffv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:10.0.0-9%252Bdeb9u1

url pkg:deb/debian/keystone@2:14.2.0-0%2Bdeb10u1

purl pkg:deb/debian/keystone@2:14.2.0-0%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gdk6-a746-6fac

vulnerability	VCID-p5un-b12x-tuh5

vulnerability	VCID-qyjh-md45-hyhh

vulnerability	VCID-r25g-be38-b3be

vulnerability	VCID-rgkw-6ews-rked

vulnerability	VCID-w6e4-zd31-g7hu

vulnerability	VCID-wc5s-25xb-rqaa

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:14.2.0-0%252Bdeb10u1

aliases CVE-2018-14432

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ztee-sxym-zffv

Fixing_vulnerabilities

url VCID-44u3-6h7t-dbah

vulnerability_id VCID-44u3-6h7t-dbah

summary The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, related to an "interaction between eventlet and python-memcached."

references

reference_url

http://rhn.redhat.com/errata/RHSA-2014-0382.html

reference_id

reference_type

scores

value	6.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-0382.html

reference_url

http://rhn.redhat.com/errata/RHSA-2014-0409.html

reference_id

reference_type

scores

value	6.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-0409.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0105.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0105.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-0105

reference_id

reference_type

scores

value	0.00371
scoring_system	epss
scoring_elements	0.5896
published_at	2026-04-18T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.58819
published_at	2026-04-01T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.58894
published_at	2026-04-02T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.58916
published_at	2026-04-04T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.58883
published_at	2026-04-07T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.58935
published_at	2026-04-08T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.5894
published_at	2026-04-09T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.58959
published_at	2026-04-11T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.58941
published_at	2026-04-12T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.58922
published_at	2026-04-13T12:55:00Z

value	0.00371
scoring_system	epss
scoring_elements	0.58957
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-0105

reference_url

https://bugs.launchpad.net/python-keystoneclient/+bug/1282865

reference_id

reference_type

scores

value	6.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/python-keystoneclient/+bug/1282865

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0105
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0105

reference_url

https://github.com/openstack/python-keystoneclient

reference_id

reference_type

scores

value	6.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/python-keystoneclient

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/python-keystoneclient/PYSEC-2014-70.yaml

reference_id

reference_type

scores

value	6.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/python-keystoneclient/PYSEC-2014-70.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-0105

reference_id

reference_type

scores

value	6.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-0105

reference_url

https://review.opendev.org/c/openstack/python-keystoneclient/+/81078

reference_id

reference_type

scores

value	6.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://review.opendev.org/c/openstack/python-keystoneclient/+/81078

reference_url

http://www.openwall.com/lists/oss-security/2014/03/27/4

reference_id

reference_type

scores

value	6.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2014/03/27/4

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1082165
reference_id	1082165
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1082165

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742898
reference_id	742898
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742898

reference_url

https://github.com/advisories/GHSA-gwvq-rgqf-993f

reference_id

GHSA-gwvq-rgqf-993f

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gwvq-rgqf-993f

reference_url	https://access.redhat.com/errata/RHSA-2014:0382
reference_id	RHSA-2014:0382
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0382

reference_url	https://access.redhat.com/errata/RHSA-2014:0409
reference_id	RHSA-2014:0409
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0409

reference_url	https://access.redhat.com/errata/RHSA-2014:0442
reference_id	RHSA-2014:0442
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0442

fixed_packages

url pkg:deb/debian/keystone@2014.1.3-6

purl pkg:deb/debian/keystone@2014.1.3-6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-844e-r6mn-bqh5

vulnerability	VCID-96bg-ytf8-9fhd

vulnerability	VCID-9dhg-r711-yfg6

vulnerability	VCID-gdk6-a746-6fac

vulnerability	VCID-p5un-b12x-tuh5

vulnerability	VCID-qyjh-md45-hyhh

vulnerability	VCID-r25g-be38-b3be

vulnerability	VCID-rgkw-6ews-rked

vulnerability	VCID-t2ap-zxfa-fkhe

vulnerability	VCID-w6e4-zd31-g7hu

vulnerability	VCID-wc5s-25xb-rqaa

vulnerability	VCID-ztee-sxym-zffv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6

aliases CVE-2014-0105, GHSA-gwvq-rgqf-993f, PYSEC-2014-70

risk_score 2.7

exploitability 0.5

weighted_severity 5.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-44u3-6h7t-dbah

url VCID-5atx-veu5-kud6

vulnerability_id VCID-5atx-veu5-kud6

summary OpenStack: Keystone disabling a tenant does not disable a user token

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4222.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4222.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-4222

reference_id

reference_type

scores

value	0.0058
scoring_system	epss
scoring_elements	0.68814
published_at	2026-04-01T12:55:00Z

value	0.0058
scoring_system	epss
scoring_elements	0.68833
published_at	2026-04-02T12:55:00Z

value	0.0058
scoring_system	epss
scoring_elements	0.68853
published_at	2026-04-04T12:55:00Z

value	0.0058
scoring_system	epss
scoring_elements	0.68834
published_at	2026-04-07T12:55:00Z

value	0.0058
scoring_system	epss
scoring_elements	0.68884
published_at	2026-04-08T12:55:00Z

value	0.0058
scoring_system	epss
scoring_elements	0.68903
published_at	2026-04-09T12:55:00Z

value	0.0058
scoring_system	epss
scoring_elements	0.68925
published_at	2026-04-11T12:55:00Z

value	0.0058
scoring_system	epss
scoring_elements	0.68911
published_at	2026-04-12T12:55:00Z

value	0.0058
scoring_system	epss
scoring_elements	0.68882
published_at	2026-04-13T12:55:00Z

value	0.0058
scoring_system	epss
scoring_elements	0.68923
published_at	2026-04-16T12:55:00Z

value	0.0058
scoring_system	epss
scoring_elements	0.68933
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4222

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4222
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4222

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719290
reference_id	719290
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719290

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=995598
reference_id	995598
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=995598

reference_url	https://access.redhat.com/errata/RHSA-2013:1524
reference_id	RHSA-2013:1524
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1524

reference_url	https://usn.ubuntu.com/2002-1/
reference_id	USN-2002-1
reference_type
scores
url	https://usn.ubuntu.com/2002-1/

fixed_packages

url pkg:deb/debian/keystone@2014.1.3-6

purl pkg:deb/debian/keystone@2014.1.3-6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-844e-r6mn-bqh5

vulnerability	VCID-96bg-ytf8-9fhd

vulnerability	VCID-9dhg-r711-yfg6

vulnerability	VCID-gdk6-a746-6fac

vulnerability	VCID-p5un-b12x-tuh5

vulnerability	VCID-qyjh-md45-hyhh

vulnerability	VCID-r25g-be38-b3be

vulnerability	VCID-rgkw-6ews-rked

vulnerability	VCID-t2ap-zxfa-fkhe

vulnerability	VCID-w6e4-zd31-g7hu

vulnerability	VCID-wc5s-25xb-rqaa

vulnerability	VCID-ztee-sxym-zffv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6

aliases CVE-2013-4222

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5atx-veu5-kud6

url VCID-655y-mj8k-dbb2

vulnerability_id VCID-655y-mj8k-dbb2

summary Keystone: trust circumvention through EC2-style tokens

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6391.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6391.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-6391

reference_id

reference_type

scores

value	0.00498
scoring_system	epss
scoring_elements	0.65778
published_at	2026-04-01T12:55:00Z

value	0.00498
scoring_system	epss
scoring_elements	0.65827
published_at	2026-04-02T12:55:00Z

value	0.00498
scoring_system	epss
scoring_elements	0.65857
published_at	2026-04-04T12:55:00Z

value	0.00498
scoring_system	epss
scoring_elements	0.65823
published_at	2026-04-07T12:55:00Z

value	0.00498
scoring_system	epss
scoring_elements	0.65875
published_at	2026-04-08T12:55:00Z

value	0.00498
scoring_system	epss
scoring_elements	0.65887
published_at	2026-04-09T12:55:00Z

value	0.00498
scoring_system	epss
scoring_elements	0.65906
published_at	2026-04-11T12:55:00Z

value	0.00498
scoring_system	epss
scoring_elements	0.65893
published_at	2026-04-12T12:55:00Z

value	0.00498
scoring_system	epss
scoring_elements	0.65863
published_at	2026-04-13T12:55:00Z

value	0.00498
scoring_system	epss
scoring_elements	0.65899
published_at	2026-04-16T12:55:00Z

value	0.00498
scoring_system	epss
scoring_elements	0.65913
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-6391

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6391
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6391

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1039164
reference_id	1039164
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1039164

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731981
reference_id	731981
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731981

reference_url	https://access.redhat.com/errata/RHSA-2014:0089
reference_id	RHSA-2014:0089
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0089

reference_url	https://access.redhat.com/errata/RHSA-2014:0368
reference_id	RHSA-2014:0368
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0368

reference_url	https://usn.ubuntu.com/2061-1/
reference_id	USN-2061-1
reference_type
scores
url	https://usn.ubuntu.com/2061-1/

fixed_packages

url pkg:deb/debian/keystone@2014.1.3-6

purl pkg:deb/debian/keystone@2014.1.3-6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-844e-r6mn-bqh5

vulnerability	VCID-96bg-ytf8-9fhd

vulnerability	VCID-9dhg-r711-yfg6

vulnerability	VCID-gdk6-a746-6fac

vulnerability	VCID-p5un-b12x-tuh5

vulnerability	VCID-qyjh-md45-hyhh

vulnerability	VCID-r25g-be38-b3be

vulnerability	VCID-rgkw-6ews-rked

vulnerability	VCID-t2ap-zxfa-fkhe

vulnerability	VCID-w6e4-zd31-g7hu

vulnerability	VCID-wc5s-25xb-rqaa

vulnerability	VCID-ztee-sxym-zffv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6

aliases CVE-2013-6391

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-655y-mj8k-dbb2

url VCID-6cy4-grme-mka1

vulnerability_id VCID-6cy4-grme-mka1

summary

OpenStack Identity Keystone Improper Privilege Management
OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0204.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0204.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-0204

reference_id

reference_type

scores

value	0.00353
scoring_system	epss
scoring_elements	0.57708
published_at	2026-04-11T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57687
published_at	2026-04-12T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57638
published_at	2026-04-02T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.5766
published_at	2026-04-04T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57636
published_at	2026-04-07T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.5769
published_at	2026-04-08T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57693
published_at	2026-04-18T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57697
published_at	2026-04-16T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57667
published_at	2026-04-13T12:55:00Z

value	0.00353
scoring_system	epss
scoring_elements	0.57554
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-0204

reference_url

https://bugs.launchpad.net/keystone/+bug/1309228

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1309228

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0204
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0204

reference_url

https://github.com/openstack/keystone/commit/729dcad7384ba66ee7494154969cdd7ae90d86ee

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/729dcad7384ba66ee7494154969cdd7ae90d86ee

reference_url

https://github.com/openstack/keystone/commit/786af9829c5329a982e3451f77afebbfb21850bd

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/786af9829c5329a982e3451f77afebbfb21850bd

reference_url

https://github.com/openstack/keystone/commit/97dfd55ad1b40365754dcbfce856f7ffae280a44

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/97dfd55ad1b40365754dcbfce856f7ffae280a44

reference_url

https://github.com/openstack/keystone/commit/f0eee2f3b48dd0cffb9f75e396da2d914925cba5

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/f0eee2f3b48dd0cffb9f75e396da2d914925cba5

reference_url

https://review.openstack.org/#/c/94396

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://review.openstack.org/#/c/94396

reference_url	https://review.openstack.org/#/c/94396/
reference_id
reference_type
scores
url	https://review.openstack.org/#/c/94396/

reference_url

http://www.openwall.com/lists/oss-security/2014/05/21/3

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2014/05/21/3

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1095981
reference_id	1095981
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1095981

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749026
reference_id	749026
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749026

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone::::::::
reference_id	cpe:2.3:a:openstack:keystone::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-0204

reference_id

CVE-2014-0204

reference_type

scores

value	6.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:P/A:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-0204

reference_url

https://github.com/advisories/GHSA-c4p9-87h3-7vr4

reference_id

GHSA-c4p9-87h3-7vr4

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-c4p9-87h3-7vr4

fixed_packages

url pkg:deb/debian/keystone@2014.1.3-6

purl pkg:deb/debian/keystone@2014.1.3-6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-844e-r6mn-bqh5

vulnerability	VCID-96bg-ytf8-9fhd

vulnerability	VCID-9dhg-r711-yfg6

vulnerability	VCID-gdk6-a746-6fac

vulnerability	VCID-p5un-b12x-tuh5

vulnerability	VCID-qyjh-md45-hyhh

vulnerability	VCID-r25g-be38-b3be

vulnerability	VCID-rgkw-6ews-rked

vulnerability	VCID-t2ap-zxfa-fkhe

vulnerability	VCID-w6e4-zd31-g7hu

vulnerability	VCID-wc5s-25xb-rqaa

vulnerability	VCID-ztee-sxym-zffv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6

aliases CVE-2014-0204, GHSA-c4p9-87h3-7vr4

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6cy4-grme-mka1

url VCID-8bat-qwmh-fyer

vulnerability_id VCID-8bat-qwmh-fyer

summary

OpenStack Identity (Keystone) Denial of Service
OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests.

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2013-July/111914.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2013-July/111914.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-2014

reference_id

reference_type

scores

value	0.02372
scoring_system	epss
scoring_elements	0.84984
published_at	2026-04-18T12:55:00Z

value	0.02372
scoring_system	epss
scoring_elements	0.84918
published_at	2026-04-04T12:55:00Z

value	0.02372
scoring_system	epss
scoring_elements	0.84923
published_at	2026-04-07T12:55:00Z

value	0.02372
scoring_system	epss
scoring_elements	0.84946
published_at	2026-04-08T12:55:00Z

value	0.02372
scoring_system	epss
scoring_elements	0.84952
published_at	2026-04-09T12:55:00Z

value	0.02372
scoring_system	epss
scoring_elements	0.84968
published_at	2026-04-11T12:55:00Z

value	0.02372
scoring_system	epss
scoring_elements	0.84966
published_at	2026-04-12T12:55:00Z

value	0.02372
scoring_system	epss
scoring_elements	0.84962
published_at	2026-04-13T12:55:00Z

value	0.02372
scoring_system	epss
scoring_elements	0.84983
published_at	2026-04-16T12:55:00Z

value	0.02372
scoring_system	epss
scoring_elements	0.84884
published_at	2026-04-01T12:55:00Z

value	0.02372
scoring_system	epss
scoring_elements	0.849
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-2014

reference_url

https://bugs.launchpad.net/keystone/+bug/1098177

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1098177

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/53397

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2014
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2014

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/53397

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/84347

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/84347

reference_url

https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8

reference_url

http://www.securityfocus.com/bid/59936

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/59936

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708515
reference_id	708515
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708515

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-2014

reference_id

CVE-2013-2014

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-2014

reference_url

https://github.com/advisories/GHSA-7332-36h8-8jh8

reference_id

GHSA-7332-36h8-8jh8

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7332-36h8-8jh8

fixed_packages

url pkg:deb/debian/keystone@2014.1.3-6

purl pkg:deb/debian/keystone@2014.1.3-6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-844e-r6mn-bqh5

vulnerability	VCID-96bg-ytf8-9fhd

vulnerability	VCID-9dhg-r711-yfg6

vulnerability	VCID-gdk6-a746-6fac

vulnerability	VCID-p5un-b12x-tuh5

vulnerability	VCID-qyjh-md45-hyhh

vulnerability	VCID-r25g-be38-b3be

vulnerability	VCID-rgkw-6ews-rked

vulnerability	VCID-t2ap-zxfa-fkhe

vulnerability	VCID-w6e4-zd31-g7hu

vulnerability	VCID-wc5s-25xb-rqaa

vulnerability	VCID-ztee-sxym-zffv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6

aliases CVE-2013-2014, GHSA-7332-36h8-8jh8

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8bat-qwmh-fyer

url VCID-8tkd-pcuy-d7ax

vulnerability_id VCID-8tkd-pcuy-d7ax

summary The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being invalidated by bulk token revocation and allows the trustee to bypass intended access restrictions.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2014-0580.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2014-0580.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2237.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2237.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-2237

reference_id

reference_type

scores

value	0.00188
scoring_system	epss
scoring_elements	0.40699
published_at	2026-04-02T12:55:00Z

value	0.00188
scoring_system	epss
scoring_elements	0.40687
published_at	2026-04-18T12:55:00Z

value	0.00188
scoring_system	epss
scoring_elements	0.40716
published_at	2026-04-16T12:55:00Z

value	0.00188
scoring_system	epss
scoring_elements	0.40671
published_at	2026-04-13T12:55:00Z

value	0.00188
scoring_system	epss
scoring_elements	0.4069
published_at	2026-04-12T12:55:00Z

value	0.00188
scoring_system	epss
scoring_elements	0.40724
published_at	2026-04-11T12:55:00Z

value	0.00188
scoring_system	epss
scoring_elements	0.40707
published_at	2026-04-09T12:55:00Z

value	0.00188
scoring_system	epss
scoring_elements	0.40701
published_at	2026-04-08T12:55:00Z

value	0.00188
scoring_system	epss
scoring_elements	0.40651
published_at	2026-04-07T12:55:00Z

value	0.00188
scoring_system	epss
scoring_elements	0.40728
published_at	2026-04-04T12:55:00Z

value	0.00188
scoring_system	epss
scoring_elements	0.40614
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-2237

reference_url

https://bugs.launchpad.net/keystone/+bug/1260080

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1260080

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2237
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2237

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/813d1254eb4f7a7d40009b23bbadbc4c5cc5daac

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/813d1254eb4f7a7d40009b23bbadbc4c5cc5daac

reference_url

https://github.com/openstack/keystone/commit/a411c944af78c36f2fdb87d305ba452dc52d7ed3

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/a411c944af78c36f2fdb87d305ba452dc52d7ed3

reference_url

https://github.com/openstack/keystone/commit/b6f0e26da0e2ab0892a5658da281a065e668637b

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/b6f0e26da0e2ab0892a5658da281a065e668637b

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-105.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-105.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-2237

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-2237

reference_url

https://rhn.redhat.com/errata/RHSA-2014-0580.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://rhn.redhat.com/errata/RHSA-2014-0580.html

reference_url

http://www.openwall.com/lists/oss-security/2014/03/04/16

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2014/03/04/16

reference_url	http://www.securityfocus.com/bid/65895
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/65895

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1071434
reference_id	1071434
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1071434

reference_url

https://github.com/advisories/GHSA-23x9-8hxr-978c

reference_id

GHSA-23x9-8hxr-978c

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-23x9-8hxr-978c

reference_url	https://access.redhat.com/errata/RHSA-2014:0368
reference_id	RHSA-2014:0368
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0368

reference_url	https://access.redhat.com/errata/RHSA-2014:0580
reference_id	RHSA-2014:0580
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0580

fixed_packages

url pkg:deb/debian/keystone@2014.1.3-6

purl pkg:deb/debian/keystone@2014.1.3-6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-844e-r6mn-bqh5

vulnerability	VCID-96bg-ytf8-9fhd

vulnerability	VCID-9dhg-r711-yfg6

vulnerability	VCID-gdk6-a746-6fac

vulnerability	VCID-p5un-b12x-tuh5

vulnerability	VCID-qyjh-md45-hyhh

vulnerability	VCID-r25g-be38-b3be

vulnerability	VCID-rgkw-6ews-rked

vulnerability	VCID-t2ap-zxfa-fkhe

vulnerability	VCID-w6e4-zd31-g7hu

vulnerability	VCID-wc5s-25xb-rqaa

vulnerability	VCID-ztee-sxym-zffv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6

aliases CVE-2014-2237, GHSA-23x9-8hxr-978c, PYSEC-2014-105

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8tkd-pcuy-d7ax

url VCID-91k2-z5s1-gbbx

vulnerability_id VCID-91k2-z5s1-gbbx

summary openstack-keystone: Authentication bypass when using LDAP backend

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2157.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2157.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-2157

reference_id

reference_type

scores

value	0.00288
scoring_system	epss
scoring_elements	0.5217
published_at	2026-04-01T12:55:00Z

value	0.00288
scoring_system	epss
scoring_elements	0.52213
published_at	2026-04-02T12:55:00Z

value	0.00288
scoring_system	epss
scoring_elements	0.5224
published_at	2026-04-04T12:55:00Z

value	0.00288
scoring_system	epss
scoring_elements	0.52204
published_at	2026-04-07T12:55:00Z

value	0.00288
scoring_system	epss
scoring_elements	0.52258
published_at	2026-04-08T12:55:00Z

value	0.00288
scoring_system	epss
scoring_elements	0.52253
published_at	2026-04-09T12:55:00Z

value	0.00288
scoring_system	epss
scoring_elements	0.52304
published_at	2026-04-11T12:55:00Z

value	0.00288
scoring_system	epss
scoring_elements	0.52288
published_at	2026-04-12T12:55:00Z

value	0.00288
scoring_system	epss
scoring_elements	0.52273
published_at	2026-04-13T12:55:00Z

value	0.00288
scoring_system	epss
scoring_elements	0.52311
published_at	2026-04-16T12:55:00Z

value	0.00288
scoring_system	epss
scoring_elements	0.52315
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-2157

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2157
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2157

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712160
reference_id	712160
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712160

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=971884
reference_id	971884
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=971884

reference_url	https://access.redhat.com/errata/RHSA-2013:0994
reference_id	RHSA-2013:0994
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:0994

reference_url	https://access.redhat.com/errata/RHSA-2013:1083
reference_id	RHSA-2013:1083
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1083

reference_url	https://usn.ubuntu.com/1875-1/
reference_id	USN-1875-1
reference_type
scores
url	https://usn.ubuntu.com/1875-1/

fixed_packages

url pkg:deb/debian/keystone@2014.1.3-6

purl pkg:deb/debian/keystone@2014.1.3-6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-844e-r6mn-bqh5

vulnerability	VCID-96bg-ytf8-9fhd

vulnerability	VCID-9dhg-r711-yfg6

vulnerability	VCID-gdk6-a746-6fac

vulnerability	VCID-p5un-b12x-tuh5

vulnerability	VCID-qyjh-md45-hyhh

vulnerability	VCID-r25g-be38-b3be

vulnerability	VCID-rgkw-6ews-rked

vulnerability	VCID-t2ap-zxfa-fkhe

vulnerability	VCID-w6e4-zd31-g7hu

vulnerability	VCID-wc5s-25xb-rqaa

vulnerability	VCID-ztee-sxym-zffv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6

aliases CVE-2013-2157

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-91k2-z5s1-gbbx

url VCID-am2m-2fgu-xkfk

vulnerability_id VCID-am2m-2fgu-xkfk

summary openstack-keystone: Keystone V2 trusts privilege escalation through user supplied project id

references

reference_url	http://lists.openstack.org/pipermail/openstack-announce/2014-July/000248.html
reference_id
reference_type
scores
url	http://lists.openstack.org/pipermail/openstack-announce/2014-July/000248.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3520.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3520.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3520

reference_id

reference_type

scores

value	0.00428
scoring_system	epss
scoring_elements	0.62484
published_at	2026-04-18T12:55:00Z

value	0.00428
scoring_system	epss
scoring_elements	0.62327
published_at	2026-04-01T12:55:00Z

value	0.00428
scoring_system	epss
scoring_elements	0.62385
published_at	2026-04-02T12:55:00Z

value	0.00428
scoring_system	epss
scoring_elements	0.62416
published_at	2026-04-04T12:55:00Z

value	0.00428
scoring_system	epss
scoring_elements	0.62381
published_at	2026-04-07T12:55:00Z

value	0.00428
scoring_system	epss
scoring_elements	0.62429
published_at	2026-04-08T12:55:00Z

value	0.00428
scoring_system	epss
scoring_elements	0.62447
published_at	2026-04-09T12:55:00Z

value	0.00428
scoring_system	epss
scoring_elements	0.62466
published_at	2026-04-11T12:55:00Z

value	0.00428
scoring_system	epss
scoring_elements	0.62456
published_at	2026-04-12T12:55:00Z

value	0.00428
scoring_system	epss
scoring_elements	0.62433
published_at	2026-04-13T12:55:00Z

value	0.00428
scoring_system	epss
scoring_elements	0.62477
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3520

reference_url	https://bugs.launchpad.net/keystone/+bug/1331912
reference_id
reference_type
scores
url	https://bugs.launchpad.net/keystone/+bug/1331912

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3520
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3520

reference_url	http://secunia.com/advisories/59426
reference_id
reference_type
scores
url	http://secunia.com/advisories/59426

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1112668
reference_id	1112668
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1112668

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753511
reference_id	753511
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753511

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone::::::::
reference_id	cpe:2.3:a:openstack:keystone::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-3520

reference_id

CVE-2014-3520

reference_type

scores

value	6.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:P/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2014-3520

reference_url	https://access.redhat.com/errata/RHSA-2014:0994
reference_id	RHSA-2014:0994
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0994

reference_url	https://usn.ubuntu.com/2324-1/
reference_id	USN-2324-1
reference_type
scores
url	https://usn.ubuntu.com/2324-1/

fixed_packages

url pkg:deb/debian/keystone@2014.1.3-6

purl pkg:deb/debian/keystone@2014.1.3-6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-844e-r6mn-bqh5

vulnerability	VCID-96bg-ytf8-9fhd

vulnerability	VCID-9dhg-r711-yfg6

vulnerability	VCID-gdk6-a746-6fac

vulnerability	VCID-p5un-b12x-tuh5

vulnerability	VCID-qyjh-md45-hyhh

vulnerability	VCID-r25g-be38-b3be

vulnerability	VCID-rgkw-6ews-rked

vulnerability	VCID-t2ap-zxfa-fkhe

vulnerability	VCID-w6e4-zd31-g7hu

vulnerability	VCID-wc5s-25xb-rqaa

vulnerability	VCID-ztee-sxym-zffv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6

aliases CVE-2014-3520

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-am2m-2fgu-xkfk

url VCID-cg74-2jr1-2fhp

vulnerability_id VCID-cg74-2jr1-2fhp

summary OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106220.html

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106220.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-06/msg00085.html

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-06/msg00085.html

reference_url	http://osvdb.org/93134
reference_id
reference_type
scores
url	http://osvdb.org/93134

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-2059

reference_id

reference_type

scores

value	0.00908
scoring_system	epss
scoring_elements	0.75806
published_at	2026-04-18T12:55:00Z

value	0.00908
scoring_system	epss
scoring_elements	0.75707
published_at	2026-04-01T12:55:00Z

value	0.00908
scoring_system	epss
scoring_elements	0.75709
published_at	2026-04-02T12:55:00Z

value	0.00908
scoring_system	epss
scoring_elements	0.7574
published_at	2026-04-04T12:55:00Z

value	0.00908
scoring_system	epss
scoring_elements	0.75719
published_at	2026-04-07T12:55:00Z

value	0.00908
scoring_system	epss
scoring_elements	0.75753
published_at	2026-04-08T12:55:00Z

value	0.00908
scoring_system	epss
scoring_elements	0.75764
published_at	2026-04-13T12:55:00Z

value	0.00908
scoring_system	epss
scoring_elements	0.75789
published_at	2026-04-11T12:55:00Z

value	0.00908
scoring_system	epss
scoring_elements	0.7577
published_at	2026-04-12T12:55:00Z

value	0.00908
scoring_system	epss
scoring_elements	0.75802
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-2059

reference_url

https://bugs.launchpad.net/keystone/+bug/1166670

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1166670

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2059
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2059

reference_url	http://secunia.com/advisories/53326
reference_id
reference_type
scores
url	http://secunia.com/advisories/53326

reference_url	http://secunia.com/advisories/53339
reference_id
reference_type
scores
url	http://secunia.com/advisories/53339

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/84135

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/84135

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/33214f311aa36b17f8f5ff06bee2130bf061df8f

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/33214f311aa36b17f8f5ff06bee2130bf061df8f

reference_url

https://github.com/openstack/keystone/commit/678b06a91f772d6be82eb54ed11f27e20f446b57

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/678b06a91f772d6be82eb54ed11f27e20f446b57

reference_url

https://github.com/openstack/keystone/commit/992466d1dbf80a940190703dedf800d6d12dede8

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/992466d1dbf80a940190703dedf800d6d12dede8

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-41.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-41.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-2059

reference_id

reference_type

scores

value	6.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:P/I:P/A:P

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-2059

reference_url

http://www.openwall.com/lists/oss-security/2013/05/09/3

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2013/05/09/3

reference_url

http://www.openwall.com/lists/oss-security/2013/05/09/4

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2013/05/09/4

reference_url	http://www.securityfocus.com/bid/59787
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/59787

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707598
reference_id	707598
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707598

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2012.1:::::::*
reference_id	cpe:2.3:a:openstack:keystone:2012.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2012.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:::::::*
reference_id	cpe:2.3:a:openstack:keystone:2013.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:::::::*

reference_url

https://github.com/advisories/GHSA-hj89-qmx9-8qmh

reference_id

GHSA-hj89-qmx9-8qmh

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hj89-qmx9-8qmh

reference_url	https://usn.ubuntu.com/1830-1/
reference_id	USN-1830-1
reference_type
scores
url	https://usn.ubuntu.com/1830-1/

fixed_packages

url pkg:deb/debian/keystone@2014.1.3-6

purl pkg:deb/debian/keystone@2014.1.3-6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-844e-r6mn-bqh5

vulnerability	VCID-96bg-ytf8-9fhd

vulnerability	VCID-9dhg-r711-yfg6

vulnerability	VCID-gdk6-a746-6fac

vulnerability	VCID-p5un-b12x-tuh5

vulnerability	VCID-qyjh-md45-hyhh

vulnerability	VCID-r25g-be38-b3be

vulnerability	VCID-rgkw-6ews-rked

vulnerability	VCID-t2ap-zxfa-fkhe

vulnerability	VCID-w6e4-zd31-g7hu

vulnerability	VCID-wc5s-25xb-rqaa

vulnerability	VCID-ztee-sxym-zffv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6

aliases CVE-2013-2059, GHSA-hj89-qmx9-8qmh, PYSEC-2013-41

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cg74-2jr1-2fhp

url VCID-h1xa-f7tm-tudx

vulnerability_id VCID-h1xa-f7tm-tudx

summary OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain.

references

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2014-5253

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5253.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5253.json

reference_url

reference_id

reference_type

scores

value	0.0031
scoring_system	epss
scoring_elements	0.54157
published_at	2026-04-09T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54159
published_at	2026-04-08T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54108
published_at	2026-04-07T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54133
published_at	2026-04-04T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54103
published_at	2026-04-02T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54086
published_at	2026-04-01T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54206
published_at	2026-04-16T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.5421
published_at	2026-04-18T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54168
published_at	2026-04-13T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54189
published_at	2026-04-12T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54207
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-5253

reference_url

https://bugs.launchpad.net/keystone/+bug/1349597

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1349597

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5253
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5253

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/317f9d34b4da20c21edd5b851889298b67c843e1

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/317f9d34b4da20c21edd5b851889298b67c843e1

reference_url

https://github.com/openstack/keystone/commit/3e035ebb726167aef43c4a865c7e7f7d3b0978fb

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/3e035ebb726167aef43c4a865c7e7f7d3b0978fb

reference_url

https://github.com/openstack/keystone/commit/c4447f16da036fe878382ce4e1b05b84bdcc4d4e

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/c4447f16da036fe878382ce4e1b05b84bdcc4d4e

reference_url

https://github.com/openstack/keystone/commit/cccc3f3239c68479de0f6a41bd64badf2a9ec9e7

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/cccc3f3239c68479de0f6a41bd64badf2a9ec9e7

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-109.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-109.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-5253

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:P/I:P/A:N

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-5253

reference_url

http://www.openwall.com/lists/oss-security/2014/08/15/6

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2014/08/15/6

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-77w8-qv8m-386h

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1127253
reference_id	1127253
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1127253

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1:::::::*
reference_id	cpe:2.3:a:openstack:keystone:2014.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1.2:::::::*
reference_id	cpe:2.3:a:openstack:keystone:2014.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-1:::::::*
reference_id	cpe:2.3:a:openstack:keystone:juno-1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-2:::::::*
reference_id	cpe:2.3:a:openstack:keystone:juno-2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url

reference_id

GHSA-77w8-qv8m-386h

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-77w8-qv8m-386h

reference_url	https://access.redhat.com/errata/RHSA-2014:1121
reference_id	RHSA-2014:1121
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1121

reference_url	https://access.redhat.com/errata/RHSA-2014:1122
reference_id	RHSA-2014:1122
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1122

reference_url	https://usn.ubuntu.com/2324-1/
reference_id	USN-2324-1
reference_type
scores
url	https://usn.ubuntu.com/2324-1/

fixed_packages

url pkg:deb/debian/keystone@2014.1.3-6

purl pkg:deb/debian/keystone@2014.1.3-6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-844e-r6mn-bqh5

vulnerability	VCID-96bg-ytf8-9fhd

vulnerability	VCID-9dhg-r711-yfg6

vulnerability	VCID-gdk6-a746-6fac

vulnerability	VCID-p5un-b12x-tuh5

vulnerability	VCID-qyjh-md45-hyhh

vulnerability	VCID-r25g-be38-b3be

vulnerability	VCID-rgkw-6ews-rked

vulnerability	VCID-t2ap-zxfa-fkhe

vulnerability	VCID-w6e4-zd31-g7hu

vulnerability	VCID-wc5s-25xb-rqaa

vulnerability	VCID-ztee-sxym-zffv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6

aliases CVE-2014-5253, GHSA-77w8-qv8m-386h, PYSEC-2014-109

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h1xa-f7tm-tudx

url VCID-hjrj-k1wk-jbha

vulnerability_id VCID-hjrj-k1wk-jbha

summary The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token.

references

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2014-5251

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5251.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5251.json

reference_url

reference_id

reference_type

scores

value	0.0031
scoring_system	epss
scoring_elements	0.54189
published_at	2026-04-12T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54207
published_at	2026-04-11T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54157
published_at	2026-04-09T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54159
published_at	2026-04-08T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54133
published_at	2026-04-04T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54108
published_at	2026-04-07T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54086
published_at	2026-04-01T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54103
published_at	2026-04-02T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.5421
published_at	2026-04-18T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54206
published_at	2026-04-16T12:55:00Z

value	0.0031
scoring_system	epss
scoring_elements	0.54168
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-5251

reference_url

https://bugs.launchpad.net/keystone/+bug/1347961

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1347961

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5251
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5251

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/6cbf835542d62e6e5db4b4aef7141b1731cad9dc

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/6cbf835542d62e6e5db4b4aef7141b1731cad9dc

reference_url

https://github.com/openstack/keystone/commit/7aee6304f653475a4130dc3e5be602e91481f108

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/7aee6304f653475a4130dc3e5be602e91481f108

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-107.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-107.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-5251

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:P/I:P/A:N

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-5251

reference_url

http://www.openwall.com/lists/oss-security/2014/08/15/6

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2014/08/15/6

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-gmvp-5rf9-mxcm

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1127259
reference_id	1127259
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1127259

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1:::::::*
reference_id	cpe:2.3:a:openstack:keystone:2014.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1.2:::::::*
reference_id	cpe:2.3:a:openstack:keystone:2014.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-1:::::::*
reference_id	cpe:2.3:a:openstack:keystone:juno-1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-2:::::::*
reference_id	cpe:2.3:a:openstack:keystone:juno-2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url

reference_id

GHSA-gmvp-5rf9-mxcm

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gmvp-5rf9-mxcm

reference_url	https://access.redhat.com/errata/RHSA-2014:1121
reference_id	RHSA-2014:1121
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1121

reference_url	https://access.redhat.com/errata/RHSA-2014:1122
reference_id	RHSA-2014:1122
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1122

reference_url	https://usn.ubuntu.com/2324-1/
reference_id	USN-2324-1
reference_type
scores
url	https://usn.ubuntu.com/2324-1/

fixed_packages

url pkg:deb/debian/keystone@2014.1.3-6

purl pkg:deb/debian/keystone@2014.1.3-6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-844e-r6mn-bqh5

vulnerability	VCID-96bg-ytf8-9fhd

vulnerability	VCID-9dhg-r711-yfg6

vulnerability	VCID-gdk6-a746-6fac

vulnerability	VCID-p5un-b12x-tuh5

vulnerability	VCID-qyjh-md45-hyhh

vulnerability	VCID-r25g-be38-b3be

vulnerability	VCID-rgkw-6ews-rked

vulnerability	VCID-t2ap-zxfa-fkhe

vulnerability	VCID-w6e4-zd31-g7hu

vulnerability	VCID-wc5s-25xb-rqaa

vulnerability	VCID-ztee-sxym-zffv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6

aliases CVE-2014-5251, GHSA-gmvp-5rf9-mxcm, PYSEC-2014-107

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hjrj-k1wk-jbha

url VCID-ksj4-14rq-uyb7

vulnerability_id VCID-ksj4-14rq-uyb7

summary The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the same authentication method in a request, aka "authentication chaining."

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2014-2828

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2828.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2828.json

reference_url

reference_id

reference_type

scores

value	0.00864
scoring_system	epss
scoring_elements	0.75092
published_at	2026-04-13T12:55:00Z

value	0.00864
scoring_system	epss
scoring_elements	0.75102
published_at	2026-04-12T12:55:00Z

value	0.00864
scoring_system	epss
scoring_elements	0.75123
published_at	2026-04-11T12:55:00Z

value	0.00864
scoring_system	epss
scoring_elements	0.75101
published_at	2026-04-09T12:55:00Z

value	0.00864
scoring_system	epss
scoring_elements	0.75089
published_at	2026-04-08T12:55:00Z

value	0.00864
scoring_system	epss
scoring_elements	0.75056
published_at	2026-04-07T12:55:00Z

value	0.00864
scoring_system	epss
scoring_elements	0.75079
published_at	2026-04-04T12:55:00Z

value	0.00864
scoring_system	epss
scoring_elements	0.7505
published_at	2026-04-02T12:55:00Z

value	0.00864
scoring_system	epss
scoring_elements	0.75047
published_at	2026-04-01T12:55:00Z

value	0.00864
scoring_system	epss
scoring_elements	0.75136
published_at	2026-04-18T12:55:00Z

value	0.00864
scoring_system	epss
scoring_elements	0.7513
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-2828

reference_url

https://bugs.launchpad.net/keystone/+bug/1300274

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1300274

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2828
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2828

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/ce6cedb30c5c4b4cf4db9380f09443de22414b39

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/ce6cedb30c5c4b4cf4db9380f09443de22414b39

reference_url

https://github.com/openstack/keystone/commit/e364ba5b12de8e4c11bd80bcca903f9615dcfc2e

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/e364ba5b12de8e4c11bd80bcca903f9615dcfc2e

reference_url

https://github.com/openstack/keystone/commit/ef868ad92c00e23a4a5e9eb71e3e0bf5ae2fff0c

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/ef868ad92c00e23a4a5e9eb71e3e0bf5ae2fff0c

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-106.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-106.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-2828

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-2828

reference_url

http://www.openwall.com/lists/oss-security/2014/04/10/20

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2014/04/10/20

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1086211
reference_id	1086211
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1086211

reference_url

https://github.com/advisories/GHSA-6mv3-p2gr-wgqf

reference_id

GHSA-6mv3-p2gr-wgqf

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6mv3-p2gr-wgqf

fixed_packages

url pkg:deb/debian/keystone@2014.1.3-6

purl pkg:deb/debian/keystone@2014.1.3-6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-844e-r6mn-bqh5

vulnerability	VCID-96bg-ytf8-9fhd

vulnerability	VCID-9dhg-r711-yfg6

vulnerability	VCID-gdk6-a746-6fac

vulnerability	VCID-p5un-b12x-tuh5

vulnerability	VCID-qyjh-md45-hyhh

vulnerability	VCID-r25g-be38-b3be

vulnerability	VCID-rgkw-6ews-rked

vulnerability	VCID-t2ap-zxfa-fkhe

vulnerability	VCID-w6e4-zd31-g7hu

vulnerability	VCID-wc5s-25xb-rqaa

vulnerability	VCID-ztee-sxym-zffv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6

aliases CVE-2014-2828, GHSA-6mv3-p2gr-wgqf, PYSEC-2014-106

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ksj4-14rq-uyb7

url VCID-my7j-6x5y-97a1

vulnerability_id VCID-my7j-6x5y-97a1

summary

OpenStack Identity Keystone Exposure of Sensitive Information
The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field.

references

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-1789.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-1789.html

reference_url

http://rhn.redhat.com/errata/RHSA-2014-1790.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-1790.html

reference_url

https://access.redhat.com/errata/RHSA-2014:1688

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2014:1688

reference_url

https://access.redhat.com/errata/RHSA-2014:1789

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2014:1789

reference_url

https://access.redhat.com/errata/RHSA-2014:1790

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2014:1790

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3621.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3621.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3621

reference_id

reference_type

scores

value	0.00426
scoring_system	epss
scoring_elements	0.62296
published_at	2026-04-12T12:55:00Z

value	0.00426
scoring_system	epss
scoring_elements	0.62253
published_at	2026-04-04T12:55:00Z

value	0.00426
scoring_system	epss
scoring_elements	0.6222
published_at	2026-04-07T12:55:00Z

value	0.00426
scoring_system	epss
scoring_elements	0.6227
published_at	2026-04-08T12:55:00Z

value	0.00426
scoring_system	epss
scoring_elements	0.62288
published_at	2026-04-09T12:55:00Z

value	0.00426
scoring_system	epss
scoring_elements	0.62306
published_at	2026-04-11T12:55:00Z

value	0.00426
scoring_system	epss
scoring_elements	0.62275
published_at	2026-04-13T12:55:00Z

value	0.00426
scoring_system	epss
scoring_elements	0.62328
published_at	2026-04-18T12:55:00Z

value	0.00426
scoring_system	epss
scoring_elements	0.62321
published_at	2026-04-16T12:55:00Z

value	0.00426
scoring_system	epss
scoring_elements	0.62167
published_at	2026-04-01T12:55:00Z

value	0.00426
scoring_system	epss
scoring_elements	0.62224
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3621

reference_url

https://bugs.launchpad.net/keystone/+bug/1354208

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1354208

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1139937

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1139937

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3621
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3621

reference_url

https://github.com/openstack/keystone/commit/2989ff257e4fde6a168e25b926805e700406aa80

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/2989ff257e4fde6a168e25b926805e700406aa80

reference_url

https://github.com/openstack/keystone/commit/52714633c9a4dae5e60279217090859aa6dbcb4f

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/52714633c9a4dae5e60279217090859aa6dbcb4f

reference_url

http://www.openwall.com/lists/oss-security/2014/09/16/10

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2014/09/16/10

reference_url

http://www.ubuntu.com/usn/USN-2406-1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.ubuntu.com/usn/USN-2406-1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone::::::::
reference_id	cpe:2.3:a:openstack:keystone::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:4.0:::::::*
reference_id	cpe:2.3:a:redhat:openstack:4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:::::::*
reference_id	cpe:2.3:a:redhat:openstack:5.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_id	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*

reference_url

https://access.redhat.com/security/cve/CVE-2014-3621

reference_id

CVE-2014-3621

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2014-3621

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-3621

reference_id

CVE-2014-3621

reference_type

scores

value	4.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:P/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-3621

reference_url

https://github.com/advisories/GHSA-8v8f-vc72-pmhc

reference_id

GHSA-8v8f-vc72-pmhc

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8v8f-vc72-pmhc

reference_url	https://usn.ubuntu.com/2406-1/
reference_id	USN-2406-1
reference_type
scores
url	https://usn.ubuntu.com/2406-1/

fixed_packages

url pkg:deb/debian/keystone@2014.1.3-6

purl pkg:deb/debian/keystone@2014.1.3-6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-844e-r6mn-bqh5

vulnerability	VCID-96bg-ytf8-9fhd

vulnerability	VCID-9dhg-r711-yfg6

vulnerability	VCID-gdk6-a746-6fac

vulnerability	VCID-p5un-b12x-tuh5

vulnerability	VCID-qyjh-md45-hyhh

vulnerability	VCID-r25g-be38-b3be

vulnerability	VCID-rgkw-6ews-rked

vulnerability	VCID-t2ap-zxfa-fkhe

vulnerability	VCID-w6e4-zd31-g7hu

vulnerability	VCID-wc5s-25xb-rqaa

vulnerability	VCID-ztee-sxym-zffv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6

aliases CVE-2014-3621, GHSA-8v8f-vc72-pmhc

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-my7j-6x5y-97a1

url VCID-qdd1-jvk8-73hd

vulnerability_id VCID-qdd1-jvk8-73hd

summary

Permission Issues
The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges.

references

reference_url	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4477
reference_id
reference_type
scores
url	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4477

reference_url

http://rhn.redhat.com/errata/RHSA-2014-0113.html

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-0113.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4477.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4477.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-4477

reference_id

reference_type

scores

value	0.00151
scoring_system	epss
scoring_elements	0.3579
published_at	2026-04-18T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35801
published_at	2026-04-16T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35761
published_at	2026-04-13T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35743
published_at	2026-04-07T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35793
published_at	2026-04-08T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35784
published_at	2026-04-12T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35824
published_at	2026-04-11T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35685
published_at	2026-04-01T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35882
published_at	2026-04-02T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35816
published_at	2026-04-09T12:55:00Z

value	0.00151
scoring_system	epss
scoring_elements	0.35912
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4477

reference_url

https://bugs.launchpad.net/keystone/+bug/1242855

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1242855

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4477
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4477

reference_url

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/b17e7bec768bd53d3977352486378698a3db3cfa

reference_url

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/b17e7bec768bd53d3977352486378698a3db3cfa

reference_url	https://github.com/openstack/keystone/commit/c6800c
reference_id
reference_type
scores
url	https://github.com/openstack/keystone/commit/c6800c

reference_url

https://github.com/openstack/keystone/commit/c6800ca1ac984c879e75826df6694d6199444ea0

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/c6800ca1ac984c879e75826df6694d6199444ea0

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-4477

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-4477

reference_url

http://www.openwall.com/lists/oss-security/2013/10/30/6

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2013/10/30/6

reference_url

http://www.ubuntu.com/usn/USN-2034-1

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.ubuntu.com/usn/USN-2034-1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1024401
reference_id	1024401
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1024401

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728233
reference_id	728233
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728233

reference_url

https://github.com/advisories/GHSA-f889-wfwm-6p7m

reference_id

GHSA-f889-wfwm-6p7m

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-f889-wfwm-6p7m

reference_url	https://access.redhat.com/errata/RHSA-2014:0113
reference_id	RHSA-2014:0113
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0113

reference_url	https://usn.ubuntu.com/2034-1/
reference_id	USN-2034-1
reference_type
scores
url	https://usn.ubuntu.com/2034-1/

fixed_packages

url pkg:deb/debian/keystone@2014.1.3-6

purl pkg:deb/debian/keystone@2014.1.3-6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-844e-r6mn-bqh5

vulnerability	VCID-96bg-ytf8-9fhd

vulnerability	VCID-9dhg-r711-yfg6

vulnerability	VCID-gdk6-a746-6fac

vulnerability	VCID-p5un-b12x-tuh5

vulnerability	VCID-qyjh-md45-hyhh

vulnerability	VCID-r25g-be38-b3be

vulnerability	VCID-rgkw-6ews-rked

vulnerability	VCID-t2ap-zxfa-fkhe

vulnerability	VCID-w6e4-zd31-g7hu

vulnerability	VCID-wc5s-25xb-rqaa

vulnerability	VCID-ztee-sxym-zffv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6

aliases CVE-2013-4477, GHSA-f889-wfwm-6p7m

risk_score 1.4

exploitability 0.5

weighted_severity 2.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qdd1-jvk8-73hd

url VCID-qmyj-ffvg-tbe8

vulnerability_id VCID-qmyj-ffvg-tbe8

summary

OpenStack Keystone Denial of Service vulnerability via a large HTTP request
OpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a large HTTP request, as demonstrated by a long tenant_name when requesting a token.

references

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0708.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0708.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0270.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0270.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-0270

reference_id

reference_type

scores

value	0.01809
scoring_system	epss
scoring_elements	0.82778
published_at	2026-04-02T12:55:00Z

value	0.01809
scoring_system	epss
scoring_elements	0.82762
published_at	2026-04-01T12:55:00Z

value	0.01809
scoring_system	epss
scoring_elements	0.82792
published_at	2026-04-04T12:55:00Z

value	0.02681
scoring_system	epss
scoring_elements	0.85826
published_at	2026-04-08T12:55:00Z

value	0.02681
scoring_system	epss
scoring_elements	0.85848
published_at	2026-04-12T12:55:00Z

value	0.02681
scoring_system	epss
scoring_elements	0.85844
published_at	2026-04-13T12:55:00Z

value	0.02681
scoring_system	epss
scoring_elements	0.85867
published_at	2026-04-18T12:55:00Z

value	0.02681
scoring_system	epss
scoring_elements	0.85862
published_at	2026-04-16T12:55:00Z

value	0.02681
scoring_system	epss
scoring_elements	0.85808
published_at	2026-04-07T12:55:00Z

value	0.02681
scoring_system	epss
scoring_elements	0.85851
published_at	2026-04-11T12:55:00Z

value	0.02681
scoring_system	epss
scoring_elements	0.85836
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-0270

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=909012

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=909012

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0270
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0270

reference_url

https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8

reference_url

https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276d6fdc

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276d6fdc

reference_url

https://launchpad.net/keystone/grizzly/2013.1

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://launchpad.net/keystone/grizzly/2013.1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone::::::::
reference_id	cpe:2.3:a:openstack:keystone::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone1::::::
reference_id	cpe:2.3:a:openstack:keystone:2013.1:milestone1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone2::::::
reference_id	cpe:2.3:a:openstack:keystone:2013.1:milestone2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone3::::::
reference_id	cpe:2.3:a:openstack:keystone:2013.1:milestone3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone3::::::

reference_url

https://access.redhat.com/security/cve/CVE-2013-0270

reference_id

CVE-2013-0270

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2013-0270

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-0270

reference_id

CVE-2013-0270

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-0270

reference_url

https://github.com/advisories/GHSA-4ppj-4p4v-jf4p

reference_id

GHSA-4ppj-4p4v-jf4p

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4ppj-4p4v-jf4p

fixed_packages

url pkg:deb/debian/keystone@2014.1.3-6

purl pkg:deb/debian/keystone@2014.1.3-6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-844e-r6mn-bqh5

vulnerability	VCID-96bg-ytf8-9fhd

vulnerability	VCID-9dhg-r711-yfg6

vulnerability	VCID-gdk6-a746-6fac

vulnerability	VCID-p5un-b12x-tuh5

vulnerability	VCID-qyjh-md45-hyhh

vulnerability	VCID-r25g-be38-b3be

vulnerability	VCID-rgkw-6ews-rked

vulnerability	VCID-t2ap-zxfa-fkhe

vulnerability	VCID-w6e4-zd31-g7hu

vulnerability	VCID-wc5s-25xb-rqaa

vulnerability	VCID-ztee-sxym-zffv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6

aliases CVE-2013-0270, GHSA-4ppj-4p4v-jf4p

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qmyj-ffvg-tbe8

url VCID-s3gc-cxxf-63ed

vulnerability_id VCID-s3gc-cxxf-63ed

summary The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification (1) GET or (2) HEAD request to v3/auth/tokens/.

references

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2014-5252

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5252.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5252.json

reference_url

reference_id

reference_type

scores

value	0.00287
scoring_system	epss
scoring_elements	0.52212
published_at	2026-04-12T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.52229
published_at	2026-04-11T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.52178
published_at	2026-04-09T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.52182
published_at	2026-04-08T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.52165
published_at	2026-04-04T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.5213
published_at	2026-04-07T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.52095
published_at	2026-04-01T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.52138
published_at	2026-04-02T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.5224
published_at	2026-04-18T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.52237
published_at	2026-04-16T12:55:00Z

value	0.00287
scoring_system	epss
scoring_elements	0.52198
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-5252

reference_url

https://bugs.launchpad.net/keystone/+bug/1348820

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1348820

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5252
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5252

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/556fb860311675fc437585651e4602b2908451eb

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/556fb860311675fc437585651e4602b2908451eb

reference_url

https://github.com/openstack/keystone/commit/a4c73e4382cb062aa9f30fe1960d5014d3c49cc2

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/a4c73e4382cb062aa9f30fe1960d5014d3c49cc2

reference_url

https://github.com/openstack/keystone/commit/bdb88c662ac2035f9b0d8a229a5db5f60f5f16ae

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/bdb88c662ac2035f9b0d8a229a5db5f60f5f16ae

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-108.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-108.yaml

reference_url

http://www.openwall.com/lists/oss-security/2014/08/15/6

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2014/08/15/6

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-5252

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1127250
reference_id	1127250
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1127250

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1:::::::*
reference_id	cpe:2.3:a:openstack:keystone:2014.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1.2:::::::*
reference_id	cpe:2.3:a:openstack:keystone:2014.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-1:::::::*
reference_id	cpe:2.3:a:openstack:keystone:juno-1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-2:::::::*
reference_id	cpe:2.3:a:openstack:keystone:juno-2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url

reference_id

CVE-2014-5252

reference_type

scores

value	4.9
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:P/I:P/A:N

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-5252

reference_url

https://github.com/advisories/GHSA-v8fq-gq9j-3v7h

reference_id

GHSA-v8fq-gq9j-3v7h

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v8fq-gq9j-3v7h

reference_url	https://access.redhat.com/errata/RHSA-2014:1121
reference_id	RHSA-2014:1121
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1121

reference_url	https://access.redhat.com/errata/RHSA-2014:1122
reference_id	RHSA-2014:1122
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1122

reference_url	https://usn.ubuntu.com/2324-1/
reference_id	USN-2324-1
reference_type
scores
url	https://usn.ubuntu.com/2324-1/

fixed_packages

url pkg:deb/debian/keystone@2014.1.3-6

purl pkg:deb/debian/keystone@2014.1.3-6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-844e-r6mn-bqh5

vulnerability	VCID-96bg-ytf8-9fhd

vulnerability	VCID-9dhg-r711-yfg6

vulnerability	VCID-gdk6-a746-6fac

vulnerability	VCID-p5un-b12x-tuh5

vulnerability	VCID-qyjh-md45-hyhh

vulnerability	VCID-r25g-be38-b3be

vulnerability	VCID-rgkw-6ews-rked

vulnerability	VCID-t2ap-zxfa-fkhe

vulnerability	VCID-w6e4-zd31-g7hu

vulnerability	VCID-wc5s-25xb-rqaa

vulnerability	VCID-ztee-sxym-zffv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6

aliases CVE-2014-5252, GHSA-v8fq-gq9j-3v7h, PYSEC-2014-108

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s3gc-cxxf-63ed

url VCID-s5ab-apmg-dqd9

vulnerability_id VCID-s5ab-apmg-dqd9

summary

OpenStack Identity Keystone is vulnerable to Block delegation escalation of privilege
OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a (1) trust or (2) OAuth token with impersonation enabled to create a new token with additional roles.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00031.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00031.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3476.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3476.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3476

reference_id

reference_type

scores

value	0.00721
scoring_system	epss
scoring_elements	0.72546
published_at	2026-04-18T12:55:00Z

value	0.00721
scoring_system	epss
scoring_elements	0.72472
published_at	2026-04-04T12:55:00Z

value	0.00721
scoring_system	epss
scoring_elements	0.72448
published_at	2026-04-07T12:55:00Z

value	0.00721
scoring_system	epss
scoring_elements	0.72486
published_at	2026-04-08T12:55:00Z

value	0.00721
scoring_system	epss
scoring_elements	0.72499
published_at	2026-04-09T12:55:00Z

value	0.00721
scoring_system	epss
scoring_elements	0.72522
published_at	2026-04-11T12:55:00Z

value	0.00721
scoring_system	epss
scoring_elements	0.72504
published_at	2026-04-12T12:55:00Z

value	0.00721
scoring_system	epss
scoring_elements	0.72494
published_at	2026-04-13T12:55:00Z

value	0.00721
scoring_system	epss
scoring_elements	0.72536
published_at	2026-04-16T12:55:00Z

value	0.00721
scoring_system	epss
scoring_elements	0.72449
published_at	2026-04-01T12:55:00Z

value	0.00721
scoring_system	epss
scoring_elements	0.72454
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3476

reference_url

https://bugs.launchpad.net/keystone/+bug/1324592

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1324592

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3476
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3476

reference_url

http://secunia.com/advisories/57886

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/57886

reference_url

http://secunia.com/advisories/59547

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/59547

reference_url

http://www.openwall.com/lists/oss-security/2014/06/12/3

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2014/06/12/3

reference_url

http://www.securityfocus.com/bid/68026

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/68026

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1104524
reference_id	1104524
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1104524

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751454
reference_id	751454
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751454

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone::::::::
reference_id	cpe:2.3:a:openstack:keystone::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:cloud:3:::::::*
reference_id	cpe:2.3:a:suse:cloud:3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:cloud:3:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-3476

reference_id

CVE-2014-3476

reference_type

scores

value	6.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:P/I:P/A:P

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-3476

reference_url

https://github.com/advisories/GHSA-274v-r947-v34r

reference_id

GHSA-274v-r947-v34r

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-274v-r947-v34r

reference_url	https://access.redhat.com/errata/RHSA-2014:0994
reference_id	RHSA-2014:0994
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0994

reference_url	https://usn.ubuntu.com/2324-1/
reference_id	USN-2324-1
reference_type
scores
url	https://usn.ubuntu.com/2324-1/

fixed_packages

url pkg:deb/debian/keystone@2014.1.3-6

purl pkg:deb/debian/keystone@2014.1.3-6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-844e-r6mn-bqh5

vulnerability	VCID-96bg-ytf8-9fhd

vulnerability	VCID-9dhg-r711-yfg6

vulnerability	VCID-gdk6-a746-6fac

vulnerability	VCID-p5un-b12x-tuh5

vulnerability	VCID-qyjh-md45-hyhh

vulnerability	VCID-r25g-be38-b3be

vulnerability	VCID-rgkw-6ews-rked

vulnerability	VCID-t2ap-zxfa-fkhe

vulnerability	VCID-w6e4-zd31-g7hu

vulnerability	VCID-wc5s-25xb-rqaa

vulnerability	VCID-ztee-sxym-zffv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6

aliases CVE-2014-3476, GHSA-274v-r947-v34r

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s5ab-apmg-dqd9

url VCID-snpz-wwd6-dkb6

vulnerability_id VCID-snpz-wwd6-dkb6

summary OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106220.html

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106220.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0806.html

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0806.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2006.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2006.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-2006

reference_id

reference_type

scores

value	0.00039
scoring_system	epss
scoring_elements	0.11843
published_at	2026-04-09T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11788
published_at	2026-04-13T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11815
published_at	2026-04-12T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11758
published_at	2026-04-01T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11876
published_at	2026-04-02T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11922
published_at	2026-04-04T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11707
published_at	2026-04-07T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11791
published_at	2026-04-08T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11854
published_at	2026-04-11T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11653
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-2006

reference_url

https://bugs.launchpad.net/keystone/+bug/1172195

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1172195

reference_url

https://bugs.launchpad.net/ossn/+bug/1168252

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/ossn/+bug/1168252

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2006
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2006

reference_url

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url