Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
Typedeb
Namespacedebian
Namekeystone
Version2:29.0.1-1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-2ggr-pe4y-y3cn
vulnerability_id VCID-2ggr-pe4y-y3cn
summary OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3542.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3542.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3542
reference_id
reference_type
scores
0
value 0.01949
scoring_system epss
scoring_elements 0.83406
published_at 2026-04-02T12:55:00Z
1
value 0.01949
scoring_system epss
scoring_elements 0.83494
published_at 2026-04-18T12:55:00Z
2
value 0.01949
scoring_system epss
scoring_elements 0.83492
published_at 2026-04-16T12:55:00Z
3
value 0.01949
scoring_system epss
scoring_elements 0.83457
published_at 2026-04-13T12:55:00Z
4
value 0.01949
scoring_system epss
scoring_elements 0.83461
published_at 2026-04-12T12:55:00Z
5
value 0.01949
scoring_system epss
scoring_elements 0.83467
published_at 2026-04-11T12:55:00Z
6
value 0.01949
scoring_system epss
scoring_elements 0.83453
published_at 2026-04-09T12:55:00Z
7
value 0.01949
scoring_system epss
scoring_elements 0.83443
published_at 2026-04-08T12:55:00Z
8
value 0.01949
scoring_system epss
scoring_elements 0.83419
published_at 2026-04-07T12:55:00Z
9
value 0.01949
scoring_system epss
scoring_elements 0.8342
published_at 2026-04-04T12:55:00Z
10
value 0.01949
scoring_system epss
scoring_elements 0.83393
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3542
2
reference_url https://bugs.launchpad.net/keystone/+bug/1040626
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1040626
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3542
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3542
4
reference_url http://secunia.com/advisories/50467
reference_id
reference_type
scores
url http://secunia.com/advisories/50467
5
reference_url http://secunia.com/advisories/50494
reference_id
reference_type
scores
url http://secunia.com/advisories/50494
6
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
7
reference_url https://github.com/openstack/keystone/commit/5438d3b5a219d7c8fa67e66e538d325a61617155
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/5438d3b5a219d7c8fa67e66e538d325a61617155
8
reference_url https://github.com/openstack/keystone/commit/c13d0ba606f7b2bdc609a7f388334e5efec3f3aa
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/c13d0ba606f7b2bdc609a7f388334e5efec3f3aa
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2012-19.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2012-19.yaml
10
reference_url https://lists.launchpad.net/openstack/msg16282.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.launchpad.net/openstack/msg16282.html
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-3542
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:P/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-3542
12
reference_url https://web.archive.org/web/20121114023909/http://www.securityfocus.com/bid/55326
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121114023909/http://www.securityfocus.com/bid/55326
13
reference_url https://web.archive.org/web/20140802052724/http://secunia.com/advisories/50467
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20140802052724/http://secunia.com/advisories/50467
14
reference_url https://web.archive.org/web/20140804204333/http://secunia.com/advisories/50494
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20140804204333/http://secunia.com/advisories/50494
15
reference_url http://www.openwall.com/lists/oss-security/2012/08/30/6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/08/30/6
16
reference_url http://www.securityfocus.com/bid/55326
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/55326
17
reference_url http://www.ubuntu.com/usn/USN-1552-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1552-1
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=852510
reference_id 852510
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=852510
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:folsom-3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:horizon:folsom-3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:folsom-3:*:*:*:*:*:*:*
21
reference_url https://github.com/advisories/GHSA-gf2q-j2qq-pjf2
reference_id GHSA-gf2q-j2qq-pjf2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gf2q-j2qq-pjf2
22
reference_url https://usn.ubuntu.com/1552-1/
reference_id USN-1552-1
reference_type
scores
url https://usn.ubuntu.com/1552-1/
fixed_packages
0
url pkg:deb/debian/keystone@2012.1.1-5?distro=trixie
purl pkg:deb/debian/keystone@2012.1.1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1.1-5%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2012-3542, GHSA-gf2q-j2qq-pjf2, PYSEC-2012-19
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2ggr-pe4y-y3cn
1
url VCID-44u3-6h7t-dbah
vulnerability_id VCID-44u3-6h7t-dbah
summary The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, related to an "interaction between eventlet and python-memcached."
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2014-0382.html
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
2
value LOW
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0382.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-0409.html
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
2
value LOW
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0409.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0105.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0105.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0105
reference_id
reference_type
scores
0
value 0.00371
scoring_system epss
scoring_elements 0.5896
published_at 2026-04-18T12:55:00Z
1
value 0.00371
scoring_system epss
scoring_elements 0.58819
published_at 2026-04-01T12:55:00Z
2
value 0.00371
scoring_system epss
scoring_elements 0.58894
published_at 2026-04-02T12:55:00Z
3
value 0.00371
scoring_system epss
scoring_elements 0.58916
published_at 2026-04-04T12:55:00Z
4
value 0.00371
scoring_system epss
scoring_elements 0.58883
published_at 2026-04-07T12:55:00Z
5
value 0.00371
scoring_system epss
scoring_elements 0.58935
published_at 2026-04-08T12:55:00Z
6
value 0.00371
scoring_system epss
scoring_elements 0.5894
published_at 2026-04-09T12:55:00Z
7
value 0.00371
scoring_system epss
scoring_elements 0.58959
published_at 2026-04-11T12:55:00Z
8
value 0.00371
scoring_system epss
scoring_elements 0.58941
published_at 2026-04-12T12:55:00Z
9
value 0.00371
scoring_system epss
scoring_elements 0.58922
published_at 2026-04-13T12:55:00Z
10
value 0.00371
scoring_system epss
scoring_elements 0.58957
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0105
4
reference_url https://bugs.launchpad.net/python-keystoneclient/+bug/1282865
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
2
value LOW
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/python-keystoneclient/+bug/1282865
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0105
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0105
6
reference_url https://github.com/openstack/python-keystoneclient
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/python-keystoneclient
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/python-keystoneclient/PYSEC-2014-70.yaml
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/python-keystoneclient/PYSEC-2014-70.yaml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0105
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0105
9
reference_url https://review.opendev.org/c/openstack/python-keystoneclient/+/81078
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
2
value LOW
scoring_system generic_textual
scoring_elements
url https://review.opendev.org/c/openstack/python-keystoneclient/+/81078
10
reference_url http://www.openwall.com/lists/oss-security/2014/03/27/4
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
2
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/03/27/4
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1082165
reference_id 1082165
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1082165
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742898
reference_id 742898
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742898
13
reference_url https://github.com/advisories/GHSA-gwvq-rgqf-993f
reference_id GHSA-gwvq-rgqf-993f
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gwvq-rgqf-993f
14
reference_url https://access.redhat.com/errata/RHSA-2014:0382
reference_id RHSA-2014:0382
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0382
15
reference_url https://access.redhat.com/errata/RHSA-2014:0409
reference_id RHSA-2014:0409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0409
16
reference_url https://access.redhat.com/errata/RHSA-2014:0442
reference_id RHSA-2014:0442
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0442
fixed_packages
0
url pkg:deb/debian/keystone@2013.1.1-2?distro=trixie
purl pkg:deb/debian/keystone@2013.1.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.1.1-2%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2014-0105, GHSA-gwvq-rgqf-993f, PYSEC-2014-70
risk_score 2.7
exploitability 0.5
weighted_severity 5.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-44u3-6h7t-dbah
2
url VCID-5atx-veu5-kud6
vulnerability_id VCID-5atx-veu5-kud6
summary OpenStack: Keystone disabling a tenant does not disable a user token
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4222.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4222.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4222
reference_id
reference_type
scores
0
value 0.0058
scoring_system epss
scoring_elements 0.68814
published_at 2026-04-01T12:55:00Z
1
value 0.0058
scoring_system epss
scoring_elements 0.68833
published_at 2026-04-02T12:55:00Z
2
value 0.0058
scoring_system epss
scoring_elements 0.68853
published_at 2026-04-04T12:55:00Z
3
value 0.0058
scoring_system epss
scoring_elements 0.68834
published_at 2026-04-07T12:55:00Z
4
value 0.0058
scoring_system epss
scoring_elements 0.68884
published_at 2026-04-08T12:55:00Z
5
value 0.0058
scoring_system epss
scoring_elements 0.68903
published_at 2026-04-09T12:55:00Z
6
value 0.0058
scoring_system epss
scoring_elements 0.68925
published_at 2026-04-11T12:55:00Z
7
value 0.0058
scoring_system epss
scoring_elements 0.68911
published_at 2026-04-12T12:55:00Z
8
value 0.0058
scoring_system epss
scoring_elements 0.68882
published_at 2026-04-13T12:55:00Z
9
value 0.0058
scoring_system epss
scoring_elements 0.68923
published_at 2026-04-16T12:55:00Z
10
value 0.0058
scoring_system epss
scoring_elements 0.68933
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4222
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4222
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4222
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719290
reference_id 719290
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719290
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=995598
reference_id 995598
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=995598
5
reference_url https://access.redhat.com/errata/RHSA-2013:1524
reference_id RHSA-2013:1524
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1524
6
reference_url https://usn.ubuntu.com/2002-1/
reference_id USN-2002-1
reference_type
scores
url https://usn.ubuntu.com/2002-1/
fixed_packages
0
url pkg:deb/debian/keystone@2013.1.3-1?distro=trixie
purl pkg:deb/debian/keystone@2013.1.3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.1.3-1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2013-4222
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5atx-veu5-kud6
3
url VCID-655y-mj8k-dbb2
vulnerability_id VCID-655y-mj8k-dbb2
summary Keystone: trust circumvention through EC2-style tokens
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6391.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6391.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-6391
reference_id
reference_type
scores
0
value 0.00498
scoring_system epss
scoring_elements 0.65778
published_at 2026-04-01T12:55:00Z
1
value 0.00498
scoring_system epss
scoring_elements 0.65827
published_at 2026-04-02T12:55:00Z
2
value 0.00498
scoring_system epss
scoring_elements 0.65857
published_at 2026-04-04T12:55:00Z
3
value 0.00498
scoring_system epss
scoring_elements 0.65823
published_at 2026-04-07T12:55:00Z
4
value 0.00498
scoring_system epss
scoring_elements 0.65875
published_at 2026-04-08T12:55:00Z
5
value 0.00498
scoring_system epss
scoring_elements 0.65887
published_at 2026-04-09T12:55:00Z
6
value 0.00498
scoring_system epss
scoring_elements 0.65906
published_at 2026-04-11T12:55:00Z
7
value 0.00498
scoring_system epss
scoring_elements 0.65893
published_at 2026-04-12T12:55:00Z
8
value 0.00498
scoring_system epss
scoring_elements 0.65863
published_at 2026-04-13T12:55:00Z
9
value 0.00498
scoring_system epss
scoring_elements 0.65899
published_at 2026-04-16T12:55:00Z
10
value 0.00498
scoring_system epss
scoring_elements 0.65913
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-6391
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6391
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6391
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1039164
reference_id 1039164
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1039164
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731981
reference_id 731981
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731981
5
reference_url https://access.redhat.com/errata/RHSA-2014:0089
reference_id RHSA-2014:0089
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0089
6
reference_url https://access.redhat.com/errata/RHSA-2014:0368
reference_id RHSA-2014:0368
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0368
7
reference_url https://usn.ubuntu.com/2061-1/
reference_id USN-2061-1
reference_type
scores
url https://usn.ubuntu.com/2061-1/
fixed_packages
0
url pkg:deb/debian/keystone@2013.2.1-1?distro=trixie
purl pkg:deb/debian/keystone@2013.2.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.2.1-1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2013-6391
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-655y-mj8k-dbb2
4
url VCID-6cy4-grme-mka1
vulnerability_id VCID-6cy4-grme-mka1
summary 
OpenStack Identity Keystone Improper Privilege Management
OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0204.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0204.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0204
reference_id
reference_type
scores
0
value 0.00353
scoring_system epss
scoring_elements 0.57708
published_at 2026-04-11T12:55:00Z
1
value 0.00353
scoring_system epss
scoring_elements 0.57687
published_at 2026-04-12T12:55:00Z
2
value 0.00353
scoring_system epss
scoring_elements 0.57638
published_at 2026-04-02T12:55:00Z
3
value 0.00353
scoring_system epss
scoring_elements 0.5766
published_at 2026-04-04T12:55:00Z
4
value 0.00353
scoring_system epss
scoring_elements 0.57636
published_at 2026-04-07T12:55:00Z
5
value 0.00353
scoring_system epss
scoring_elements 0.5769
published_at 2026-04-08T12:55:00Z
6
value 0.00353
scoring_system epss
scoring_elements 0.57693
published_at 2026-04-18T12:55:00Z
7
value 0.00353
scoring_system epss
scoring_elements 0.57697
published_at 2026-04-16T12:55:00Z
8
value 0.00353
scoring_system epss
scoring_elements 0.57667
published_at 2026-04-13T12:55:00Z
9
value 0.00353
scoring_system epss
scoring_elements 0.57554
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0204
2
reference_url https://bugs.launchpad.net/keystone/+bug/1309228
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1309228
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0204
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0204
4
reference_url https://github.com/openstack/keystone/commit/729dcad7384ba66ee7494154969cdd7ae90d86ee
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/729dcad7384ba66ee7494154969cdd7ae90d86ee
5
reference_url https://github.com/openstack/keystone/commit/786af9829c5329a982e3451f77afebbfb21850bd
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/786af9829c5329a982e3451f77afebbfb21850bd
6
reference_url https://github.com/openstack/keystone/commit/97dfd55ad1b40365754dcbfce856f7ffae280a44
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/97dfd55ad1b40365754dcbfce856f7ffae280a44
7
reference_url https://github.com/openstack/keystone/commit/f0eee2f3b48dd0cffb9f75e396da2d914925cba5
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/f0eee2f3b48dd0cffb9f75e396da2d914925cba5
8
reference_url https://review.openstack.org/#/c/94396
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/c/94396
9
reference_url https://review.openstack.org/#/c/94396/
reference_id
reference_type
scores
url https://review.openstack.org/#/c/94396/
10
reference_url http://www.openwall.com/lists/oss-security/2014/05/21/3
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/05/21/3
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1095981
reference_id 1095981
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1095981
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749026
reference_id 749026
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749026
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0204
reference_id CVE-2014-0204
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0204
15
reference_url https://github.com/advisories/GHSA-c4p9-87h3-7vr4
reference_id GHSA-c4p9-87h3-7vr4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c4p9-87h3-7vr4
fixed_packages
0
url pkg:deb/debian/keystone@2014.1-5?distro=trixie
purl pkg:deb/debian/keystone@2014.1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1-5%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2014-0204, GHSA-c4p9-87h3-7vr4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6cy4-grme-mka1
5
url VCID-6fhd-mggs-j3c9
vulnerability_id VCID-6fhd-mggs-j3c9
summary OpenStack: Keystone /etc/keystone/ec2rc secret key exposure
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2012-1556.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2012-1556.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5483.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5483.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-5483
reference_id
reference_type
scores
0
value 0.00111
scoring_system epss
scoring_elements 0.29429
published_at 2026-04-18T12:55:00Z
1
value 0.00111
scoring_system epss
scoring_elements 0.2949
published_at 2026-04-01T12:55:00Z
2
value 0.00111
scoring_system epss
scoring_elements 0.29559
published_at 2026-04-02T12:55:00Z
3
value 0.00111
scoring_system epss
scoring_elements 0.29607
published_at 2026-04-04T12:55:00Z
4
value 0.00111
scoring_system epss
scoring_elements 0.29428
published_at 2026-04-07T12:55:00Z
5
value 0.00111
scoring_system epss
scoring_elements 0.29491
published_at 2026-04-08T12:55:00Z
6
value 0.00111
scoring_system epss
scoring_elements 0.2953
published_at 2026-04-09T12:55:00Z
7
value 0.00111
scoring_system epss
scoring_elements 0.29534
published_at 2026-04-11T12:55:00Z
8
value 0.00111
scoring_system epss
scoring_elements 0.29489
published_at 2026-04-12T12:55:00Z
9
value 0.00111
scoring_system epss
scoring_elements 0.29437
published_at 2026-04-13T12:55:00Z
10
value 0.00111
scoring_system epss
scoring_elements 0.29458
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-5483
4
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/80612
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/80612
5
reference_url http://www.securityfocus.com/bid/56888
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/56888
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=873447
reference_id 873447
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=873447
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2012.1.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:2012.1.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2012.1.3:*:*:*:*:*:*:*
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-5483
reference_id CVE-2012-5483
reference_type
scores
0
value 2.1
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:N/C:P/I:N/A:N
url https://nvd.nist.gov/vuln/detail/CVE-2012-5483
9
reference_url https://access.redhat.com/errata/RHSA-2012:1556
reference_id RHSA-2012:1556
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1556
fixed_packages
0
url pkg:deb/debian/keystone@0?distro=trixie
purl pkg:deb/debian/keystone@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@0%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2012-5483
risk_score 0.9
exploitability 0.5
weighted_severity 1.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6fhd-mggs-j3c9
6
url VCID-6ku1-bgjj-2yg6
vulnerability_id VCID-6ku1-bgjj-2yg6
summary 
OpenStack Keystone allows context-dependent attackers to bypass access restrictions
OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0282.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0282.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-0282
reference_id
reference_type
scores
0
value 0.00467
scoring_system epss
scoring_elements 0.64469
published_at 2026-04-18T12:55:00Z
1
value 0.00467
scoring_system epss
scoring_elements 0.64343
published_at 2026-04-01T12:55:00Z
2
value 0.00467
scoring_system epss
scoring_elements 0.64397
published_at 2026-04-02T12:55:00Z
3
value 0.00467
scoring_system epss
scoring_elements 0.64426
published_at 2026-04-04T12:55:00Z
4
value 0.00467
scoring_system epss
scoring_elements 0.64386
published_at 2026-04-07T12:55:00Z
5
value 0.00467
scoring_system epss
scoring_elements 0.64435
published_at 2026-04-08T12:55:00Z
6
value 0.00467
scoring_system epss
scoring_elements 0.6445
published_at 2026-04-09T12:55:00Z
7
value 0.00467
scoring_system epss
scoring_elements 0.64463
published_at 2026-04-11T12:55:00Z
8
value 0.00467
scoring_system epss
scoring_elements 0.64451
published_at 2026-04-12T12:55:00Z
9
value 0.00467
scoring_system epss
scoring_elements 0.64422
published_at 2026-04-13T12:55:00Z
10
value 0.00467
scoring_system epss
scoring_elements 0.64457
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-0282
2
reference_url https://bugs.launchpad.net/keystone/+bug/1121494
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1121494
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0282
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0282
4
reference_url https://github.com/openstack/keystone/commit/7402f5ef994599653bdbb3ed5ff1a2b8c3e72b9f
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/7402f5ef994599653bdbb3ed5ff1a2b8c3e72b9f
5
reference_url https://github.com/openstack/keystone/commit/9572bfc393f66f5ce3b44c0a77a9e29cc0374c6f
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/9572bfc393f66f5ce3b44c0a77a9e29cc0374c6f
6
reference_url https://github.com/openstack/keystone/commit/f0b4d300db5cc61d4f079f8bce9da8e8bea1081a
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/f0b4d300db5cc61d4f079f8bce9da8e8bea1081a
7
reference_url https://launchpad.net/keystone/grizzly/2013.1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://launchpad.net/keystone/grizzly/2013.1
8
reference_url https://launchpad.net/keystone/+milestone/2012.2.4
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://launchpad.net/keystone/+milestone/2012.2.4
9
reference_url https://review.openstack.org/#/c/22319
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/c/22319
10
reference_url https://review.openstack.org/#/c/22319/
reference_id
reference_type
scores
url https://review.openstack.org/#/c/22319/
11
reference_url https://review.openstack.org/#/c/22320
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/c/22320
12
reference_url https://review.openstack.org/#/c/22320/
reference_id
reference_type
scores
url https://review.openstack.org/#/c/22320/
13
reference_url https://review.openstack.org/#/c/22321
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/c/22321
14
reference_url https://review.openstack.org/#/c/22321/
reference_id
reference_type
scores
url https://review.openstack.org/#/c/22321/
15
reference_url http://www.openwall.com/lists/oss-security/2013/02/19/3
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/02/19/3
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700947
reference_id 700947
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700947
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=910928
reference_id 910928
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=910928
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone1:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:2013.1:milestone1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone1:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone2:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:2013.1:milestone2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone2:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone3:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:2013.1:milestone3:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone3:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-0282
reference_id CVE-2013-0282
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-0282
23
reference_url https://github.com/advisories/GHSA-8833-qrvm-wc3h
reference_id GHSA-8833-qrvm-wc3h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8833-qrvm-wc3h
24
reference_url https://access.redhat.com/errata/RHSA-2013:0596
reference_id RHSA-2013:0596
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0596
25
reference_url https://usn.ubuntu.com/1730-1/
reference_id USN-1730-1
reference_type
scores
url https://usn.ubuntu.com/1730-1/
fixed_packages
0
url pkg:deb/debian/keystone@2012.1.1-13?distro=trixie
purl pkg:deb/debian/keystone@2012.1.1-13?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1.1-13%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2013-0282, GHSA-8833-qrvm-wc3h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6ku1-bgjj-2yg6
7
url VCID-6wj2-abbb-xqf6
vulnerability_id VCID-6wj2-abbb-xqf6
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33551.json
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33551.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33551
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05493
published_at 2026-04-12T12:55:00Z
1
value 0.0002
scoring_system epss
scoring_elements 0.05506
published_at 2026-04-11T12:55:00Z
2
value 0.0002
scoring_system epss
scoring_elements 0.05486
published_at 2026-04-13T12:55:00Z
3
value 0.00023
scoring_system epss
scoring_elements 0.06112
published_at 2026-04-18T12:55:00Z
4
value 0.00023
scoring_system epss
scoring_elements 0.06101
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33551
2
reference_url https://bugs.launchpad.net/keystone/+bug/2142138
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T13:50:09Z/
url https://bugs.launchpad.net/keystone/+bug/2142138
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33551
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33551
4
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33551
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33551
6
reference_url https://security.openstack.org/ossa/OSSA-2026-005.html
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T13:50:09Z/
url https://security.openstack.org/ossa/OSSA-2026-005.html
7
reference_url http://www.openwall.com/lists/oss-security/2026/04/07/12
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/04/07/12
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133118
reference_id 1133118
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133118
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2451037
reference_id 2451037
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2451037
10
reference_url https://github.com/advisories/GHSA-4phw-6824-6cfp
reference_id GHSA-4phw-6824-6cfp
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4phw-6824-6cfp
fixed_packages
0
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2026-33551, GHSA-4phw-6824-6cfp
risk_score 1.6
exploitability 0.5
weighted_severity 3.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6wj2-abbb-xqf6
8
url VCID-7rg3-te3d-3qa9
vulnerability_id VCID-7rg3-te3d-3qa9
summary openstack-keystone: Insecure management of LDAP and admin_token configuration file values
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1977.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1977.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-1977
reference_id
reference_type
scores
0
value 0.00114
scoring_system epss
scoring_elements 0.30011
published_at 2026-04-18T12:55:00Z
1
value 0.00114
scoring_system epss
scoring_elements 0.30111
published_at 2026-04-01T12:55:00Z
2
value 0.00114
scoring_system epss
scoring_elements 0.30148
published_at 2026-04-02T12:55:00Z
3
value 0.00114
scoring_system epss
scoring_elements 0.30196
published_at 2026-04-04T12:55:00Z
4
value 0.00114
scoring_system epss
scoring_elements 0.30009
published_at 2026-04-07T12:55:00Z
5
value 0.00114
scoring_system epss
scoring_elements 0.30069
published_at 2026-04-08T12:55:00Z
6
value 0.00114
scoring_system epss
scoring_elements 0.30105
published_at 2026-04-09T12:55:00Z
7
value 0.00114
scoring_system epss
scoring_elements 0.30109
published_at 2026-04-11T12:55:00Z
8
value 0.00114
scoring_system epss
scoring_elements 0.30066
published_at 2026-04-12T12:55:00Z
9
value 0.00114
scoring_system epss
scoring_elements 0.30016
published_at 2026-04-13T12:55:00Z
10
value 0.00114
scoring_system epss
scoring_elements 0.30031
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-1977
2
reference_url https://bugs.launchpad.net/devstack/+bug/1168252
reference_id
reference_type
scores
url https://bugs.launchpad.net/devstack/+bug/1168252
3
reference_url http://www.openwall.com/lists/oss-security/2013/04/19/2
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2013/04/19/2
4
reference_url http://www.openwall.com/lists/oss-security/2013/04/23/7
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2013/04/23/7
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=953910
reference_id 953910
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=953910
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:devstack:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:devstack:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:devstack:-:*:*:*:*:*:*:*
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-1977
reference_id CVE-2013-1977
reference_type
scores
0
value 2.1
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:N/C:P/I:N/A:N
url https://nvd.nist.gov/vuln/detail/CVE-2013-1977
fixed_packages
0
url pkg:deb/debian/keystone@0?distro=trixie
purl pkg:deb/debian/keystone@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@0%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2013-1977
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7rg3-te3d-3qa9
9
url VCID-844e-r6mn-bqh5
vulnerability_id VCID-844e-r6mn-bqh5
summary The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers, which allows remote authenticated users to bypass intended access restrictions and gain access to cloud resources by manipulating byte fields within a revoked token.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7546.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7546.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-7546
reference_id
reference_type
scores
0
value 0.00105
scoring_system epss
scoring_elements 0.28612
published_at 2026-04-01T12:55:00Z
1
value 0.00105
scoring_system epss
scoring_elements 0.28561
published_at 2026-04-18T12:55:00Z
2
value 0.00105
scoring_system epss
scoring_elements 0.28586
published_at 2026-04-16T12:55:00Z
3
value 0.00105
scoring_system epss
scoring_elements 0.28566
published_at 2026-04-13T12:55:00Z
4
value 0.00105
scoring_system epss
scoring_elements 0.28614
published_at 2026-04-12T12:55:00Z
5
value 0.00105
scoring_system epss
scoring_elements 0.28658
published_at 2026-04-11T12:55:00Z
6
value 0.00105
scoring_system epss
scoring_elements 0.28656
published_at 2026-04-09T12:55:00Z
7
value 0.00105
scoring_system epss
scoring_elements 0.28616
published_at 2026-04-08T12:55:00Z
8
value 0.00105
scoring_system epss
scoring_elements 0.28551
published_at 2026-04-07T12:55:00Z
9
value 0.00105
scoring_system epss
scoring_elements 0.28743
published_at 2026-04-04T12:55:00Z
10
value 0.00105
scoring_system epss
scoring_elements 0.28695
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-7546
2
reference_url https://bugs.launchpad.net/keystone/+bug/1490804
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1490804
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7546
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7546
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv2
scoring_elements AV:A/AC:M/Au:N/C:P/I:P/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/openstack/keystone/commit/bff03b5726fe5cac93d44a66715eea49b89c8cb0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/bff03b5726fe5cac93d44a66715eea49b89c8cb0
6
reference_url https://github.com/openstack/keystone/commit/d5378f173da14a34ca010271477337879002d6d0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/d5378f173da14a34ca010271477337879002d6d0
7
reference_url https://github.com/openstack/keystonemiddleware/commit/96ab58e6863c92575ada57615b19652e502adfd8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystonemiddleware/commit/96ab58e6863c92575ada57615b19652e502adfd8
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystonemiddleware/PYSEC-2016-20.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystonemiddleware/PYSEC-2016-20.yaml
9
reference_url https://security.openstack.org/ossa/OSSA-2016-005.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2016-005.html
10
reference_url https://web.archive.org/web/20200228002640/http://www.securityfocus.com/bid/80498
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228002640/http://www.securityfocus.com/bid/80498
11
reference_url https://wiki.openstack.org/wiki/OSSN/OSSN-0062
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://wiki.openstack.org/wiki/OSSN/OSSN-0062
12
reference_url http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
13
reference_url http://www.securityfocus.com/bid/80498
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/80498
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1290774
reference_id 1290774
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1290774
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystonemiddleware:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystonemiddleware:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystonemiddleware:*:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
reference_id cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-7546
reference_id CVE-2015-7546
reference_type
scores
0
value 6.0
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:P/I:P/A:P
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-7546
19
reference_url https://github.com/advisories/GHSA-8c4w-v65p-jvcv
reference_id GHSA-8c4w-v65p-jvcv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8c4w-v65p-jvcv
fixed_packages
0
url pkg:deb/debian/keystone@2:9.0.0~rc2-1?distro=trixie
purl pkg:deb/debian/keystone@2:9.0.0~rc2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:9.0.0~rc2-1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2015-7546, GHSA-8c4w-v65p-jvcv, PYSEC-2016-20
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-844e-r6mn-bqh5
10
url VCID-89vf-n61h-k3b2
vulnerability_id VCID-89vf-n61h-k3b2
summary 
OpenStack Keystone does not invalidate existing tokens when granting or revoking roles
OpenStack Keystone before 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.
references
0
reference_url http://github.com/openstack/keystone/commit/58ac6691a21675be9e2ffb0f84a05fc3cd4d2e2e
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://github.com/openstack/keystone/commit/58ac6691a21675be9e2ffb0f84a05fc3cd4d2e2e
1
reference_url http://osvdb.org/85484
reference_id
reference_type
scores
url http://osvdb.org/85484
2
reference_url https://access.redhat.com/errata/RHSA-2012:1378
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2012:1378
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4413.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4413.json
4
reference_url https://access.redhat.com/security/cve/CVE-2012-4413
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2012-4413
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-4413
reference_id
reference_type
scores
0
value 0.00428
scoring_system epss
scoring_elements 0.62503
published_at 2026-04-18T12:55:00Z
1
value 0.00428
scoring_system epss
scoring_elements 0.62346
published_at 2026-04-01T12:55:00Z
2
value 0.00428
scoring_system epss
scoring_elements 0.62404
published_at 2026-04-02T12:55:00Z
3
value 0.00428
scoring_system epss
scoring_elements 0.62435
published_at 2026-04-04T12:55:00Z
4
value 0.00428
scoring_system epss
scoring_elements 0.62402
published_at 2026-04-07T12:55:00Z
5
value 0.00428
scoring_system epss
scoring_elements 0.6245
published_at 2026-04-08T12:55:00Z
6
value 0.00428
scoring_system epss
scoring_elements 0.62467
published_at 2026-04-09T12:55:00Z
7
value 0.00428
scoring_system epss
scoring_elements 0.62486
published_at 2026-04-11T12:55:00Z
8
value 0.00428
scoring_system epss
scoring_elements 0.62475
published_at 2026-04-12T12:55:00Z
9
value 0.00428
scoring_system epss
scoring_elements 0.62453
published_at 2026-04-13T12:55:00Z
10
value 0.00428
scoring_system epss
scoring_elements 0.62497
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-4413
6
reference_url https://bugs.launchpad.net/keystone/+bug/1041396
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1041396
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=855491
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=855491
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4413
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4413
9
reference_url http://secunia.com/advisories/50531
reference_id
reference_type
scores
url http://secunia.com/advisories/50531
10
reference_url http://secunia.com/advisories/50590
reference_id
reference_type
scores
url http://secunia.com/advisories/50590
11
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/78478
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/78478
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-4413
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:P/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-4413
13
reference_url https://opendev.org/openstack/keystone
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/keystone
14
reference_url https://review.opendev.org/c/openstack/keystone/+/12870
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://review.opendev.org/c/openstack/keystone/+/12870
15
reference_url https://review.opendev.org/c/openstack/keystone/+/12870/
reference_id
reference_type
scores
url https://review.opendev.org/c/openstack/keystone/+/12870/
16
reference_url https://web.archive.org/web/20121114023848/http://www.securityfocus.com/bid/55524
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121114023848/http://www.securityfocus.com/bid/55524
17
reference_url http://www.openwall.com/lists/oss-security/2012/09/12/7
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/09/12/7
18
reference_url http://www.securityfocus.com/bid/55524
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/55524
19
reference_url http://www.ubuntu.com/usn/USN-1564-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1564-1
20
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687428
reference_id 687428
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687428
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2012.1.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:2012.1.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2012.1.3:*:*:*:*:*:*:*
22
reference_url https://github.com/advisories/GHSA-mrxv-65rv-6hxq
reference_id GHSA-mrxv-65rv-6hxq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mrxv-65rv-6hxq
23
reference_url https://usn.ubuntu.com/1564-1/
reference_id USN-1564-1
reference_type
scores
url https://usn.ubuntu.com/1564-1/
fixed_packages
0
url pkg:deb/debian/keystone@2012.1.1-6?distro=trixie
purl pkg:deb/debian/keystone@2012.1.1-6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1.1-6%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2012-4413, GHSA-mrxv-65rv-6hxq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-89vf-n61h-k3b2
11
url VCID-8bat-qwmh-fyer
vulnerability_id VCID-8bat-qwmh-fyer
summary 
OpenStack Identity (Keystone) Denial of Service
OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-July/111914.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2013-July/111914.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2014
reference_id
reference_type
scores
0
value 0.02372
scoring_system epss
scoring_elements 0.84984
published_at 2026-04-18T12:55:00Z
1
value 0.02372
scoring_system epss
scoring_elements 0.84918
published_at 2026-04-04T12:55:00Z
2
value 0.02372
scoring_system epss
scoring_elements 0.84923
published_at 2026-04-07T12:55:00Z
3
value 0.02372
scoring_system epss
scoring_elements 0.84946
published_at 2026-04-08T12:55:00Z
4
value 0.02372
scoring_system epss
scoring_elements 0.84952
published_at 2026-04-09T12:55:00Z
5
value 0.02372
scoring_system epss
scoring_elements 0.84968
published_at 2026-04-11T12:55:00Z
6
value 0.02372
scoring_system epss
scoring_elements 0.84966
published_at 2026-04-12T12:55:00Z
7
value 0.02372
scoring_system epss
scoring_elements 0.84962
published_at 2026-04-13T12:55:00Z
8
value 0.02372
scoring_system epss
scoring_elements 0.84983
published_at 2026-04-16T12:55:00Z
9
value 0.02372
scoring_system epss
scoring_elements 0.84884
published_at 2026-04-01T12:55:00Z
10
value 0.02372
scoring_system epss
scoring_elements 0.849
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2014
2
reference_url https://bugs.launchpad.net/keystone/+bug/1098177
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1098177
3
reference_url https://bugs.launchpad.net/keystone/+bug/1099025
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1099025
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2014
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2014
5
reference_url http://secunia.com/advisories/53397
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/53397
6
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/84347
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/84347
7
reference_url https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8
8
reference_url http://www.securityfocus.com/bid/59936
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/59936
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708515
reference_id 708515
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708515
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2014
reference_id CVE-2013-2014
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-2014
11
reference_url https://github.com/advisories/GHSA-7332-36h8-8jh8
reference_id GHSA-7332-36h8-8jh8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7332-36h8-8jh8
fixed_packages
0
url pkg:deb/debian/keystone@2013.1.1-2?distro=trixie
purl pkg:deb/debian/keystone@2013.1.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.1.1-2%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2013-2014, GHSA-7332-36h8-8jh8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8bat-qwmh-fyer
12
url VCID-8tkd-pcuy-d7ax
vulnerability_id VCID-8tkd-pcuy-d7ax
summary The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being invalidated by bulk token revocation and allows the trustee to bypass intended access restrictions.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2014-0580.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2014-0580.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2237.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2237.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-2237
reference_id
reference_type
scores
0
value 0.00188
scoring_system epss
scoring_elements 0.40699
published_at 2026-04-02T12:55:00Z
1
value 0.00188
scoring_system epss
scoring_elements 0.40687
published_at 2026-04-18T12:55:00Z
2
value 0.00188
scoring_system epss
scoring_elements 0.40716
published_at 2026-04-16T12:55:00Z
3
value 0.00188
scoring_system epss
scoring_elements 0.40671
published_at 2026-04-13T12:55:00Z
4
value 0.00188
scoring_system epss
scoring_elements 0.4069
published_at 2026-04-12T12:55:00Z
5
value 0.00188
scoring_system epss
scoring_elements 0.40724
published_at 2026-04-11T12:55:00Z
6
value 0.00188
scoring_system epss
scoring_elements 0.40707
published_at 2026-04-09T12:55:00Z
7
value 0.00188
scoring_system epss
scoring_elements 0.40701
published_at 2026-04-08T12:55:00Z
8
value 0.00188
scoring_system epss
scoring_elements 0.40651
published_at 2026-04-07T12:55:00Z
9
value 0.00188
scoring_system epss
scoring_elements 0.40728
published_at 2026-04-04T12:55:00Z
10
value 0.00188
scoring_system epss
scoring_elements 0.40614
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-2237
3
reference_url https://bugs.launchpad.net/keystone/+bug/1260080
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1260080
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2237
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2237
5
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
6
reference_url https://github.com/openstack/keystone/commit/813d1254eb4f7a7d40009b23bbadbc4c5cc5daac
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/813d1254eb4f7a7d40009b23bbadbc4c5cc5daac
7
reference_url https://github.com/openstack/keystone/commit/a411c944af78c36f2fdb87d305ba452dc52d7ed3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/a411c944af78c36f2fdb87d305ba452dc52d7ed3
8
reference_url https://github.com/openstack/keystone/commit/b6f0e26da0e2ab0892a5658da281a065e668637b
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/b6f0e26da0e2ab0892a5658da281a065e668637b
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-105.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-105.yaml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-2237
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-2237
11
reference_url https://rhn.redhat.com/errata/RHSA-2014-0580.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://rhn.redhat.com/errata/RHSA-2014-0580.html
12
reference_url http://www.openwall.com/lists/oss-security/2014/03/04/16
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/03/04/16
13
reference_url http://www.securityfocus.com/bid/65895
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/65895
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1071434
reference_id 1071434
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1071434
15
reference_url https://github.com/advisories/GHSA-23x9-8hxr-978c
reference_id GHSA-23x9-8hxr-978c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-23x9-8hxr-978c
16
reference_url https://access.redhat.com/errata/RHSA-2014:0368
reference_id RHSA-2014:0368
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0368
17
reference_url https://access.redhat.com/errata/RHSA-2014:0580
reference_id RHSA-2014:0580
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0580
fixed_packages
0
url pkg:deb/debian/keystone@2013.2.3-1?distro=trixie
purl pkg:deb/debian/keystone@2013.2.3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.2.3-1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2014-2237, GHSA-23x9-8hxr-978c, PYSEC-2014-105
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8tkd-pcuy-d7ax
13
url VCID-8yfq-hpqh-zqcp
vulnerability_id VCID-8yfq-hpqh-zqcp
summary 
XML External Entity (XXE) in Django
The XML libraries for Python as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.
references
0
reference_url http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html
1
reference_url http://bugs.python.org/issue17239
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://bugs.python.org/issue17239
2
reference_url http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2013-0657.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0657.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2013-0658.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0658.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2013-0670.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0670.html
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1665.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1665.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-1665
reference_id
reference_type
scores
0
value 0.02995
scoring_system epss
scoring_elements 0.86576
published_at 2026-04-18T12:55:00Z
1
value 0.02995
scoring_system epss
scoring_elements 0.86495
published_at 2026-04-01T12:55:00Z
2
value 0.02995
scoring_system epss
scoring_elements 0.86505
published_at 2026-04-02T12:55:00Z
3
value 0.02995
scoring_system epss
scoring_elements 0.86524
published_at 2026-04-04T12:55:00Z
4
value 0.02995
scoring_system epss
scoring_elements 0.86523
published_at 2026-04-07T12:55:00Z
5
value 0.02995
scoring_system epss
scoring_elements 0.86543
published_at 2026-04-08T12:55:00Z
6
value 0.02995
scoring_system epss
scoring_elements 0.86553
published_at 2026-04-09T12:55:00Z
7
value 0.02995
scoring_system epss
scoring_elements 0.86567
published_at 2026-04-11T12:55:00Z
8
value 0.02995
scoring_system epss
scoring_elements 0.86564
published_at 2026-04-12T12:55:00Z
9
value 0.02995
scoring_system epss
scoring_elements 0.86557
published_at 2026-04-13T12:55:00Z
10
value 0.02995
scoring_system epss
scoring_elements 0.86572
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-1665
8
reference_url https://bugs.launchpad.net/keystone/+bug/1100279
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1100279
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1665
10
reference_url https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40
11
reference_url https://github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-1665
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-1665
13
reference_url http://ubuntu.com/usn/usn-1757-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://ubuntu.com/usn/usn-1757-1
14
reference_url http://www.debian.org/security/2013/dsa-2634
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2013/dsa-2634
15
reference_url http://www.openwall.com/lists/oss-security/2013/02/19/2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/02/19/2
16
reference_url http://www.openwall.com/lists/oss-security/2013/02/19/4
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/02/19/4
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700948
reference_id 700948
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700948
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=912982
reference_id 912982
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=912982
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone_essex:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone_essex:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone_essex:-:*:*:*:*:*:*:*
21
reference_url https://github.com/advisories/GHSA-x64m-686f-fmm3
reference_id GHSA-x64m-686f-fmm3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x64m-686f-fmm3
22
reference_url https://access.redhat.com/errata/RHSA-2013:0596
reference_id RHSA-2013:0596
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0596
23
reference_url https://access.redhat.com/errata/RHSA-2013:0657
reference_id RHSA-2013:0657
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0657
24
reference_url https://access.redhat.com/errata/RHSA-2013:0658
reference_id RHSA-2013:0658
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0658
25
reference_url https://access.redhat.com/errata/RHSA-2013:0670
reference_id RHSA-2013:0670
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0670
26
reference_url https://usn.ubuntu.com/1730-1/
reference_id USN-1730-1
reference_type
scores
url https://usn.ubuntu.com/1730-1/
27
reference_url https://usn.ubuntu.com/1757-1/
reference_id USN-1757-1
reference_type
scores
url https://usn.ubuntu.com/1757-1/
fixed_packages
0
url pkg:deb/debian/keystone@2012.1.1-13?distro=trixie
purl pkg:deb/debian/keystone@2012.1.1-13?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1.1-13%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2013-1665, GHSA-x64m-686f-fmm3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8yfq-hpqh-zqcp
14
url VCID-91k2-z5s1-gbbx
vulnerability_id VCID-91k2-z5s1-gbbx
summary openstack-keystone: Authentication bypass when using LDAP backend
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2157.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2157.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2157
reference_id
reference_type
scores
0
value 0.00288
scoring_system epss
scoring_elements 0.5217
published_at 2026-04-01T12:55:00Z
1
value 0.00288
scoring_system epss
scoring_elements 0.52213
published_at 2026-04-02T12:55:00Z
2
value 0.00288
scoring_system epss
scoring_elements 0.5224
published_at 2026-04-04T12:55:00Z
3
value 0.00288
scoring_system epss
scoring_elements 0.52204
published_at 2026-04-07T12:55:00Z
4
value 0.00288
scoring_system epss
scoring_elements 0.52258
published_at 2026-04-08T12:55:00Z
5
value 0.00288
scoring_system epss
scoring_elements 0.52253
published_at 2026-04-09T12:55:00Z
6
value 0.00288
scoring_system epss
scoring_elements 0.52304
published_at 2026-04-11T12:55:00Z
7
value 0.00288
scoring_system epss
scoring_elements 0.52288
published_at 2026-04-12T12:55:00Z
8
value 0.00288
scoring_system epss
scoring_elements 0.52273
published_at 2026-04-13T12:55:00Z
9
value 0.00288
scoring_system epss
scoring_elements 0.52311
published_at 2026-04-16T12:55:00Z
10
value 0.00288
scoring_system epss
scoring_elements 0.52315
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2157
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2157
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2157
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712160
reference_id 712160
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712160
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=971884
reference_id 971884
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=971884
5
reference_url https://access.redhat.com/errata/RHSA-2013:0994
reference_id RHSA-2013:0994
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0994
6
reference_url https://access.redhat.com/errata/RHSA-2013:1083
reference_id RHSA-2013:1083
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1083
7
reference_url https://usn.ubuntu.com/1875-1/
reference_id USN-1875-1
reference_type
scores
url https://usn.ubuntu.com/1875-1/
fixed_packages
0
url pkg:deb/debian/keystone@2013.1.2-1?distro=trixie
purl pkg:deb/debian/keystone@2013.1.2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.1.2-1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2013-2157
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-91k2-z5s1-gbbx
15
url VCID-93vc-hgec-nfe6
vulnerability_id VCID-93vc-hgec-nfe6
summary 
Openstack Keystone Incorrect Authorization vulnerability
A flaw was found in openstack-keystone, only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity. A [patch](https://opendev.org/openstack/keystone/commit/7859ed26003858ebfd9a5e866b43f1a6a9e83dca) is available.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3563.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3563.json
1
reference_url https://access.redhat.com/security/cve/CVE-2021-3563
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2021-3563
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3563
reference_id
reference_type
scores
0
value 0.00056
scoring_system epss
scoring_elements 0.17638
published_at 2026-04-13T12:55:00Z
1
value 0.00056
scoring_system epss
scoring_elements 0.17593
published_at 2026-04-18T12:55:00Z
2
value 0.00056
scoring_system epss
scoring_elements 0.17689
published_at 2026-04-12T12:55:00Z
3
value 0.00056
scoring_system epss
scoring_elements 0.17735
published_at 2026-04-11T12:55:00Z
4
value 0.00056
scoring_system epss
scoring_elements 0.17717
published_at 2026-04-09T12:55:00Z
5
value 0.00056
scoring_system epss
scoring_elements 0.17656
published_at 2026-04-08T12:55:00Z
6
value 0.00056
scoring_system epss
scoring_elements 0.17566
published_at 2026-04-07T12:55:00Z
7
value 0.00056
scoring_system epss
scoring_elements 0.17866
published_at 2026-04-04T12:55:00Z
8
value 0.00056
scoring_system epss
scoring_elements 0.17812
published_at 2026-04-02T12:55:00Z
9
value 0.00056
scoring_system epss
scoring_elements 0.1765
published_at 2026-04-01T12:55:00Z
10
value 0.00056
scoring_system epss
scoring_elements 0.17584
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3563
3
reference_url https://bugs.launchpad.net/ossa/+bug/1901891
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/ossa/+bug/1901891
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1962908
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1962908
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3563
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3563
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://lists.debian.org/debian-lts-announce/2024/01/msg00007.html
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/01/msg00007.html
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3563
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3563
9
reference_url https://opendev.org/openstack/keystone
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/keystone
10
reference_url https://opendev.org/openstack/keystone/commit/7859ed26003858ebfd9a5e866b43f1a6a9e83dca
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/keystone/commit/7859ed26003858ebfd9a5e866b43f1a6a9e83dca
11
reference_url https://review.opendev.org/c/openstack/keystone/+/803641
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://review.opendev.org/c/openstack/keystone/+/803641
12
reference_url https://review.opendev.org/c/openstack/keystone/+/828595
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://review.opendev.org/c/openstack/keystone/+/828595
13
reference_url https://review.opendev.org/c/openstack/keystone/+/856489
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://review.opendev.org/c/openstack/keystone/+/856489
14
reference_url https://security-tracker.debian.org/tracker/CVE-2021-3563
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security-tracker.debian.org/tracker/CVE-2021-3563
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989998
reference_id 989998
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989998
16
reference_url https://security.archlinux.org/AVG-1979
reference_id AVG-1979
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1979
17
reference_url https://github.com/advisories/GHSA-cc99-whm5-mmq3
reference_id GHSA-cc99-whm5-mmq3
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cc99-whm5-mmq3
18
reference_url https://usn.ubuntu.com/7926-1/
reference_id USN-7926-1
reference_type
scores
url https://usn.ubuntu.com/7926-1/
fixed_packages
0
url pkg:deb/debian/keystone@2:23.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:23.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:23.0.0-3%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2021-3563, GHSA-cc99-whm5-mmq3
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-93vc-hgec-nfe6
16
url VCID-96bg-ytf8-9fhd
vulnerability_id VCID-96bg-ytf8-9fhd
summary An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles.
references
0
reference_url https://access.redhat.com/errata/RHSA-2017:1461
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:1461
1
reference_url https://access.redhat.com/errata/RHSA-2017:1597
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:1597
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2673.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2673.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-2673
reference_id
reference_type
scores
0
value 0.00572
scoring_system epss
scoring_elements 0.68619
published_at 2026-04-04T12:55:00Z
1
value 0.00572
scoring_system epss
scoring_elements 0.68601
published_at 2026-04-02T12:55:00Z
2
value 0.00572
scoring_system epss
scoring_elements 0.68583
published_at 2026-04-01T12:55:00Z
3
value 0.00572
scoring_system epss
scoring_elements 0.68665
published_at 2026-04-09T12:55:00Z
4
value 0.00572
scoring_system epss
scoring_elements 0.68689
published_at 2026-04-16T12:55:00Z
5
value 0.00572
scoring_system epss
scoring_elements 0.68676
published_at 2026-04-12T12:55:00Z
6
value 0.00572
scoring_system epss
scoring_elements 0.687
published_at 2026-04-18T12:55:00Z
7
value 0.00572
scoring_system epss
scoring_elements 0.68647
published_at 2026-04-13T12:55:00Z
8
value 0.00572
scoring_system epss
scoring_elements 0.68596
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-2673
4
reference_url https://bugs.launchpad.net/keystone/+bug/1677723
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1677723
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1439586
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1439586
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2673
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2673
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2673
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2673
8
reference_url http://seclists.org/oss-sec/2017/q2/125
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/oss-sec/2017/q2/125
9
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv2
scoring_elements AV:L/AC:M/Au:S/C:C/I:C/A:C
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
11
reference_url https://github.com/openstack/keystone/commit/05a129e54573b6cbda1ec095f4526f2b9ba90a90
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/05a129e54573b6cbda1ec095f4526f2b9ba90a90
12
reference_url https://github.com/openstack/keystone/commit/2139639eeabc8f6941f4461fc87d609cde3118c2
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/2139639eeabc8f6941f4461fc87d609cde3118c2
13
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2018-152.yaml
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2018-152.yaml
14
reference_url http://www.securityfocus.com/bid/98032
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/98032
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861189
reference_id 861189
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861189
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*
18
reference_url https://access.redhat.com/security/cve/CVE-2017-2673
reference_id CVE-2017-2673
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2017-2673
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2673
reference_id CVE-2017-2673
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
1
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
2
value 7.2
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
3
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
4
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
5
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-2673
20
reference_url https://github.com/advisories/GHSA-j36m-hv43-7w7m
reference_id GHSA-j36m-hv43-7w7m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j36m-hv43-7w7m
21
reference_url https://usn.ubuntu.com/3448-1/
reference_id USN-3448-1
reference_type
scores
url https://usn.ubuntu.com/3448-1/
fixed_packages
0
url pkg:deb/debian/keystone@2:10.0.0-9?distro=trixie
purl pkg:deb/debian/keystone@2:10.0.0-9?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:10.0.0-9%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2017-2673, GHSA-j36m-hv43-7w7m, PYSEC-2018-152
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-96bg-ytf8-9fhd
17
url VCID-9dhg-r711-yfg6
vulnerability_id VCID-9dhg-r711-yfg6
summary 
Exposure of Sensitive Information to an Unauthorized Actor
OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs.
references
0
reference_url http://lists.openstack.org/pipermail/openstack-announce/2015-May/000356.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.openstack.org/pipermail/openstack-announce/2015-May/000356.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3646.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3646.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-3646
reference_id
reference_type
scores
0
value 0.00177
scoring_system epss
scoring_elements 0.39207
published_at 2026-04-18T12:55:00Z
1
value 0.00177
scoring_system epss
scoring_elements 0.39236
published_at 2026-04-16T12:55:00Z
2
value 0.00177
scoring_system epss
scoring_elements 0.39156
published_at 2026-04-07T12:55:00Z
3
value 0.00177
scoring_system epss
scoring_elements 0.3921
published_at 2026-04-08T12:55:00Z
4
value 0.00177
scoring_system epss
scoring_elements 0.39226
published_at 2026-04-09T12:55:00Z
5
value 0.00177
scoring_system epss
scoring_elements 0.39238
published_at 2026-04-11T12:55:00Z
6
value 0.00177
scoring_system epss
scoring_elements 0.39201
published_at 2026-04-12T12:55:00Z
7
value 0.00177
scoring_system epss
scoring_elements 0.39182
published_at 2026-04-13T12:55:00Z
8
value 0.00177
scoring_system epss
scoring_elements 0.39029
published_at 2026-04-01T12:55:00Z
9
value 0.00177
scoring_system epss
scoring_elements 0.39214
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-3646
3
reference_url https://bugs.launchpad.net/keystone/+bug/1443598
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1443598
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3646
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3646
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:P/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
7
reference_url https://web.archive.org/web/20210122154200/http://www.securityfocus.com/bid/74456
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210122154200/http://www.securityfocus.com/bid/74456
8
reference_url http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1218640
reference_id 1218640
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1218640
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-3646
reference_id CVE-2015-3646
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-3646
11
reference_url https://github.com/advisories/GHSA-jwpw-ppj5-7h4w
reference_id GHSA-jwpw-ppj5-7h4w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jwpw-ppj5-7h4w
fixed_packages
0
url pkg:deb/debian/keystone@2015.1.0-1?distro=trixie
purl pkg:deb/debian/keystone@2015.1.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2015.1.0-1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2015-3646, GHSA-jwpw-ppj5-7h4w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9dhg-r711-yfg6
18
url VCID-am2m-2fgu-xkfk
vulnerability_id VCID-am2m-2fgu-xkfk
summary openstack-keystone: Keystone V2 trusts privilege escalation through user supplied project id
references
0
reference_url http://lists.openstack.org/pipermail/openstack-announce/2014-July/000248.html
reference_id
reference_type
scores
url http://lists.openstack.org/pipermail/openstack-announce/2014-July/000248.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3520.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3520.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3520
reference_id
reference_type
scores
0
value 0.00428
scoring_system epss
scoring_elements 0.62484
published_at 2026-04-18T12:55:00Z
1
value 0.00428
scoring_system epss
scoring_elements 0.62327
published_at 2026-04-01T12:55:00Z
2
value 0.00428
scoring_system epss
scoring_elements 0.62385
published_at 2026-04-02T12:55:00Z
3
value 0.00428
scoring_system epss
scoring_elements 0.62416
published_at 2026-04-04T12:55:00Z
4
value 0.00428
scoring_system epss
scoring_elements 0.62381
published_at 2026-04-07T12:55:00Z
5
value 0.00428
scoring_system epss
scoring_elements 0.62429
published_at 2026-04-08T12:55:00Z
6
value 0.00428
scoring_system epss
scoring_elements 0.62447
published_at 2026-04-09T12:55:00Z
7
value 0.00428
scoring_system epss
scoring_elements 0.62466
published_at 2026-04-11T12:55:00Z
8
value 0.00428
scoring_system epss
scoring_elements 0.62456
published_at 2026-04-12T12:55:00Z
9
value 0.00428
scoring_system epss
scoring_elements 0.62433
published_at 2026-04-13T12:55:00Z
10
value 0.00428
scoring_system epss
scoring_elements 0.62477
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3520
3
reference_url https://bugs.launchpad.net/keystone/+bug/1331912
reference_id
reference_type
scores
url https://bugs.launchpad.net/keystone/+bug/1331912
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3520
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3520
5
reference_url http://secunia.com/advisories/59426
reference_id
reference_type
scores
url http://secunia.com/advisories/59426
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1112668
reference_id 1112668
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1112668
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753511
reference_id 753511
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753511
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3520
reference_id CVE-2014-3520
reference_type
scores
0
value 6.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:P/A:P
url https://nvd.nist.gov/vuln/detail/CVE-2014-3520
10
reference_url https://access.redhat.com/errata/RHSA-2014:0994
reference_id RHSA-2014:0994
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0994
11
reference_url https://usn.ubuntu.com/2324-1/
reference_id USN-2324-1
reference_type
scores
url https://usn.ubuntu.com/2324-1/
fixed_packages
0
url pkg:deb/debian/keystone@2014.1.1-3?distro=trixie
purl pkg:deb/debian/keystone@2014.1.1-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.1-3%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2014-3520
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-am2m-2fgu-xkfk
19
url VCID-cg74-2jr1-2fhp
vulnerability_id VCID-cg74-2jr1-2fhp
summary OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106220.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106220.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2013-06/msg00085.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-06/msg00085.html
3
reference_url http://osvdb.org/93134
reference_id
reference_type
scores
url http://osvdb.org/93134
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2059
reference_id
reference_type
scores
0
value 0.00908
scoring_system epss
scoring_elements 0.75806
published_at 2026-04-18T12:55:00Z
1
value 0.00908
scoring_system epss
scoring_elements 0.75707
published_at 2026-04-01T12:55:00Z
2
value 0.00908
scoring_system epss
scoring_elements 0.75709
published_at 2026-04-02T12:55:00Z
3
value 0.00908
scoring_system epss
scoring_elements 0.7574
published_at 2026-04-04T12:55:00Z
4
value 0.00908
scoring_system epss
scoring_elements 0.75719
published_at 2026-04-07T12:55:00Z
5
value 0.00908
scoring_system epss
scoring_elements 0.75753
published_at 2026-04-08T12:55:00Z
6
value 0.00908
scoring_system epss
scoring_elements 0.75764
published_at 2026-04-13T12:55:00Z
7
value 0.00908
scoring_system epss
scoring_elements 0.75789
published_at 2026-04-11T12:55:00Z
8
value 0.00908
scoring_system epss
scoring_elements 0.7577
published_at 2026-04-12T12:55:00Z
9
value 0.00908
scoring_system epss
scoring_elements 0.75802
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2059
5
reference_url https://bugs.launchpad.net/keystone/+bug/1166670
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1166670
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2059
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2059
7
reference_url http://secunia.com/advisories/53326
reference_id
reference_type
scores
url http://secunia.com/advisories/53326
8
reference_url http://secunia.com/advisories/53339
reference_id
reference_type
scores
url http://secunia.com/advisories/53339
9
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/84135
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/84135
10
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
11
reference_url https://github.com/openstack/keystone/commit/33214f311aa36b17f8f5ff06bee2130bf061df8f
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/33214f311aa36b17f8f5ff06bee2130bf061df8f
12
reference_url https://github.com/openstack/keystone/commit/678b06a91f772d6be82eb54ed11f27e20f446b57
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/678b06a91f772d6be82eb54ed11f27e20f446b57
13
reference_url https://github.com/openstack/keystone/commit/992466d1dbf80a940190703dedf800d6d12dede8
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/992466d1dbf80a940190703dedf800d6d12dede8
14
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-41.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-41.yaml
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2059
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:P/I:P/A:P
1
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-2059
16
reference_url http://www.openwall.com/lists/oss-security/2013/05/09/3
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/05/09/3
17
reference_url http://www.openwall.com/lists/oss-security/2013/05/09/4
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/05/09/4
18
reference_url http://www.securityfocus.com/bid/59787
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/59787
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707598
reference_id 707598
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707598
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2012.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:2012.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2012.1:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:2013.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:*:*:*:*:*:*:*
22
reference_url https://github.com/advisories/GHSA-hj89-qmx9-8qmh
reference_id GHSA-hj89-qmx9-8qmh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hj89-qmx9-8qmh
23
reference_url https://usn.ubuntu.com/1830-1/
reference_id USN-1830-1
reference_type
scores
url https://usn.ubuntu.com/1830-1/
fixed_packages
0
url pkg:deb/debian/keystone@2013.1.1-2?distro=trixie
purl pkg:deb/debian/keystone@2013.1.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.1.1-2%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2013-2059, GHSA-hj89-qmx9-8qmh, PYSEC-2013-41
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cg74-2jr1-2fhp
20
url VCID-cm7y-v3wx-ekf2
vulnerability_id VCID-cm7y-v3wx-ekf2
summary Keystone: denial of service through invalid token requests
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098906.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098906.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2013-0253.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2013-0253.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0247.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0247.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-0247
reference_id
reference_type
scores
0
value 0.0296
scoring_system epss
scoring_elements 0.86502
published_at 2026-04-18T12:55:00Z
1
value 0.0296
scoring_system epss
scoring_elements 0.86416
published_at 2026-04-01T12:55:00Z
2
value 0.0296
scoring_system epss
scoring_elements 0.86427
published_at 2026-04-02T12:55:00Z
3
value 0.0296
scoring_system epss
scoring_elements 0.86446
published_at 2026-04-04T12:55:00Z
4
value 0.0296
scoring_system epss
scoring_elements 0.86447
published_at 2026-04-07T12:55:00Z
5
value 0.0296
scoring_system epss
scoring_elements 0.86465
published_at 2026-04-08T12:55:00Z
6
value 0.0296
scoring_system epss
scoring_elements 0.86475
published_at 2026-04-09T12:55:00Z
7
value 0.0296
scoring_system epss
scoring_elements 0.86491
published_at 2026-04-11T12:55:00Z
8
value 0.0296
scoring_system epss
scoring_elements 0.86488
published_at 2026-04-12T12:55:00Z
9
value 0.0296
scoring_system epss
scoring_elements 0.86482
published_at 2026-04-13T12:55:00Z
10
value 0.0296
scoring_system epss
scoring_elements 0.86497
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-0247
4
reference_url https://bugs.launchpad.net/keystone/+bug/1098307
reference_id
reference_type
scores
url https://bugs.launchpad.net/keystone/+bug/1098307
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0247
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0247
6
reference_url http://www.securityfocus.com/bid/57747
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/57747
7
reference_url http://www.ubuntu.com/usn/USN-1715-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-1715-1
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699835
reference_id 699835
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699835
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=906171
reference_id 906171
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=906171
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-0247
reference_id CVE-2013-0247
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
url https://nvd.nist.gov/vuln/detail/CVE-2013-0247
14
reference_url https://access.redhat.com/errata/RHSA-2013:0253
reference_id RHSA-2013:0253
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0253
15
reference_url https://usn.ubuntu.com/1715-1/
reference_id USN-1715-1
reference_type
scores
url https://usn.ubuntu.com/1715-1/
fixed_packages
0
url pkg:deb/debian/keystone@2012.1.1-12?distro=trixie
purl pkg:deb/debian/keystone@2012.1.1-12?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1.1-12%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2013-0247
risk_score 2.2
exploitability 0.5
weighted_severity 4.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cm7y-v3wx-ekf2
21
url VCID-enq4-sb38-6kfz
vulnerability_id VCID-enq4-sb38-6kfz
summary 
Improper Authentication
OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4457.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4457.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-4457
reference_id
reference_type
scores
0
value 0.00561
scoring_system epss
scoring_elements 0.68259
published_at 2026-04-07T12:55:00Z
1
value 0.00561
scoring_system epss
scoring_elements 0.68356
published_at 2026-04-18T12:55:00Z
2
value 0.00561
scoring_system epss
scoring_elements 0.68345
published_at 2026-04-16T12:55:00Z
3
value 0.00561
scoring_system epss
scoring_elements 0.68305
published_at 2026-04-13T12:55:00Z
4
value 0.00561
scoring_system epss
scoring_elements 0.68242
published_at 2026-04-01T12:55:00Z
5
value 0.00561
scoring_system epss
scoring_elements 0.68309
published_at 2026-04-08T12:55:00Z
6
value 0.00561
scoring_system epss
scoring_elements 0.68263
published_at 2026-04-02T12:55:00Z
7
value 0.00561
scoring_system epss
scoring_elements 0.68283
published_at 2026-04-04T12:55:00Z
8
value 0.00561
scoring_system epss
scoring_elements 0.68338
published_at 2026-04-12T12:55:00Z
9
value 0.00561
scoring_system epss
scoring_elements 0.68351
published_at 2026-04-11T12:55:00Z
10
value 0.00561
scoring_system epss
scoring_elements 0.68325
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-4457
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=861180
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=861180
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4457
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4457
4
reference_url http://secunia.com/advisories/50665
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/50665
5
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/78947
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/78947
6
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
7
reference_url https://github.com/openstack/keystone/commit/4ebfdfaf23c6da8e3c182bf3ec2cb2b7132ef685
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/4ebfdfaf23c6da8e3c182bf3ec2cb2b7132ef685
8
reference_url https://github.com/openstack/keystone/commit/5373601bbdda10f879c08af1698852142b75f8d5
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/5373601bbdda10f879c08af1698852142b75f8d5
9
reference_url https://lists.launchpad.net/openstack/msg17035.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.launchpad.net/openstack/msg17035.html
10
reference_url http://www.openwall.com/lists/oss-security/2012/09/28/6
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/09/28/6
11
reference_url http://www.securityfocus.com/bid/55716
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/55716
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689210
reference_id 689210
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689210
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2012.2:milestone1:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:2012.2:milestone1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2012.2:milestone1:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2012.2:milestone2:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:2012.2:milestone2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2012.2:milestone2:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-4457
reference_id CVE-2012-4457
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-4457
17
reference_url https://github.com/advisories/GHSA-x8h4-xf47-pqc3
reference_id GHSA-x8h4-xf47-pqc3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x8h4-xf47-pqc3
fixed_packages
0
url pkg:deb/debian/keystone@2012.1.1-9?distro=trixie
purl pkg:deb/debian/keystone@2012.1.1-9?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1.1-9%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2012-4457, GHSA-x8h4-xf47-pqc3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-enq4-sb38-6kfz
22
url VCID-gdk6-a746-6fac
vulnerability_id VCID-gdk6-a746-6fac
summary OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforce_scope is false. Users with a role on a project are able to view any other users' credentials, which could (for example) leak sign-on information for Time-based One Time Passwords (TOTP). Deployments with enforce_scope set to false are affected. (There will be a slight performance impact for the list credentials API once this issue is fixed.)
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:4358
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:4358
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19687.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19687.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-19687
reference_id
reference_type
scores
0
value 0.00728
scoring_system epss
scoring_elements 0.72565
published_at 2026-04-01T12:55:00Z
1
value 0.00728
scoring_system epss
scoring_elements 0.72664
published_at 2026-04-18T12:55:00Z
2
value 0.00728
scoring_system epss
scoring_elements 0.72654
published_at 2026-04-16T12:55:00Z
3
value 0.00728
scoring_system epss
scoring_elements 0.72612
published_at 2026-04-13T12:55:00Z
4
value 0.00728
scoring_system epss
scoring_elements 0.72566
published_at 2026-04-07T12:55:00Z
5
value 0.00728
scoring_system epss
scoring_elements 0.72589
published_at 2026-04-04T12:55:00Z
6
value 0.00728
scoring_system epss
scoring_elements 0.72573
published_at 2026-04-02T12:55:00Z
7
value 0.00728
scoring_system epss
scoring_elements 0.72622
published_at 2026-04-12T12:55:00Z
8
value 0.00728
scoring_system epss
scoring_elements 0.72639
published_at 2026-04-11T12:55:00Z
9
value 0.00728
scoring_system epss
scoring_elements 0.72616
published_at 2026-04-09T12:55:00Z
10
value 0.00728
scoring_system epss
scoring_elements 0.72604
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-19687
3
reference_url https://bugs.launchpad.net/keystone/+bug/1855080
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1855080
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1781470
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1781470
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19687
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19687
6
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
7
reference_url https://github.com/openstack/keystone/commit/17947516b0095c51da5cff94771247f2e7c44ee6
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/17947516b0095c51da5cff94771247f2e7c44ee6
8
reference_url https://github.com/openstack/keystone/commit/17c337dbdbfb9d548ad531c2ad0483c9bce5b98f
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/17c337dbdbfb9d548ad531c2ad0483c9bce5b98f
9
reference_url https://github.com/openstack/keystone/commit/bd3f63787151183f4daa43578aa491856fefae5b
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/bd3f63787151183f4daa43578aa491856fefae5b
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2019-29.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2019-29.yaml
11
reference_url https://git.openstack.org/cgit/openstack/keystone/commit/?id=17947516b0095c51da5cff94771247f2e7c44ee6
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://git.openstack.org/cgit/openstack/keystone/commit/?id=17947516b0095c51da5cff94771247f2e7c44ee6
12
reference_url https://git.openstack.org/cgit/openstack/keystone/commit/?id=17c337dbdbfb9d548ad531c2ad0483c9bce5b98f
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://git.openstack.org/cgit/openstack/keystone/commit/?id=17c337dbdbfb9d548ad531c2ad0483c9bce5b98f
13
reference_url https://git.openstack.org/cgit/openstack/keystone/commit/?id=bd3f63787151183f4daa43578aa491856fefae5b
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://git.openstack.org/cgit/openstack/keystone/commit/?id=bd3f63787151183f4daa43578aa491856fefae5b
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-19687
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-19687
15
reference_url https://review.opendev.org/#/c/697355
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://review.opendev.org/#/c/697355
16
reference_url https://review.opendev.org/#/c/697355/
reference_id
reference_type
scores
url https://review.opendev.org/#/c/697355/
17
reference_url https://review.opendev.org/#/c/697611
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://review.opendev.org/#/c/697611
18
reference_url https://review.opendev.org/#/c/697611/
reference_id
reference_type
scores
url https://review.opendev.org/#/c/697611/
19
reference_url https://review.opendev.org/#/c/697731
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://review.opendev.org/#/c/697731
20
reference_url https://review.opendev.org/#/c/697731/
reference_id
reference_type
scores
url https://review.opendev.org/#/c/697731/
21
reference_url https://security.openstack.org/ossa/OSSA-2019-006.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2019-006.html
22
reference_url https://usn.ubuntu.com/4262-1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4262-1
23
reference_url https://usn.ubuntu.com/4262-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4262-1/
24
reference_url http://www.openwall.com/lists/oss-security/2019/12/11/8
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/12/11/8
25
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946614
reference_id 946614
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946614
26
reference_url https://github.com/advisories/GHSA-2j23-fwqm-mgwr
reference_id GHSA-2j23-fwqm-mgwr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2j23-fwqm-mgwr
fixed_packages
0
url pkg:deb/debian/keystone@2:16.0.0-5?distro=trixie
purl pkg:deb/debian/keystone@2:16.0.0-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:16.0.0-5%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2019-19687, GHSA-2j23-fwqm-mgwr, PYSEC-2019-29
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gdk6-a746-6fac
23
url VCID-ggce-w4cy-wfc3
vulnerability_id VCID-ggce-w4cy-wfc3
summary OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-1572
reference_id
reference_type
scores
0
value 0.00416
scoring_system epss
scoring_elements 0.61766
published_at 2026-04-18T12:55:00Z
1
value 0.00416
scoring_system epss
scoring_elements 0.6176
published_at 2026-04-16T12:55:00Z
2
value 0.00416
scoring_system epss
scoring_elements 0.61591
published_at 2026-04-01T12:55:00Z
3
value 0.00416
scoring_system epss
scoring_elements 0.61665
published_at 2026-04-02T12:55:00Z
4
value 0.00416
scoring_system epss
scoring_elements 0.61696
published_at 2026-04-04T12:55:00Z
5
value 0.00416
scoring_system epss
scoring_elements 0.61666
published_at 2026-04-07T12:55:00Z
6
value 0.00416
scoring_system epss
scoring_elements 0.61715
published_at 2026-04-08T12:55:00Z
7
value 0.00416
scoring_system epss
scoring_elements 0.6173
published_at 2026-04-09T12:55:00Z
8
value 0.00416
scoring_system epss
scoring_elements 0.61752
published_at 2026-04-11T12:55:00Z
9
value 0.00416
scoring_system epss
scoring_elements 0.61739
published_at 2026-04-12T12:55:00Z
10
value 0.00416
scoring_system epss
scoring_elements 0.6172
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-1572
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1572
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1572
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1572
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1572
3
reference_url https://security-tracker.debian.org/tracker/CVE-2012-1572
reference_id
reference_type
scores
url https://security-tracker.debian.org/tracker/CVE-2012-1572
4
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:-:*:*:*:*:*:*:*
5
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-1572
reference_id CVE-2012-1572
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2012-1572
fixed_packages
0
url pkg:deb/debian/keystone@2012.1~rc2-1?distro=trixie
purl pkg:deb/debian/keystone@2012.1~rc2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1~rc2-1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2012-1572
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ggce-w4cy-wfc3
24
url VCID-h1xa-f7tm-tudx
vulnerability_id VCID-h1xa-f7tm-tudx
summary OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2014-1121.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1121.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-1122.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1122.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5253.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5253.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-5253
reference_id
reference_type
scores
0
value 0.0031
scoring_system epss
scoring_elements 0.54157
published_at 2026-04-09T12:55:00Z
1
value 0.0031
scoring_system epss
scoring_elements 0.54159
published_at 2026-04-08T12:55:00Z
2
value 0.0031
scoring_system epss
scoring_elements 0.54108
published_at 2026-04-07T12:55:00Z
3
value 0.0031
scoring_system epss
scoring_elements 0.54133
published_at 2026-04-04T12:55:00Z
4
value 0.0031
scoring_system epss
scoring_elements 0.54103
published_at 2026-04-02T12:55:00Z
5
value 0.0031
scoring_system epss
scoring_elements 0.54086
published_at 2026-04-01T12:55:00Z
6
value 0.0031
scoring_system epss
scoring_elements 0.54206
published_at 2026-04-16T12:55:00Z
7
value 0.0031
scoring_system epss
scoring_elements 0.5421
published_at 2026-04-18T12:55:00Z
8
value 0.0031
scoring_system epss
scoring_elements 0.54168
published_at 2026-04-13T12:55:00Z
9
value 0.0031
scoring_system epss
scoring_elements 0.54189
published_at 2026-04-12T12:55:00Z
10
value 0.0031
scoring_system epss
scoring_elements 0.54207
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-5253
4
reference_url https://bugs.launchpad.net/keystone/+bug/1349597
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1349597
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5253
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5253
6
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
7
reference_url https://github.com/openstack/keystone/commit/317f9d34b4da20c21edd5b851889298b67c843e1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/317f9d34b4da20c21edd5b851889298b67c843e1
8
reference_url https://github.com/openstack/keystone/commit/3e035ebb726167aef43c4a865c7e7f7d3b0978fb
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/3e035ebb726167aef43c4a865c7e7f7d3b0978fb
9
reference_url https://github.com/openstack/keystone/commit/c4447f16da036fe878382ce4e1b05b84bdcc4d4e
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/c4447f16da036fe878382ce4e1b05b84bdcc4d4e
10
reference_url https://github.com/openstack/keystone/commit/cccc3f3239c68479de0f6a41bd64badf2a9ec9e7
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/cccc3f3239c68479de0f6a41bd64badf2a9ec9e7
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-109.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-109.yaml
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-5253
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:P/I:P/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-5253
13
reference_url http://www.openwall.com/lists/oss-security/2014/08/15/6
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/08/15/6
14
reference_url http://www.ubuntu.com/usn/USN-2324-1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2324-1
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1127253
reference_id 1127253
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1127253
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:juno-1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-1:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:juno-2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-2:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
21
reference_url https://github.com/advisories/GHSA-77w8-qv8m-386h
reference_id GHSA-77w8-qv8m-386h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-77w8-qv8m-386h
22
reference_url https://access.redhat.com/errata/RHSA-2014:1121
reference_id RHSA-2014:1121
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:1121
23
reference_url https://access.redhat.com/errata/RHSA-2014:1122
reference_id RHSA-2014:1122
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:1122
24
reference_url https://usn.ubuntu.com/2324-1/
reference_id USN-2324-1
reference_type
scores
url https://usn.ubuntu.com/2324-1/
fixed_packages
0
url pkg:deb/debian/keystone@2014.1.2.1-1?distro=trixie
purl pkg:deb/debian/keystone@2014.1.2.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.2.1-1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2014-5253, GHSA-77w8-qv8m-386h, PYSEC-2014-109
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h1xa-f7tm-tudx
25
url VCID-hjrj-k1wk-jbha
vulnerability_id VCID-hjrj-k1wk-jbha
summary The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2014-1121.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1121.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-1122.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1122.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5251.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5251.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-5251
reference_id
reference_type
scores
0
value 0.0031
scoring_system epss
scoring_elements 0.54189
published_at 2026-04-12T12:55:00Z
1
value 0.0031
scoring_system epss
scoring_elements 0.54207
published_at 2026-04-11T12:55:00Z
2
value 0.0031
scoring_system epss
scoring_elements 0.54157
published_at 2026-04-09T12:55:00Z
3
value 0.0031
scoring_system epss
scoring_elements 0.54159
published_at 2026-04-08T12:55:00Z
4
value 0.0031
scoring_system epss
scoring_elements 0.54133
published_at 2026-04-04T12:55:00Z
5
value 0.0031
scoring_system epss
scoring_elements 0.54108
published_at 2026-04-07T12:55:00Z
6
value 0.0031
scoring_system epss
scoring_elements 0.54086
published_at 2026-04-01T12:55:00Z
7
value 0.0031
scoring_system epss
scoring_elements 0.54103
published_at 2026-04-02T12:55:00Z
8
value 0.0031
scoring_system epss
scoring_elements 0.5421
published_at 2026-04-18T12:55:00Z
9
value 0.0031
scoring_system epss
scoring_elements 0.54206
published_at 2026-04-16T12:55:00Z
10
value 0.0031
scoring_system epss
scoring_elements 0.54168
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-5251
4
reference_url https://bugs.launchpad.net/keystone/+bug/1347961
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1347961
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5251
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5251
6
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
7
reference_url https://github.com/openstack/keystone/commit/6cbf835542d62e6e5db4b4aef7141b1731cad9dc
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/6cbf835542d62e6e5db4b4aef7141b1731cad9dc
8
reference_url https://github.com/openstack/keystone/commit/7aee6304f653475a4130dc3e5be602e91481f108
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/7aee6304f653475a4130dc3e5be602e91481f108
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-107.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-107.yaml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-5251
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:P/I:P/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-5251
11
reference_url http://www.openwall.com/lists/oss-security/2014/08/15/6
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/08/15/6
12
reference_url http://www.ubuntu.com/usn/USN-2324-1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2324-1
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1127259
reference_id 1127259
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1127259
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:juno-1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-1:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:juno-2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-2:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
19
reference_url https://github.com/advisories/GHSA-gmvp-5rf9-mxcm
reference_id GHSA-gmvp-5rf9-mxcm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gmvp-5rf9-mxcm
20
reference_url https://access.redhat.com/errata/RHSA-2014:1121
reference_id RHSA-2014:1121
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:1121
21
reference_url https://access.redhat.com/errata/RHSA-2014:1122
reference_id RHSA-2014:1122
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:1122
22
reference_url https://usn.ubuntu.com/2324-1/
reference_id USN-2324-1
reference_type
scores
url https://usn.ubuntu.com/2324-1/
fixed_packages
0
url pkg:deb/debian/keystone@2014.1.2.1-1?distro=trixie
purl pkg:deb/debian/keystone@2014.1.2.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.2.1-1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2014-5251, GHSA-gmvp-5rf9-mxcm, PYSEC-2014-107
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hjrj-k1wk-jbha
26
url VCID-ksj4-14rq-uyb7
vulnerability_id VCID-ksj4-14rq-uyb7
summary The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the same authentication method in a request, aka "authentication chaining."
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2014-1688.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1688.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2828.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2828.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-2828
reference_id
reference_type
scores
0
value 0.00864
scoring_system epss
scoring_elements 0.75092
published_at 2026-04-13T12:55:00Z
1
value 0.00864
scoring_system epss
scoring_elements 0.75102
published_at 2026-04-12T12:55:00Z
2
value 0.00864
scoring_system epss
scoring_elements 0.75123
published_at 2026-04-11T12:55:00Z
3
value 0.00864
scoring_system epss
scoring_elements 0.75101
published_at 2026-04-09T12:55:00Z
4
value 0.00864
scoring_system epss
scoring_elements 0.75089
published_at 2026-04-08T12:55:00Z
5
value 0.00864
scoring_system epss
scoring_elements 0.75056
published_at 2026-04-07T12:55:00Z
6
value 0.00864
scoring_system epss
scoring_elements 0.75079
published_at 2026-04-04T12:55:00Z
7
value 0.00864
scoring_system epss
scoring_elements 0.7505
published_at 2026-04-02T12:55:00Z
8
value 0.00864
scoring_system epss
scoring_elements 0.75047
published_at 2026-04-01T12:55:00Z
9
value 0.00864
scoring_system epss
scoring_elements 0.75136
published_at 2026-04-18T12:55:00Z
10
value 0.00864
scoring_system epss
scoring_elements 0.7513
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-2828
3
reference_url https://bugs.launchpad.net/keystone/+bug/1300274
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1300274
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2828
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2828
5
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
6
reference_url https://github.com/openstack/keystone/commit/ce6cedb30c5c4b4cf4db9380f09443de22414b39
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/ce6cedb30c5c4b4cf4db9380f09443de22414b39
7
reference_url https://github.com/openstack/keystone/commit/e364ba5b12de8e4c11bd80bcca903f9615dcfc2e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/e364ba5b12de8e4c11bd80bcca903f9615dcfc2e
8
reference_url https://github.com/openstack/keystone/commit/ef868ad92c00e23a4a5e9eb71e3e0bf5ae2fff0c
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/ef868ad92c00e23a4a5e9eb71e3e0bf5ae2fff0c
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-106.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-106.yaml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-2828
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-2828
11
reference_url http://www.openwall.com/lists/oss-security/2014/04/10/20
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/04/10/20
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1086211
reference_id 1086211
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1086211
13
reference_url https://github.com/advisories/GHSA-6mv3-p2gr-wgqf
reference_id GHSA-6mv3-p2gr-wgqf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6mv3-p2gr-wgqf
fixed_packages
0
url pkg:deb/debian/keystone@2014.1-1?distro=trixie
purl pkg:deb/debian/keystone@2014.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1-1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2014-2828, GHSA-6mv3-p2gr-wgqf, PYSEC-2014-106
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ksj4-14rq-uyb7
27
url VCID-my7j-6x5y-97a1
vulnerability_id VCID-my7j-6x5y-97a1
summary 
OpenStack Identity Keystone Exposure of Sensitive Information
The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2014-1688.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1688.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-1789.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1789.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2014-1790.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1790.html
3
reference_url https://access.redhat.com/errata/RHSA-2014:1688
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2014:1688
4
reference_url https://access.redhat.com/errata/RHSA-2014:1789
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2014:1789
5
reference_url https://access.redhat.com/errata/RHSA-2014:1790
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2014:1790
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3621.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3621.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3621
reference_id
reference_type
scores
0
value 0.00426
scoring_system epss
scoring_elements 0.62296
published_at 2026-04-12T12:55:00Z
1
value 0.00426
scoring_system epss
scoring_elements 0.62253
published_at 2026-04-04T12:55:00Z
2
value 0.00426
scoring_system epss
scoring_elements 0.6222
published_at 2026-04-07T12:55:00Z
3
value 0.00426
scoring_system epss
scoring_elements 0.6227
published_at 2026-04-08T12:55:00Z
4
value 0.00426
scoring_system epss
scoring_elements 0.62288
published_at 2026-04-09T12:55:00Z
5
value 0.00426
scoring_system epss
scoring_elements 0.62306
published_at 2026-04-11T12:55:00Z
6
value 0.00426
scoring_system epss
scoring_elements 0.62275
published_at 2026-04-13T12:55:00Z
7
value 0.00426
scoring_system epss
scoring_elements 0.62328
published_at 2026-04-18T12:55:00Z
8
value 0.00426
scoring_system epss
scoring_elements 0.62321
published_at 2026-04-16T12:55:00Z
9
value 0.00426
scoring_system epss
scoring_elements 0.62167
published_at 2026-04-01T12:55:00Z
10
value 0.00426
scoring_system epss
scoring_elements 0.62224
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3621
8
reference_url https://bugs.launchpad.net/keystone/+bug/1354208
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1354208
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1139937
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1139937
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3621
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3621
11
reference_url https://github.com/openstack/keystone/commit/2989ff257e4fde6a168e25b926805e700406aa80
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/2989ff257e4fde6a168e25b926805e700406aa80
12
reference_url https://github.com/openstack/keystone/commit/52714633c9a4dae5e60279217090859aa6dbcb4f
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/52714633c9a4dae5e60279217090859aa6dbcb4f
13
reference_url http://www.openwall.com/lists/oss-security/2014/09/16/10
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/09/16/10
14
reference_url http://www.ubuntu.com/usn/USN-2406-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2406-1
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
21
reference_url https://access.redhat.com/security/cve/CVE-2014-3621
reference_id CVE-2014-3621
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2014-3621
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3621
reference_id CVE-2014-3621
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:P/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3621
23
reference_url https://github.com/advisories/GHSA-8v8f-vc72-pmhc
reference_id GHSA-8v8f-vc72-pmhc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8v8f-vc72-pmhc
24
reference_url https://usn.ubuntu.com/2406-1/
reference_id USN-2406-1
reference_type
scores
url https://usn.ubuntu.com/2406-1/
fixed_packages
0
url pkg:deb/debian/keystone@2014.1.3-1?distro=trixie
purl pkg:deb/debian/keystone@2014.1.3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2014-3621, GHSA-8v8f-vc72-pmhc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-my7j-6x5y-97a1
28
url VCID-p5un-b12x-tuh5
vulnerability_id VCID-p5un-b12x-tuh5
summary 
OpenStack Keystone allows information disclosure during account locking
OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). By guessing the name of an account and failing to authenticate multiple times, any unauthenticated actor could both confirm the account exists and obtain that account's corresponding UUID, which might be leveraged for other unrelated attacks. All deployments enabling security_compliance.lockout_failure_attempts are affected.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-38155
reference_id
reference_type
scores
0
value 0.00737
scoring_system epss
scoring_elements 0.72775
published_at 2026-04-01T12:55:00Z
1
value 0.00737
scoring_system epss
scoring_elements 0.72882
published_at 2026-04-18T12:55:00Z
2
value 0.00737
scoring_system epss
scoring_elements 0.72872
published_at 2026-04-16T12:55:00Z
3
value 0.00737
scoring_system epss
scoring_elements 0.72838
published_at 2026-04-12T12:55:00Z
4
value 0.00737
scoring_system epss
scoring_elements 0.72855
published_at 2026-04-11T12:55:00Z
5
value 0.00737
scoring_system epss
scoring_elements 0.7283
published_at 2026-04-13T12:55:00Z
6
value 0.00737
scoring_system epss
scoring_elements 0.72817
published_at 2026-04-08T12:55:00Z
7
value 0.00737
scoring_system epss
scoring_elements 0.72779
published_at 2026-04-07T12:55:00Z
8
value 0.00737
scoring_system epss
scoring_elements 0.72802
published_at 2026-04-04T12:55:00Z
9
value 0.00737
scoring_system epss
scoring_elements 0.72781
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-38155
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38155
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38155
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
4
reference_url https://github.com/openstack/keystone/commit/1b573ae7d1c20e0ebfbde79bbe7538a09589c75d
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/1b573ae7d1c20e0ebfbde79bbe7538a09589c75d
5
reference_url https://github.com/openstack/keystone/commit/8ab4eb27be4c13c9bab2b3ea700f00a190521bf8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/8ab4eb27be4c13c9bab2b3ea700f00a190521bf8
6
reference_url https://github.com/openstack/keystone/commit/ac2631ae33445877094cdae796fbcdce8833a626
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/ac2631ae33445877094cdae796fbcdce8833a626
7
reference_url https://launchpad.net/bugs/1688137
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://launchpad.net/bugs/1688137
8
reference_url https://lists.debian.org/debian-lts-announce/2024/01/msg00007.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/01/msg00007.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-38155
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-38155
10
reference_url https://security.openstack.org/ossa/OSSA-2021-003.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2021-003.html
11
reference_url http://www.openwall.com/lists/oss-security/2021/08/10/5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/08/10/5
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992070
reference_id 992070
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992070
13
reference_url https://github.com/advisories/GHSA-4225-97pr-rr52
reference_id GHSA-4225-97pr-rr52
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4225-97pr-rr52
fixed_packages
0
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:19.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:19.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:19.0.0-3%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2021-38155, GHSA-4225-97pr-rr52
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p5un-b12x-tuh5
29
url VCID-p776-3n3m-wkhz
vulnerability_id VCID-p776-3n3m-wkhz
summary python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2013-06/msg00198.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-06/msg00198.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2013-0944.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0944.html
2
reference_url https://access.redhat.com/errata/RHSA-2013:0944
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2013:0944
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2104.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2104.json
4
reference_url https://access.redhat.com/security/cve/CVE-2013-2104
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2013-2104
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2104
reference_id
reference_type
scores
0
value 0.00769
scoring_system epss
scoring_elements 0.73448
published_at 2026-04-07T12:55:00Z
1
value 0.00769
scoring_system epss
scoring_elements 0.73476
published_at 2026-04-04T12:55:00Z
2
value 0.00769
scoring_system epss
scoring_elements 0.73453
published_at 2026-04-02T12:55:00Z
3
value 0.00769
scoring_system epss
scoring_elements 0.73445
published_at 2026-04-01T12:55:00Z
4
value 0.00769
scoring_system epss
scoring_elements 0.73548
published_at 2026-04-18T12:55:00Z
5
value 0.00769
scoring_system epss
scoring_elements 0.73495
published_at 2026-04-13T12:55:00Z
6
value 0.00769
scoring_system epss
scoring_elements 0.73502
published_at 2026-04-12T12:55:00Z
7
value 0.00769
scoring_system epss
scoring_elements 0.73522
published_at 2026-04-11T12:55:00Z
8
value 0.00769
scoring_system epss
scoring_elements 0.73498
published_at 2026-04-09T12:55:00Z
9
value 0.00769
scoring_system epss
scoring_elements 0.73485
published_at 2026-04-08T12:55:00Z
10
value 0.00769
scoring_system epss
scoring_elements 0.73538
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2104
6
reference_url https://bugs.launchpad.net/python-keystoneclient/+bug/1179615
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/python-keystoneclient/+bug/1179615
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=965852
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=965852
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2104
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2104
9
reference_url https://github.com/openstack/python-keystoneclient
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/python-keystoneclient
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/python-keystoneclient/PYSEC-2014-69.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/python-keystoneclient/PYSEC-2014-69.yaml
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2104
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-2104
12
reference_url http://www.openwall.com/lists/oss-security/2013/05/28/7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/05/28/7
13
reference_url http://www.ubuntu.com/usn/USN-1851-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1851-1
14
reference_url http://www.ubuntu.com/usn/USN-1875-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1875-1
15
reference_url https://github.com/advisories/GHSA-4rrr-j7ff-r844
reference_id GHSA-4rrr-j7ff-r844
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4rrr-j7ff-r844
16
reference_url https://usn.ubuntu.com/1851-1/
reference_id USN-1851-1
reference_type
scores
url https://usn.ubuntu.com/1851-1/
17
reference_url https://usn.ubuntu.com/1875-1/
reference_id USN-1875-1
reference_type
scores
url https://usn.ubuntu.com/1875-1/
fixed_packages
0
url pkg:deb/debian/keystone@0?distro=trixie
purl pkg:deb/debian/keystone@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@0%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2013-2104, GHSA-4rrr-j7ff-r844, PYSEC-2014-69
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p776-3n3m-wkhz
30
url VCID-qdd1-jvk8-73hd
vulnerability_id VCID-qdd1-jvk8-73hd
summary 
Permission Issues
The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges.
references
0
reference_url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4477
reference_id
reference_type
scores
url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4477
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-0113.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0113.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4477.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4477.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4477
reference_id
reference_type
scores
0
value 0.00151
scoring_system epss
scoring_elements 0.3579
published_at 2026-04-18T12:55:00Z
1
value 0.00151
scoring_system epss
scoring_elements 0.35801
published_at 2026-04-16T12:55:00Z
2
value 0.00151
scoring_system epss
scoring_elements 0.35761
published_at 2026-04-13T12:55:00Z
3
value 0.00151
scoring_system epss
scoring_elements 0.35743
published_at 2026-04-07T12:55:00Z
4
value 0.00151
scoring_system epss
scoring_elements 0.35793
published_at 2026-04-08T12:55:00Z
5
value 0.00151
scoring_system epss
scoring_elements 0.35784
published_at 2026-04-12T12:55:00Z
6
value 0.00151
scoring_system epss
scoring_elements 0.35824
published_at 2026-04-11T12:55:00Z
7
value 0.00151
scoring_system epss
scoring_elements 0.35685
published_at 2026-04-01T12:55:00Z
8
value 0.00151
scoring_system epss
scoring_elements 0.35882
published_at 2026-04-02T12:55:00Z
9
value 0.00151
scoring_system epss
scoring_elements 0.35816
published_at 2026-04-09T12:55:00Z
10
value 0.00151
scoring_system epss
scoring_elements 0.35912
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4477
4
reference_url https://bugs.launchpad.net/keystone/+bug/1242855
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1242855
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4477
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4477
6
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
7
reference_url https://github.com/openstack/keystone/commit/b17e7bec768bd53d3977352486378698a3db3cfa
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/b17e7bec768bd53d3977352486378698a3db3cfa
8
reference_url https://github.com/openstack/keystone/commit/c6800c
reference_id
reference_type
scores
url https://github.com/openstack/keystone/commit/c6800c
9
reference_url https://github.com/openstack/keystone/commit/c6800ca1ac984c879e75826df6694d6199444ea0
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/c6800ca1ac984c879e75826df6694d6199444ea0
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4477
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4477
11
reference_url http://www.openwall.com/lists/oss-security/2013/10/30/6
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/10/30/6
12
reference_url http://www.ubuntu.com/usn/USN-2034-1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2034-1
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1024401
reference_id 1024401
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1024401
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728233
reference_id 728233
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728233
15
reference_url https://github.com/advisories/GHSA-f889-wfwm-6p7m
reference_id GHSA-f889-wfwm-6p7m
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f889-wfwm-6p7m
16
reference_url https://access.redhat.com/errata/RHSA-2014:0113
reference_id RHSA-2014:0113
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0113
17
reference_url https://usn.ubuntu.com/2034-1/
reference_id USN-2034-1
reference_type
scores
url https://usn.ubuntu.com/2034-1/
fixed_packages
0
url pkg:deb/debian/keystone@2013.2-2?distro=trixie
purl pkg:deb/debian/keystone@2013.2-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.2-2%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2013-4477, GHSA-f889-wfwm-6p7m
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qdd1-jvk8-73hd
31
url VCID-qmyj-ffvg-tbe8
vulnerability_id VCID-qmyj-ffvg-tbe8
summary 
OpenStack Keystone Denial of Service vulnerability via a large HTTP request
OpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a large HTTP request, as demonstrated by a long tenant_name when requesting a token.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2013-0708.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0708.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0270.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0270.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-0270
reference_id
reference_type
scores
0
value 0.01809
scoring_system epss
scoring_elements 0.82778
published_at 2026-04-02T12:55:00Z
1
value 0.01809
scoring_system epss
scoring_elements 0.82762
published_at 2026-04-01T12:55:00Z
2
value 0.01809
scoring_system epss
scoring_elements 0.82792
published_at 2026-04-04T12:55:00Z
3
value 0.02681
scoring_system epss
scoring_elements 0.85826
published_at 2026-04-08T12:55:00Z
4
value 0.02681
scoring_system epss
scoring_elements 0.85848
published_at 2026-04-12T12:55:00Z
5
value 0.02681
scoring_system epss
scoring_elements 0.85844
published_at 2026-04-13T12:55:00Z
6
value 0.02681
scoring_system epss
scoring_elements 0.85867
published_at 2026-04-18T12:55:00Z
7
value 0.02681
scoring_system epss
scoring_elements 0.85862
published_at 2026-04-16T12:55:00Z
8
value 0.02681
scoring_system epss
scoring_elements 0.85808
published_at 2026-04-07T12:55:00Z
9
value 0.02681
scoring_system epss
scoring_elements 0.85851
published_at 2026-04-11T12:55:00Z
10
value 0.02681
scoring_system epss
scoring_elements 0.85836
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-0270
3
reference_url https://bugs.launchpad.net/keystone/+bug/1099025
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1099025
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=909012
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=909012
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0270
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0270
6
reference_url https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8
7
reference_url https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276d6fdc
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276d6fdc
8
reference_url https://launchpad.net/keystone/grizzly/2013.1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://launchpad.net/keystone/grizzly/2013.1
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone1:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:2013.1:milestone1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone1:*:*:*:*:*:*
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone2:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:2013.1:milestone2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone2:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone3:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:2013.1:milestone3:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone3:*:*:*:*:*:*
13
reference_url https://access.redhat.com/security/cve/CVE-2013-0270
reference_id CVE-2013-0270
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2013-0270
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-0270
reference_id CVE-2013-0270
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-0270
15
reference_url https://github.com/advisories/GHSA-4ppj-4p4v-jf4p
reference_id GHSA-4ppj-4p4v-jf4p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4ppj-4p4v-jf4p
fixed_packages
0
url pkg:deb/debian/keystone@2013.1.1-2?distro=trixie
purl pkg:deb/debian/keystone@2013.1.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.1.1-2%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2013-0270, GHSA-4ppj-4p4v-jf4p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qmyj-ffvg-tbe8
32
url VCID-qtvd-85ab-tygr
vulnerability_id VCID-qtvd-85ab-tygr
summary OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2012-1557.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2012-1557.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5563.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5563.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-5563
reference_id
reference_type
scores
0
value 0.00392
scoring_system epss
scoring_elements 0.6019
published_at 2026-04-13T12:55:00Z
1
value 0.00392
scoring_system epss
scoring_elements 0.60208
published_at 2026-04-12T12:55:00Z
2
value 0.00392
scoring_system epss
scoring_elements 0.60221
published_at 2026-04-11T12:55:00Z
3
value 0.00392
scoring_system epss
scoring_elements 0.602
published_at 2026-04-09T12:55:00Z
4
value 0.00392
scoring_system epss
scoring_elements 0.60186
published_at 2026-04-08T12:55:00Z
5
value 0.00392
scoring_system epss
scoring_elements 0.60136
published_at 2026-04-07T12:55:00Z
6
value 0.00392
scoring_system epss
scoring_elements 0.60166
published_at 2026-04-04T12:55:00Z
7
value 0.00392
scoring_system epss
scoring_elements 0.6023
published_at 2026-04-16T12:55:00Z
8
value 0.00392
scoring_system epss
scoring_elements 0.60141
published_at 2026-04-02T12:55:00Z
9
value 0.00392
scoring_system epss
scoring_elements 0.60064
published_at 2026-04-01T12:55:00Z
10
value 0.00392
scoring_system epss
scoring_elements 0.60237
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-5563
3
reference_url https://bugs.launchpad.net/keystone/+bug/1079216
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1079216
4
reference_url http://secunia.com/advisories/51423
reference_id
reference_type
scores
url http://secunia.com/advisories/51423
5
reference_url http://secunia.com/advisories/51436
reference_id
reference_type
scores
url http://secunia.com/advisories/51436
6
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/80370
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/80370
7
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
8
reference_url https://github.com/openstack/keystone/commit/38c7e46a640a94da4da89a39a5a1ea9c081f1eb5
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/38c7e46a640a94da4da89a39a5a1ea9c081f1eb5
9
reference_url https://github.com/openstack/keystone/commit/f9d4766249a72d8f88d75dcf1575b28dd3496681
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/f9d4766249a72d8f88d75dcf1575b28dd3496681
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2012-20.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2012-20.yaml
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-5563
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:P/A:N
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-5563
12
reference_url https://web.archive.org/web/20121201003009/http://secunia.com/advisories/51423
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121201003009/http://secunia.com/advisories/51423
13
reference_url https://web.archive.org/web/20140802122732/http://secunia.com/advisories/51436
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20140802122732/http://secunia.com/advisories/51436
14
reference_url https://web.archive.org/web/20200228144943/http://www.securityfocus.com/bid/56727
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228144943/http://www.securityfocus.com/bid/56727
15
reference_url http://www.openwall.com/lists/oss-security/2012/11/28/5
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/11/28/5
16
reference_url http://www.openwall.com/lists/oss-security/2012/11/28/6
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/11/28/6
17
reference_url http://www.securityfocus.com/bid/56727
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/56727
18
reference_url http://www.ubuntu.com/usn/USN-1641-1
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1641-1
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=879402
reference_id 879402
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=879402
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*
21
reference_url https://github.com/advisories/GHSA-w66p-78g4-mr7g
reference_id GHSA-w66p-78g4-mr7g
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w66p-78g4-mr7g
22
reference_url https://access.redhat.com/errata/RHSA-2012:1557
reference_id RHSA-2012:1557
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1557
23
reference_url https://usn.ubuntu.com/1641-1/
reference_id USN-1641-1
reference_type
scores
url https://usn.ubuntu.com/1641-1/
fixed_packages
0
url pkg:deb/debian/keystone@0?distro=trixie
purl pkg:deb/debian/keystone@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@0%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2012-5563, GHSA-w66p-78g4-mr7g, PYSEC-2012-20
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qtvd-85ab-tygr
33
url VCID-qyjh-md45-hyhh
vulnerability_id VCID-qyjh-md45-hyhh
summary An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12691.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12691.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-12691
reference_id
reference_type
scores
0
value 0.03566
scoring_system epss
scoring_elements 0.87665
published_at 2026-04-01T12:55:00Z
1
value 0.03566
scoring_system epss
scoring_elements 0.87722
published_at 2026-04-12T12:55:00Z
2
value 0.03566
scoring_system epss
scoring_elements 0.87728
published_at 2026-04-11T12:55:00Z
3
value 0.03566
scoring_system epss
scoring_elements 0.87717
published_at 2026-04-09T12:55:00Z
4
value 0.03566
scoring_system epss
scoring_elements 0.8771
published_at 2026-04-08T12:55:00Z
5
value 0.03566
scoring_system epss
scoring_elements 0.87689
published_at 2026-04-07T12:55:00Z
6
value 0.03566
scoring_system epss
scoring_elements 0.87688
published_at 2026-04-04T12:55:00Z
7
value 0.03566
scoring_system epss
scoring_elements 0.87675
published_at 2026-04-02T12:55:00Z
8
value 0.03566
scoring_system epss
scoring_elements 0.87733
published_at 2026-04-18T12:55:00Z
9
value 0.03566
scoring_system epss
scoring_elements 0.87734
published_at 2026-04-16T12:55:00Z
10
value 0.03566
scoring_system epss
scoring_elements 0.87719
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-12691
2
reference_url https://bugs.launchpad.net/keystone/+bug/1872733
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1872733
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
9
reference_url https://github.com/openstack/keystone/commit/37e9907a176dad6843819b1bec4946c3aecc4548
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/37e9907a176dad6843819b1bec4946c3aecc4548
10
reference_url https://github.com/openstack/keystone/commit/40cbb7bebd50276412daa1981ff5a7c7b3b899a5
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/40cbb7bebd50276412daa1981ff5a7c7b3b899a5
11
reference_url https://github.com/openstack/keystone/commit/95b2bbeab113d9f04d1c81f7f1b48bf692bce979
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/95b2bbeab113d9f04d1c81f7f1b48bf692bce979
12
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-55.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-55.yaml
13
reference_url https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa@%3Ccommits.druid.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-12691
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-12691
16
reference_url https://security.openstack.org/ossa/OSSA-2020-004.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2020-004.html
17
reference_url https://usn.ubuntu.com/4480-1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4480-1
18
reference_url https://usn.ubuntu.com/4480-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4480-1/
19
reference_url https://www.openwall.com/lists/oss-security/2020/05/06/5
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2020/05/06/5
20
reference_url http://www.openwall.com/lists/oss-security/2020/05/07/2
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/05/07/2
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1830384
reference_id 1830384
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1830384
22
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900
reference_id 959900
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900
23
reference_url https://github.com/advisories/GHSA-4427-7f3w-mqv6
reference_id GHSA-4427-7f3w-mqv6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4427-7f3w-mqv6
24
reference_url https://access.redhat.com/errata/RHSA-2020:2732
reference_id RHSA-2020:2732
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2732
25
reference_url https://access.redhat.com/errata/RHSA-2020:3096
reference_id RHSA-2020:3096
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3096
26
reference_url https://access.redhat.com/errata/RHSA-2020:3102
reference_id RHSA-2020:3102
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3102
27
reference_url https://access.redhat.com/errata/RHSA-2020:3105
reference_id RHSA-2020:3105
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3105
fixed_packages
0
url pkg:deb/debian/keystone@2:17.0.0~rc2-1?distro=trixie
purl pkg:deb/debian/keystone@2:17.0.0~rc2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:17.0.0~rc2-1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2020-12691, GHSA-4427-7f3w-mqv6, PYSEC-2020-55
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qyjh-md45-hyhh
34
url VCID-r25g-be38-b3be
vulnerability_id VCID-r25g-be38-b3be
summary 
OpenStack Keystone allows /v3/ec2tokens or /v3/s3tokens request with valid AWS Signature to provide Keystone authorization.
OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65073.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65073.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-65073
reference_id
reference_type
scores
0
value 0.00026
scoring_system epss
scoring_elements 0.07203
published_at 2026-04-18T12:55:00Z
1
value 0.00026
scoring_system epss
scoring_elements 0.07208
published_at 2026-04-16T12:55:00Z
2
value 0.00049
scoring_system epss
scoring_elements 0.15126
published_at 2026-04-02T12:55:00Z
3
value 0.00049
scoring_system epss
scoring_elements 0.15193
published_at 2026-04-04T12:55:00Z
4
value 0.00049
scoring_system epss
scoring_elements 0.14999
published_at 2026-04-07T12:55:00Z
5
value 0.00049
scoring_system epss
scoring_elements 0.15087
published_at 2026-04-08T12:55:00Z
6
value 0.00049
scoring_system epss
scoring_elements 0.15139
published_at 2026-04-09T12:55:00Z
7
value 0.00049
scoring_system epss
scoring_elements 0.15105
published_at 2026-04-11T12:55:00Z
8
value 0.00049
scoring_system epss
scoring_elements 0.15067
published_at 2026-04-12T12:55:00Z
9
value 0.00049
scoring_system epss
scoring_elements 0.15006
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-65073
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65073
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65073
3
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
4
reference_url https://www.openwall.com/lists/oss-security/2025/11/04/2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-17T16:34:17Z/
url https://www.openwall.com/lists/oss-security/2025/11/04/2
5
reference_url http://www.openwall.com/lists/oss-security/2025/11/17/6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/11/17/6
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120053
reference_id 1120053
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120053
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2415344
reference_id 2415344
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2415344
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-65073
reference_id CVE-2025-65073
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-65073
9
reference_url https://github.com/advisories/GHSA-hcqg-5g63-7j9h
reference_id GHSA-hcqg-5g63-7j9h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hcqg-5g63-7j9h
10
reference_url https://access.redhat.com/errata/RHSA-2026:1958
reference_id RHSA-2026:1958
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1958
11
reference_url https://usn.ubuntu.com/7926-1/
reference_id USN-7926-1
reference_type
scores
url https://usn.ubuntu.com/7926-1/
fixed_packages
0
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.1.0-1%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/keystone@2:18.1.0-1%2Bdeb11u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.1.0-1%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:28.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:28.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:28.0.0-2%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2025-65073, GHSA-hcqg-5g63-7j9h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r25g-be38-b3be
35
url VCID-rgkw-6ews-rked
vulnerability_id VCID-rgkw-6ews-rked
summary An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12689.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12689.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-12689
reference_id
reference_type
scores
0
value 0.01066
scoring_system epss
scoring_elements 0.77637
published_at 2026-04-01T12:55:00Z
1
value 0.01066
scoring_system epss
scoring_elements 0.77731
published_at 2026-04-18T12:55:00Z
2
value 0.01066
scoring_system epss
scoring_elements 0.77732
published_at 2026-04-16T12:55:00Z
3
value 0.01066
scoring_system epss
scoring_elements 0.77695
published_at 2026-04-13T12:55:00Z
4
value 0.01066
scoring_system epss
scoring_elements 0.77696
published_at 2026-04-12T12:55:00Z
5
value 0.01066
scoring_system epss
scoring_elements 0.77713
published_at 2026-04-11T12:55:00Z
6
value 0.01066
scoring_system epss
scoring_elements 0.77686
published_at 2026-04-09T12:55:00Z
7
value 0.01066
scoring_system epss
scoring_elements 0.77681
published_at 2026-04-08T12:55:00Z
8
value 0.01066
scoring_system epss
scoring_elements 0.77653
published_at 2026-04-07T12:55:00Z
9
value 0.01066
scoring_system epss
scoring_elements 0.77671
published_at 2026-04-04T12:55:00Z
10
value 0.01066
scoring_system epss
scoring_elements 0.77644
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-12689
2
reference_url https://bugs.launchpad.net/keystone/+bug/1872735
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1872735
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
9
reference_url https://github.com/openstack/keystone/commit/37e9907a176dad6843819b1bec4946c3aecc4548
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/37e9907a176dad6843819b1bec4946c3aecc4548
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-53.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-53.yaml
11
reference_url https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-12689
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-12689
13
reference_url https://security.openstack.org/ossa/OSSA-2020-004.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2020-004.html
14
reference_url https://usn.ubuntu.com/4480-1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4480-1
15
reference_url https://usn.ubuntu.com/4480-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4480-1/
16
reference_url https://www.openwall.com/lists/oss-security/2020/05/06/5
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2020/05/06/5
17
reference_url http://www.openwall.com/lists/oss-security/2020/05/07/2
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/05/07/2
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1830396
reference_id 1830396
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1830396
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900
reference_id 959900
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900
20
reference_url https://github.com/advisories/GHSA-chgw-36xv-47cw
reference_id GHSA-chgw-36xv-47cw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-chgw-36xv-47cw
21
reference_url https://access.redhat.com/errata/RHSA-2020:2732
reference_id RHSA-2020:2732
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2732
22
reference_url https://access.redhat.com/errata/RHSA-2020:3096
reference_id RHSA-2020:3096
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3096
23
reference_url https://access.redhat.com/errata/RHSA-2020:3102
reference_id RHSA-2020:3102
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3102
24
reference_url https://access.redhat.com/errata/RHSA-2020:3105
reference_id RHSA-2020:3105
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3105
fixed_packages
0
url pkg:deb/debian/keystone@2:17.0.0~rc2-1?distro=trixie
purl pkg:deb/debian/keystone@2:17.0.0~rc2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:17.0.0~rc2-1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2020-12689, GHSA-chgw-36xv-47cw, PYSEC-2020-53
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rgkw-6ews-rked
36
url VCID-s3gc-cxxf-63ed
vulnerability_id VCID-s3gc-cxxf-63ed
summary The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification (1) GET or (2) HEAD request to v3/auth/tokens/.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2014-1121.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1121.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-1122.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1122.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5252.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5252.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-5252
reference_id
reference_type
scores
0
value 0.00287
scoring_system epss
scoring_elements 0.52212
published_at 2026-04-12T12:55:00Z
1
value 0.00287
scoring_system epss
scoring_elements 0.52229
published_at 2026-04-11T12:55:00Z
2
value 0.00287
scoring_system epss
scoring_elements 0.52178
published_at 2026-04-09T12:55:00Z
3
value 0.00287
scoring_system epss
scoring_elements 0.52182
published_at 2026-04-08T12:55:00Z
4
value 0.00287
scoring_system epss
scoring_elements 0.52165
published_at 2026-04-04T12:55:00Z
5
value 0.00287
scoring_system epss
scoring_elements 0.5213
published_at 2026-04-07T12:55:00Z
6
value 0.00287
scoring_system epss
scoring_elements 0.52095
published_at 2026-04-01T12:55:00Z
7
value 0.00287
scoring_system epss
scoring_elements 0.52138
published_at 2026-04-02T12:55:00Z
8
value 0.00287
scoring_system epss
scoring_elements 0.5224
published_at 2026-04-18T12:55:00Z
9
value 0.00287
scoring_system epss
scoring_elements 0.52237
published_at 2026-04-16T12:55:00Z
10
value 0.00287
scoring_system epss
scoring_elements 0.52198
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-5252
4
reference_url https://bugs.launchpad.net/keystone/+bug/1348820
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1348820
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5252
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5252
6
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
7
reference_url https://github.com/openstack/keystone/commit/556fb860311675fc437585651e4602b2908451eb
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/556fb860311675fc437585651e4602b2908451eb
8
reference_url https://github.com/openstack/keystone/commit/a4c73e4382cb062aa9f30fe1960d5014d3c49cc2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/a4c73e4382cb062aa9f30fe1960d5014d3c49cc2
9
reference_url https://github.com/openstack/keystone/commit/bdb88c662ac2035f9b0d8a229a5db5f60f5f16ae
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/bdb88c662ac2035f9b0d8a229a5db5f60f5f16ae
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-108.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-108.yaml
11
reference_url http://www.openwall.com/lists/oss-security/2014/08/15/6
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/08/15/6
12
reference_url http://www.ubuntu.com/usn/USN-2324-1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2324-1
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1127250
reference_id 1127250
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1127250
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:juno-1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-1:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:juno-2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-2:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-5252
reference_id CVE-2014-5252
reference_type
scores
0
value 4.9
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:P/I:P/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-5252
20
reference_url https://github.com/advisories/GHSA-v8fq-gq9j-3v7h
reference_id GHSA-v8fq-gq9j-3v7h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v8fq-gq9j-3v7h
21
reference_url https://access.redhat.com/errata/RHSA-2014:1121
reference_id RHSA-2014:1121
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:1121
22
reference_url https://access.redhat.com/errata/RHSA-2014:1122
reference_id RHSA-2014:1122
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:1122
23
reference_url https://usn.ubuntu.com/2324-1/
reference_id USN-2324-1
reference_type
scores
url https://usn.ubuntu.com/2324-1/
fixed_packages
0
url pkg:deb/debian/keystone@2014.1.2.1-1?distro=trixie
purl pkg:deb/debian/keystone@2014.1.2.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.2.1-1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2014-5252, GHSA-v8fq-gq9j-3v7h, PYSEC-2014-108
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s3gc-cxxf-63ed
37
url VCID-s5ab-apmg-dqd9
vulnerability_id VCID-s5ab-apmg-dqd9
summary 
OpenStack Identity Keystone is vulnerable to Block delegation escalation of privilege
OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a (1) trust or (2) OAuth token with impersonation enabled to create a new token with additional roles.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00031.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00031.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3476.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3476.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3476
reference_id
reference_type
scores
0
value 0.00721
scoring_system epss
scoring_elements 0.72546
published_at 2026-04-18T12:55:00Z
1
value 0.00721
scoring_system epss
scoring_elements 0.72472
published_at 2026-04-04T12:55:00Z
2
value 0.00721
scoring_system epss
scoring_elements 0.72448
published_at 2026-04-07T12:55:00Z
3
value 0.00721
scoring_system epss
scoring_elements 0.72486
published_at 2026-04-08T12:55:00Z
4
value 0.00721
scoring_system epss
scoring_elements 0.72499
published_at 2026-04-09T12:55:00Z
5
value 0.00721
scoring_system epss
scoring_elements 0.72522
published_at 2026-04-11T12:55:00Z
6
value 0.00721
scoring_system epss
scoring_elements 0.72504
published_at 2026-04-12T12:55:00Z
7
value 0.00721
scoring_system epss
scoring_elements 0.72494
published_at 2026-04-13T12:55:00Z
8
value 0.00721
scoring_system epss
scoring_elements 0.72536
published_at 2026-04-16T12:55:00Z
9
value 0.00721
scoring_system epss
scoring_elements 0.72449
published_at 2026-04-01T12:55:00Z
10
value 0.00721
scoring_system epss
scoring_elements 0.72454
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3476
3
reference_url https://bugs.launchpad.net/keystone/+bug/1324592
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1324592
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3476
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3476
5
reference_url http://secunia.com/advisories/57886
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/57886
6
reference_url http://secunia.com/advisories/59547
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/59547
7
reference_url http://www.openwall.com/lists/oss-security/2014/06/12/3
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/06/12/3
8
reference_url http://www.securityfocus.com/bid/68026
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/68026
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1104524
reference_id 1104524
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1104524
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751454
reference_id 751454
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751454
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:cloud:3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:suse:cloud:3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:cloud:3:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3476
reference_id CVE-2014-3476
reference_type
scores
0
value 6.0
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:P/I:P/A:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3476
14
reference_url https://github.com/advisories/GHSA-274v-r947-v34r
reference_id GHSA-274v-r947-v34r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-274v-r947-v34r
15
reference_url https://access.redhat.com/errata/RHSA-2014:0994
reference_id RHSA-2014:0994
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0994
16
reference_url https://usn.ubuntu.com/2324-1/
reference_id USN-2324-1
reference_type
scores
url https://usn.ubuntu.com/2324-1/
fixed_packages
0
url pkg:deb/debian/keystone@2014.1.1-2?distro=trixie
purl pkg:deb/debian/keystone@2014.1.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.1-2%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2014-3476, GHSA-274v-r947-v34r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s5ab-apmg-dqd9
38
url VCID-s62y-6nw4-j7gt
vulnerability_id VCID-s62y-6nw4-j7gt
summary OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token.
references
0
reference_url http://github.com/openstack/keystone/commit/255b1d43500f5d98ec73a0056525b492b14fec05
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://github.com/openstack/keystone/commit/255b1d43500f5d98ec73a0056525b492b14fec05
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101719.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101719.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2013-04/msg00000.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-04/msg00000.html
3
reference_url http://osvdb.org/91532
reference_id
reference_type
scores
url http://osvdb.org/91532
4
reference_url http://rhn.redhat.com/errata/RHSA-2013-0708.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0708.html
5
reference_url https://access.redhat.com/errata/RHSA-2013:0708
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2013:0708
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1865.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1865.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-1865
reference_id
reference_type
scores
0
value 0.01162
scoring_system epss
scoring_elements 0.78629
published_at 2026-04-18T12:55:00Z
1
value 0.01162
scoring_system epss
scoring_elements 0.78553
published_at 2026-04-01T12:55:00Z
2
value 0.01162
scoring_system epss
scoring_elements 0.78559
published_at 2026-04-02T12:55:00Z
3
value 0.01162
scoring_system epss
scoring_elements 0.78591
published_at 2026-04-04T12:55:00Z
4
value 0.01162
scoring_system epss
scoring_elements 0.78572
published_at 2026-04-07T12:55:00Z
5
value 0.01162
scoring_system epss
scoring_elements 0.78598
published_at 2026-04-08T12:55:00Z
6
value 0.01162
scoring_system epss
scoring_elements 0.78604
published_at 2026-04-09T12:55:00Z
7
value 0.01162
scoring_system epss
scoring_elements 0.78628
published_at 2026-04-11T12:55:00Z
8
value 0.01162
scoring_system epss
scoring_elements 0.7861
published_at 2026-04-12T12:55:00Z
9
value 0.01162
scoring_system epss
scoring_elements 0.78602
published_at 2026-04-13T12:55:00Z
10
value 0.01162
scoring_system epss
scoring_elements 0.78631
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-1865
8
reference_url https://bugs.launchpad.net/keystone/+bug/1129713
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1129713
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=922230
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=922230
10
reference_url http://secunia.com/advisories/52657
reference_id
reference_type
scores
url http://secunia.com/advisories/52657
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-39.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-39.yaml
12
reference_url https://opendev.org/openstack/keystone
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/keystone
13
reference_url https://review.openstack.org/24906
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/24906
14
reference_url https://review.openstack.org/#/c/24906
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/c/24906
15
reference_url https://review.openstack.org/#/c/24906/
reference_id
reference_type
scores
url https://review.openstack.org/#/c/24906/
16
reference_url https://web.archive.org/web/20170715155558/http://www.securityfocus.com/bid/58616
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20170715155558/http://www.securityfocus.com/bid/58616
17
reference_url http://www.openwall.com/lists/oss-security/2013/03/20/13
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/03/20/13
18
reference_url http://www.securityfocus.com/bid/58616
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/58616
19
reference_url http://www.ubuntu.com/usn/USN-1772-1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1772-1
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
22
reference_url https://access.redhat.com/security/cve/CVE-2013-1865
reference_id CVE-2013-1865
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2013-1865
23
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-1865
reference_id CVE-2013-1865
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-1865
24
reference_url https://github.com/advisories/GHSA-22q6-wwq7-2jj9
reference_id GHSA-22q6-wwq7-2jj9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-22q6-wwq7-2jj9
25
reference_url https://usn.ubuntu.com/1772-1/
reference_id USN-1772-1
reference_type
scores
url https://usn.ubuntu.com/1772-1/
fixed_packages
0
url pkg:deb/debian/keystone@0?distro=trixie
purl pkg:deb/debian/keystone@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@0%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2013-1865, GHSA-22q6-wwq7-2jj9, PYSEC-2013-39
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s62y-6nw4-j7gt
39
url VCID-s84r-551v-u7b6
vulnerability_id VCID-s84r-551v-u7b6
summary 
Improper Authentication
CVE-2012-4456 Openstack Keystone 2012.1.1: fails to validate tokens in Admin API
references
0
reference_url https://access.redhat.com/errata/RHSA-2012:1378
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2012:1378
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4456.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4456.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-4456
reference_id
reference_type
scores
0
value 0.0395
scoring_system epss
scoring_elements 0.88368
published_at 2026-04-16T12:55:00Z
1
value 0.0395
scoring_system epss
scoring_elements 0.88353
published_at 2026-04-13T12:55:00Z
2
value 0.0395
scoring_system epss
scoring_elements 0.88361
published_at 2026-04-11T12:55:00Z
3
value 0.0395
scoring_system epss
scoring_elements 0.8835
published_at 2026-04-09T12:55:00Z
4
value 0.0395
scoring_system epss
scoring_elements 0.88305
published_at 2026-04-02T12:55:00Z
5
value 0.0395
scoring_system epss
scoring_elements 0.88297
published_at 2026-04-01T12:55:00Z
6
value 0.0395
scoring_system epss
scoring_elements 0.8832
published_at 2026-04-04T12:55:00Z
7
value 0.0395
scoring_system epss
scoring_elements 0.88344
published_at 2026-04-08T12:55:00Z
8
value 0.0395
scoring_system epss
scoring_elements 0.88325
published_at 2026-04-07T12:55:00Z
9
value 0.0395
scoring_system epss
scoring_elements 0.88364
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-4456
3
reference_url https://bugs.launchpad.net/keystone/+bug/1006815
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1006815
4
reference_url https://bugs.launchpad.net/keystone/+bug/1006822
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1006822
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=861179
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=861179
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4456
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4456
7
reference_url http://secunia.com/advisories/50665
reference_id
reference_type
scores
url http://secunia.com/advisories/50665
8
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/78944
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/78944
9
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
10
reference_url https://github.com/openstack/keystone/commit/14b136aed9d988f5a8f3e699bd4577c9b874d6c1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/14b136aed9d988f5a8f3e699bd4577c9b874d6c1
11
reference_url https://github.com/openstack/keystone/commit/1d146f5c32e58a73a677d308370f147a3271c2cb
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/1d146f5c32e58a73a677d308370f147a3271c2cb
12
reference_url https://github.com/openstack/keystone/commit/24df3adb3f50cbb5ada411bc67aba8a781e6a431
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/24df3adb3f50cbb5ada411bc67aba8a781e6a431
13
reference_url https://github.com/openstack/keystone/commit/868054992faa45d6f42d822bf1588cb88d7c9ccb
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/868054992faa45d6f42d822bf1588cb88d7c9ccb
14
reference_url https://lists.launchpad.net/openstack/msg17034.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.launchpad.net/openstack/msg17034.html
15
reference_url https://web.archive.org/web/20121114024512/http://www.securityfocus.com/bid/55716
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121114024512/http://www.securityfocus.com/bid/55716
16
reference_url http://www.openwall.com/lists/oss-security/2012/09/28/5
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/09/28/5
17
reference_url http://www.securityfocus.com/bid/55716
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/55716
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689210
reference_id 689210
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689210
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2012.2:milestone1:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:2012.2:milestone1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2012.2:milestone1:*:*:*:*:*:*
21
reference_url https://access.redhat.com/security/cve/CVE-2012-4456
reference_id CVE-2012-4456
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2012-4456
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-4456
reference_id CVE-2012-4456
reference_type
scores
0
value 7.5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-4456
23
reference_url https://github.com/advisories/GHSA-mf98-r2gf-2x3w
reference_id GHSA-mf98-r2gf-2x3w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mf98-r2gf-2x3w
fixed_packages
0
url pkg:deb/debian/keystone@2012.1.1-9?distro=trixie
purl pkg:deb/debian/keystone@2012.1.1-9?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1.1-9%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2012-4456, GHSA-mf98-r2gf-2x3w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s84r-551v-u7b6
40
url VCID-snpz-wwd6-dkb6
vulnerability_id VCID-snpz-wwd6-dkb6
summary OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106220.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106220.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2013-0806.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0806.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2006.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2006.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2006
reference_id
reference_type
scores
0
value 0.00039
scoring_system epss
scoring_elements 0.11843
published_at 2026-04-09T12:55:00Z
1
value 0.00039
scoring_system epss
scoring_elements 0.11788
published_at 2026-04-13T12:55:00Z
2
value 0.00039
scoring_system epss
scoring_elements 0.11815
published_at 2026-04-12T12:55:00Z
3
value 0.00039
scoring_system epss
scoring_elements 0.11758
published_at 2026-04-01T12:55:00Z
4
value 0.00039
scoring_system epss
scoring_elements 0.11876
published_at 2026-04-02T12:55:00Z
5
value 0.00039
scoring_system epss
scoring_elements 0.11922
published_at 2026-04-04T12:55:00Z
6
value 0.00039
scoring_system epss
scoring_elements 0.11707
published_at 2026-04-07T12:55:00Z
7
value 0.00039
scoring_system epss
scoring_elements 0.11791
published_at 2026-04-08T12:55:00Z
8
value 0.00039
scoring_system epss
scoring_elements 0.11854
published_at 2026-04-11T12:55:00Z
9
value 0.00039
scoring_system epss
scoring_elements 0.11653
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2006
5
reference_url https://bugs.launchpad.net/keystone/+bug/1172195
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1172195
6
reference_url https://bugs.launchpad.net/ossn/+bug/1168252
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/ossn/+bug/1168252
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2006
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2006
8
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
9
reference_url https://github.com/openstack/keystone/commit/c5037dd6b82909efaaa8720e8cfa8bdb8b4a0edd
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/c5037dd6b82909efaaa8720e8cfa8bdb8b4a0edd
10
reference_url https://github.com/openstack/keystone/commit/d43e2a51a1ed7adbed3c5ddf001d46bc4a824ae8
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/d43e2a51a1ed7adbed3c5ddf001d46bc4a824ae8
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-40.yaml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-40.yaml
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2006
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:N/C:P/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-2006
13
reference_url http://www.openwall.com/lists/oss-security/2013/04/24/1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/04/24/1
14
reference_url http://www.openwall.com/lists/oss-security/2013/04/24/2
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/04/24/2
15
reference_url http://www.securityfocus.com/bid/59411
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/59411
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=956007
reference_id 956007
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=956007
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:2013.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1.1:*:*:*:*:*:*:*
18
reference_url https://github.com/advisories/GHSA-rxrm-xvp4-jqvh
reference_id GHSA-rxrm-xvp4-jqvh
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rxrm-xvp4-jqvh
19
reference_url https://access.redhat.com/errata/RHSA-2013:0806
reference_id RHSA-2013:0806
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0806
fixed_packages
0
url pkg:deb/debian/keystone@2013.1.1-2?distro=trixie
purl pkg:deb/debian/keystone@2013.1.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.1.1-2%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2013-2006, GHSA-rxrm-xvp4-jqvh, PYSEC-2013-40
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-snpz-wwd6-dkb6
41
url VCID-swvg-7jxy-p3cg
vulnerability_id VCID-swvg-7jxy-p3cg
summary OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.
references
0
reference_url http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa
1
reference_url http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355
2
reference_url http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626
3
reference_url http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d
4
reference_url http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454
5
reference_url http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3426
reference_id
reference_type
scores
0
value 0.00561
scoring_system epss
scoring_elements 0.6836
published_at 2026-04-18T12:55:00Z
1
value 0.00561
scoring_system epss
scoring_elements 0.68244
published_at 2026-04-01T12:55:00Z
2
value 0.00561
scoring_system epss
scoring_elements 0.68265
published_at 2026-04-02T12:55:00Z
3
value 0.00561
scoring_system epss
scoring_elements 0.68285
published_at 2026-04-04T12:55:00Z
4
value 0.00561
scoring_system epss
scoring_elements 0.68261
published_at 2026-04-07T12:55:00Z
5
value 0.00561
scoring_system epss
scoring_elements 0.68312
published_at 2026-04-08T12:55:00Z
6
value 0.00561
scoring_system epss
scoring_elements 0.68328
published_at 2026-04-09T12:55:00Z
7
value 0.00561
scoring_system epss
scoring_elements 0.68354
published_at 2026-04-11T12:55:00Z
8
value 0.00561
scoring_system epss
scoring_elements 0.68342
published_at 2026-04-12T12:55:00Z
9
value 0.00561
scoring_system epss
scoring_elements 0.68309
published_at 2026-04-13T12:55:00Z
10
value 0.00561
scoring_system epss
scoring_elements 0.68349
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3426
7
reference_url https://bugs.launchpad.net/keystone/+bug/996595
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/996595
8
reference_url https://bugs.launchpad.net/keystone/+bug/997194
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/997194
9
reference_url https://bugs.launchpad.net/keystone/+bug/998185
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/998185
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3426
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3426
11
reference_url http://secunia.com/advisories/50045
reference_id
reference_type
scores
url http://secunia.com/advisories/50045
12
reference_url http://secunia.com/advisories/50494
reference_id
reference_type
scores
url http://secunia.com/advisories/50494
13
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
14
reference_url https://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355
15
reference_url https://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626
16
reference_url https://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d
17
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2012-34.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2012-34.yaml
18
reference_url https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-3426
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-3426
20
reference_url http://www.openwall.com/lists/oss-security/2012/07/27/4
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/07/27/4
21
reference_url http://www.ubuntu.com/usn/USN-1552-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1552-1
22
reference_url https://github.com/advisories/GHSA-xp97-6w7r-4cjc
reference_id GHSA-xp97-6w7r-4cjc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xp97-6w7r-4cjc
23
reference_url https://usn.ubuntu.com/1552-1/
reference_id USN-1552-1
reference_type
scores
url https://usn.ubuntu.com/1552-1/
fixed_packages
0
url pkg:deb/debian/keystone@2012.1.1-1?distro=trixie
purl pkg:deb/debian/keystone@2012.1.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1.1-1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2012-3426, GHSA-xp97-6w7r-4cjc, PYSEC-2012-34
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-swvg-7jxy-p3cg
42
url VCID-t2ap-zxfa-fkhe
vulnerability_id VCID-t2ap-zxfa-fkhe
summary The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4911.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4911.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-4911
reference_id
reference_type
scores
0
value 0.00304
scoring_system epss
scoring_elements 0.53616
published_at 2026-04-02T12:55:00Z
1
value 0.00304
scoring_system epss
scoring_elements 0.53718
published_at 2026-04-18T12:55:00Z
2
value 0.00304
scoring_system epss
scoring_elements 0.53714
published_at 2026-04-16T12:55:00Z
3
value 0.00304
scoring_system epss
scoring_elements 0.53676
published_at 2026-04-13T12:55:00Z
4
value 0.00304
scoring_system epss
scoring_elements 0.53592
published_at 2026-04-01T12:55:00Z
5
value 0.00304
scoring_system epss
scoring_elements 0.53611
published_at 2026-04-07T12:55:00Z
6
value 0.00304
scoring_system epss
scoring_elements 0.53644
published_at 2026-04-04T12:55:00Z
7
value 0.00304
scoring_system epss
scoring_elements 0.53693
published_at 2026-04-12T12:55:00Z
8
value 0.00304
scoring_system epss
scoring_elements 0.5371
published_at 2026-04-11T12:55:00Z
9
value 0.00304
scoring_system epss
scoring_elements 0.53661
published_at 2026-04-09T12:55:00Z
10
value 0.00304
scoring_system epss
scoring_elements 0.53663
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-4911
2
reference_url https://bugs.launchpad.net/keystone/+bug/1577558
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1577558
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4911
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4911
4
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
5
reference_url https://github.com/openstack/keystone/commit/0d376025bae61bf5ee19d992c7f336b99ac69240
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/0d376025bae61bf5ee19d992c7f336b99ac69240
6
reference_url https://github.com/openstack/keystone/commit/ee1dc941042d1f71699971c5c30566af1b348572
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/ee1dc941042d1f71699971c5c30566af1b348572
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2016-38.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2016-38.yaml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-4911
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:P/A:N
1
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
2
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
3
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-4911
9
reference_url https://review.openstack.org/#/c/311886
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/c/311886
10
reference_url https://review.openstack.org/#/c/311886/
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
url https://review.openstack.org/#/c/311886/
11
reference_url https://security.openstack.org/ossa/OSSA-2016-008.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2016-008.html
12
reference_url http://www.openwall.com/lists/oss-security/2016/05/17/10
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/05/17/10
13
reference_url http://www.openwall.com/lists/oss-security/2016/05/17/11
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/05/17/11
14
reference_url http://www.securityfocus.com/bid/90728
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
url http://www.securityfocus.com/bid/90728
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1337079
reference_id 1337079
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1337079
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824683
reference_id 824683
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824683
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc1:*:*:*:*:*:*
reference_id cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc1:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc2:*:*:*:*:*:*
reference_id cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc2:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc3:*:*:*:*:*:*
reference_id cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc3:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc3:*:*:*:*:*:*
20
reference_url https://github.com/advisories/GHSA-f82m-w3p3-cgp3
reference_id GHSA-f82m-w3p3-cgp3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f82m-w3p3-cgp3
fixed_packages
0
url pkg:deb/debian/keystone@2:9.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:9.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:9.0.0-2%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2016-4911, GHSA-f82m-w3p3-cgp3, PYSEC-2016-38
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t2ap-zxfa-fkhe
43
url VCID-t88t-p8tx-cfcu
vulnerability_id VCID-t88t-p8tx-cfcu
summary 
Multiple vulnerabilities have been found in libxml2, allowing
    remote attackers to execute arbitrary code or cause Denial of Service.
references
0
reference_url http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html
1
reference_url http://bugs.python.org/issue17239
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://bugs.python.org/issue17239
2
reference_url http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2013-0657.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0657.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2013-0658.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0658.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2013-0670.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0670.html
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1664.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1664.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-1664
reference_id
reference_type
scores
0
value 0.03938
scoring_system epss
scoring_elements 0.88332
published_at 2026-04-08T12:55:00Z
1
value 0.03938
scoring_system epss
scoring_elements 0.88312
published_at 2026-04-07T12:55:00Z
2
value 0.03938
scoring_system epss
scoring_elements 0.88285
published_at 2026-04-01T12:55:00Z
3
value 0.03938
scoring_system epss
scoring_elements 0.88293
published_at 2026-04-02T12:55:00Z
4
value 0.03938
scoring_system epss
scoring_elements 0.88308
published_at 2026-04-04T12:55:00Z
5
value 0.03938
scoring_system epss
scoring_elements 0.88349
published_at 2026-04-18T12:55:00Z
6
value 0.03938
scoring_system epss
scoring_elements 0.88353
published_at 2026-04-16T12:55:00Z
7
value 0.03938
scoring_system epss
scoring_elements 0.8834
published_at 2026-04-13T12:55:00Z
8
value 0.03938
scoring_system epss
scoring_elements 0.88348
published_at 2026-04-11T12:55:00Z
9
value 0.03938
scoring_system epss
scoring_elements 0.88338
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-1664
8
reference_url https://bugs.launchpad.net/nova/+bug/1100282
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1100282
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664
10
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
11
reference_url https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40
12
reference_url https://github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-1664
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-1664
14
reference_url http://ubuntu.com/usn/usn-1757-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://ubuntu.com/usn/usn-1757-1
15
reference_url http://www.openwall.com/lists/oss-security/2013/02/19/2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/02/19/2
16
reference_url http://www.openwall.com/lists/oss-security/2013/02/19/4
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/02/19/4
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700948
reference_id 700948
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700948
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700949
reference_id 700949
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700949
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700950
reference_id 700950
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700950
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=913808
reference_id 913808
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=913808
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:cinder_folsom:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:cinder_folsom:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:cinder_folsom:-:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:compute_\(nova\)_essex:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:compute_\(nova\)_essex:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:compute_\(nova\)_essex:-:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:compute_\(nova\)_folsom:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:compute_\(nova\)_folsom:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:compute_\(nova\)_folsom:-:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*
25
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:grizzly:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:grizzly:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:grizzly:-:*:*:*:*:*:*:*
26
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone_essex:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone_essex:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone_essex:-:*:*:*:*:*:*:*
27
reference_url https://github.com/advisories/GHSA-qrh7-x6fp-c2mp
reference_id GHSA-qrh7-x6fp-c2mp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qrh7-x6fp-c2mp
28
reference_url https://security.gentoo.org/glsa/201311-06
reference_id GLSA-201311-06
reference_type
scores
url https://security.gentoo.org/glsa/201311-06
29
reference_url https://security.gentoo.org/glsa/201412-11
reference_id GLSA-201412-11
reference_type
scores
url https://security.gentoo.org/glsa/201412-11
30
reference_url https://access.redhat.com/errata/RHSA-2013:0596
reference_id RHSA-2013:0596
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0596
31
reference_url https://access.redhat.com/errata/RHSA-2013:0657
reference_id RHSA-2013:0657
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0657
32
reference_url https://access.redhat.com/errata/RHSA-2013:0658
reference_id RHSA-2013:0658
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0658
33
reference_url https://access.redhat.com/errata/RHSA-2013:0670
reference_id RHSA-2013:0670
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0670
34
reference_url https://usn.ubuntu.com/1730-1/
reference_id USN-1730-1
reference_type
scores
url https://usn.ubuntu.com/1730-1/
35
reference_url https://usn.ubuntu.com/1731-1/
reference_id USN-1731-1
reference_type
scores
url https://usn.ubuntu.com/1731-1/
36
reference_url https://usn.ubuntu.com/1734-1/
reference_id USN-1734-1
reference_type
scores
url https://usn.ubuntu.com/1734-1/
37
reference_url https://usn.ubuntu.com/1757-1/
reference_id USN-1757-1
reference_type
scores
url https://usn.ubuntu.com/1757-1/
fixed_packages
0
url pkg:deb/debian/keystone@2012.1.1-13?distro=trixie
purl pkg:deb/debian/keystone@2012.1.1-13?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1.1-13%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2013-1664, GHSA-qrh7-x6fp-c2mp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t88t-p8tx-cfcu
44
url VCID-uexc-7rt7-hbgx
vulnerability_id VCID-uexc-7rt7-hbgx
summary 
OpenStack Keystone and other components vulnerable to Improper Certificate Validation
HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2255.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2255.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2255
reference_id
reference_type
scores
0
value 0.00414
scoring_system epss
scoring_elements 0.61656
published_at 2026-04-16T12:55:00Z
1
value 0.00414
scoring_system epss
scoring_elements 0.61614
published_at 2026-04-13T12:55:00Z
2
value 0.00414
scoring_system epss
scoring_elements 0.61634
published_at 2026-04-12T12:55:00Z
3
value 0.00414
scoring_system epss
scoring_elements 0.61645
published_at 2026-04-11T12:55:00Z
4
value 0.00414
scoring_system epss
scoring_elements 0.61624
published_at 2026-04-09T12:55:00Z
5
value 0.00414
scoring_system epss
scoring_elements 0.61609
published_at 2026-04-08T12:55:00Z
6
value 0.00414
scoring_system epss
scoring_elements 0.61561
published_at 2026-04-07T12:55:00Z
7
value 0.00414
scoring_system epss
scoring_elements 0.6159
published_at 2026-04-04T12:55:00Z
8
value 0.00414
scoring_system epss
scoring_elements 0.61562
published_at 2026-04-02T12:55:00Z
9
value 0.00414
scoring_system epss
scoring_elements 0.61661
published_at 2026-04-18T12:55:00Z
10
value 0.00414
scoring_system epss
scoring_elements 0.61487
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2255
2
reference_url https://bugs.launchpad.net/ossn/+bug/1188189
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/ossn/+bug/1188189
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2255
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2255
4
reference_url https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-2255
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-2255
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2255
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2255
6
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/85562
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/85562
7
reference_url https://github.com/openstack/cinder/commit/0f9652d92e175a1f7dc3c2a37ab444b8f189375a
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/cinder/commit/0f9652d92e175a1f7dc3c2a37ab444b8f189375a
8
reference_url https://github.com/openstack/keystone/commit/5bd4c2984d329625a2a8442b316fa235dbb88a3d
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/5bd4c2984d329625a2a8442b316fa235dbb88a3d
9
reference_url https://github.com/openstack/neutron/commit/7255e056092f034daaeb4246a812900645d46911
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/neutron/commit/7255e056092f034daaeb4246a812900645d46911
10
reference_url https://github.com/openstack/python-keystoneclient/commit/20e166fd8a943ee3f91ba362a47e9c14c7cc5f4c
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/python-keystoneclient/commit/20e166fd8a943ee3f91ba362a47e9c14c7cc5f4c
11
reference_url https://web.archive.org/web/20200229073508/https://www.securityfocus.com/bid/61118
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200229073508/https://www.securityfocus.com/bid/61118
12
reference_url https://www.securityfocus.com/bid/61118
reference_id
reference_type
scores
url https://www.securityfocus.com/bid/61118
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=924514
reference_id 924514
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=924514
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:compute:2013.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:compute:2013.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:compute:2013.1:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:2013:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
21
reference_url https://access.redhat.com/security/cve/cve-2013-2255
reference_id CVE-2013-2255
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/cve-2013-2255
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2255
reference_id CVE-2013-2255
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:P/A:N
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-2255
23
reference_url https://security-tracker.debian.org/tracker/CVE-2013-2255
reference_id CVE-2013-2255
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security-tracker.debian.org/tracker/CVE-2013-2255
24
reference_url https://github.com/advisories/GHSA-qh2x-hpf9-cf2g
reference_id GHSA-qh2x-hpf9-cf2g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qh2x-hpf9-cf2g
fixed_packages
0
url pkg:deb/debian/keystone@2014.1-1?distro=trixie
purl pkg:deb/debian/keystone@2014.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1-1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2013-2255, GHSA-qh2x-hpf9-cf2g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uexc-7rt7-hbgx
45
url VCID-vr8z-xkg6-kuhy
vulnerability_id VCID-vr8z-xkg6-kuhy
summary OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2012-1556.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2012-1556.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2012-1557.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2012-1557.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5571.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5571.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-5571
reference_id
reference_type
scores
0
value 0.00152
scoring_system epss
scoring_elements 0.35928
published_at 2026-04-18T12:55:00Z
1
value 0.00152
scoring_system epss
scoring_elements 0.35885
published_at 2026-04-07T12:55:00Z
2
value 0.00152
scoring_system epss
scoring_elements 0.35902
published_at 2026-04-13T12:55:00Z
3
value 0.00152
scoring_system epss
scoring_elements 0.35926
published_at 2026-04-12T12:55:00Z
4
value 0.00152
scoring_system epss
scoring_elements 0.35965
published_at 2026-04-11T12:55:00Z
5
value 0.00152
scoring_system epss
scoring_elements 0.35959
published_at 2026-04-09T12:55:00Z
6
value 0.00152
scoring_system epss
scoring_elements 0.35942
published_at 2026-04-16T12:55:00Z
7
value 0.00152
scoring_system epss
scoring_elements 0.35935
published_at 2026-04-08T12:55:00Z
8
value 0.00173
scoring_system epss
scoring_elements 0.38775
published_at 2026-04-04T12:55:00Z
9
value 0.00173
scoring_system epss
scoring_elements 0.38622
published_at 2026-04-01T12:55:00Z
10
value 0.00173
scoring_system epss
scoring_elements 0.38753
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-5571
5
reference_url https://bugs.launchpad.net/keystone/+bug/1064914
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1064914
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5571
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5571
7
reference_url http://secunia.com/advisories/51423
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/51423
8
reference_url http://secunia.com/advisories/51436
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/51436
9
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/80333
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/80333
10
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
11
reference_url https://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713b
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713b
12
reference_url https://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19
13
reference_url https://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653
14
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2012-35.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2012-35.yaml
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-5571
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:N/I:P/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-5571
16
reference_url http://www.openwall.com/lists/oss-security/2012/11/28/5
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/11/28/5
17
reference_url http://www.openwall.com/lists/oss-security/2012/11/28/6
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/11/28/6
18
reference_url http://www.securityfocus.com/bid/56726
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/56726
19
reference_url http://www.ubuntu.com/usn/USN-1641-1
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1641-1
20
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694433
reference_id 694433
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694433
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*
23
reference_url https://access.redhat.com/security/cve/CVE-2012-5571
reference_id CVE-2012-5571
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2012-5571
24
reference_url https://github.com/advisories/GHSA-qvpr-qm6w-6rcc
reference_id GHSA-qvpr-qm6w-6rcc
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qvpr-qm6w-6rcc
25
reference_url https://usn.ubuntu.com/1641-1/
reference_id USN-1641-1
reference_type
scores
url https://usn.ubuntu.com/1641-1/
fixed_packages
0
url pkg:deb/debian/keystone@2012.1.1-11?distro=trixie
purl pkg:deb/debian/keystone@2012.1.1-11?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1.1-11%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2012-5571, GHSA-qvpr-qm6w-6rcc, PYSEC-2012-35
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vr8z-xkg6-kuhy
46
url VCID-w6e4-zd31-g7hu
vulnerability_id VCID-w6e4-zd31-g7hu
summary An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. This results in the provided keystone token having more role assignments than the creator intended, possibly giving unintended escalated access.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12690.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12690.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-12690
reference_id
reference_type
scores
0
value 0.00817
scoring_system epss
scoring_elements 0.7438
published_at 2026-04-18T12:55:00Z
1
value 0.00817
scoring_system epss
scoring_elements 0.74372
published_at 2026-04-16T12:55:00Z
2
value 0.00817
scoring_system epss
scoring_elements 0.74335
published_at 2026-04-13T12:55:00Z
3
value 0.00817
scoring_system epss
scoring_elements 0.74288
published_at 2026-04-01T12:55:00Z
4
value 0.00817
scoring_system epss
scoring_elements 0.74343
published_at 2026-04-12T12:55:00Z
5
value 0.00817
scoring_system epss
scoring_elements 0.74363
published_at 2026-04-11T12:55:00Z
6
value 0.00817
scoring_system epss
scoring_elements 0.74342
published_at 2026-04-09T12:55:00Z
7
value 0.00817
scoring_system epss
scoring_elements 0.74327
published_at 2026-04-08T12:55:00Z
8
value 0.00817
scoring_system epss
scoring_elements 0.74294
published_at 2026-04-07T12:55:00Z
9
value 0.00817
scoring_system epss
scoring_elements 0.74321
published_at 2026-04-04T12:55:00Z
10
value 0.00817
scoring_system epss
scoring_elements 0.74293
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-12690
2
reference_url https://bugs.launchpad.net/keystone/+bug/1873290
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1873290
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/advisories/GHSA-6m8p-x4qw-gh5j
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-6m8p-x4qw-gh5j
9
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-54.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-54.yaml
11
reference_url https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-12690
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-12690
13
reference_url https://security.openstack.org/ossa/OSSA-2020-005.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2020-005.html
14
reference_url https://usn.ubuntu.com/4480-1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4480-1
15
reference_url https://usn.ubuntu.com/4480-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4480-1/
16
reference_url https://www.openwall.com/lists/oss-security/2020/05/06/6
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2020/05/06/6
17
reference_url http://www.openwall.com/lists/oss-security/2020/05/07/3
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/05/07/3
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1830395
reference_id 1830395
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1830395
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900
reference_id 959900
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900
20
reference_url https://access.redhat.com/errata/RHSA-2020:3102
reference_id RHSA-2020:3102
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3102
21
reference_url https://access.redhat.com/errata/RHSA-2020:3105
reference_id RHSA-2020:3105
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3105
fixed_packages
0
url pkg:deb/debian/keystone@2:17.0.0~rc2-1?distro=trixie
purl pkg:deb/debian/keystone@2:17.0.0~rc2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:17.0.0~rc2-1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2020-12690, GHSA-6m8p-x4qw-gh5j, PYSEC-2020-54
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w6e4-zd31-g7hu
47
url VCID-wc5s-25xb-rqaa
vulnerability_id VCID-wc5s-25xb-rqaa
summary An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12692.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12692.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-12692
reference_id
reference_type
scores
0
value 0.0014
scoring_system epss
scoring_elements 0.34194
published_at 2026-04-18T12:55:00Z
1
value 0.0014
scoring_system epss
scoring_elements 0.34207
published_at 2026-04-16T12:55:00Z
2
value 0.0014
scoring_system epss
scoring_elements 0.34174
published_at 2026-04-13T12:55:00Z
3
value 0.0014
scoring_system epss
scoring_elements 0.33931
published_at 2026-04-01T12:55:00Z
4
value 0.0014
scoring_system epss
scoring_elements 0.34197
published_at 2026-04-12T12:55:00Z
5
value 0.0014
scoring_system epss
scoring_elements 0.34238
published_at 2026-04-11T12:55:00Z
6
value 0.0014
scoring_system epss
scoring_elements 0.34209
published_at 2026-04-08T12:55:00Z
7
value 0.0014
scoring_system epss
scoring_elements 0.34166
published_at 2026-04-07T12:55:00Z
8
value 0.0014
scoring_system epss
scoring_elements 0.34303
published_at 2026-04-04T12:55:00Z
9
value 0.0014
scoring_system epss
scoring_elements 0.3427
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-12692
2
reference_url https://bugs.launchpad.net/keystone/+bug/1872737
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1872737
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-56.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-56.yaml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-12692
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-12692
11
reference_url https://opendev.org/openstack/keystone/commit/ab89ea749013e7f2c46260f68504f5687763e019
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/keystone/commit/ab89ea749013e7f2c46260f68504f5687763e019
12
reference_url https://security.openstack.org/ossa/OSSA-2020-003.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2020-003.html
13
reference_url https://usn.ubuntu.com/4480-1
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4480-1
14
reference_url https://usn.ubuntu.com/4480-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4480-1/
15
reference_url https://www.openwall.com/lists/oss-security/2020/05/06/4
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2020/05/06/4
16
reference_url http://www.openwall.com/lists/oss-security/2020/05/07/1
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/05/07/1
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1833164
reference_id 1833164
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1833164
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900
reference_id 959900
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900
19
reference_url https://github.com/advisories/GHSA-rqw2-hhrf-7936
reference_id GHSA-rqw2-hhrf-7936
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rqw2-hhrf-7936
20
reference_url https://access.redhat.com/errata/RHSA-2020:2732
reference_id RHSA-2020:2732
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2732
21
reference_url https://access.redhat.com/errata/RHSA-2020:3102
reference_id RHSA-2020:3102
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3102
22
reference_url https://access.redhat.com/errata/RHSA-2020:3105
reference_id RHSA-2020:3105
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3105
fixed_packages
0
url pkg:deb/debian/keystone@2:17.0.0~rc2-1?distro=trixie
purl pkg:deb/debian/keystone@2:17.0.0~rc2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:17.0.0~rc2-1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2020-12692, GHSA-rqw2-hhrf-7936, PYSEC-2020-56
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wc5s-25xb-rqaa
48
url VCID-wm8s-rmkk-mugb
vulnerability_id VCID-wm8s-rmkk-mugb
summary The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.
references
0
reference_url http://osvdb.org/97237
reference_id
reference_type
scores
url http://osvdb.org/97237
1
reference_url http://rhn.redhat.com/errata/RHSA-2013-1285.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1285.html
2
reference_url https://access.redhat.com/errata/RHSA-2013:1285
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2013:1285
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4294.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4294.json
4
reference_url https://access.redhat.com/security/cve/CVE-2013-4294
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2013-4294
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4294
reference_id
reference_type
scores
0
value 0.008
scoring_system epss
scoring_elements 0.7399
published_at 2026-04-01T12:55:00Z
1
value 0.008
scoring_system epss
scoring_elements 0.74086
published_at 2026-04-18T12:55:00Z
2
value 0.008
scoring_system epss
scoring_elements 0.74077
published_at 2026-04-16T12:55:00Z
3
value 0.008
scoring_system epss
scoring_elements 0.74038
published_at 2026-04-13T12:55:00Z
4
value 0.008
scoring_system epss
scoring_elements 0.74045
published_at 2026-04-12T12:55:00Z
5
value 0.008
scoring_system epss
scoring_elements 0.74064
published_at 2026-04-11T12:55:00Z
6
value 0.008
scoring_system epss
scoring_elements 0.74027
published_at 2026-04-08T12:55:00Z
7
value 0.008
scoring_system epss
scoring_elements 0.73994
published_at 2026-04-07T12:55:00Z
8
value 0.008
scoring_system epss
scoring_elements 0.74023
published_at 2026-04-04T12:55:00Z
9
value 0.008
scoring_system epss
scoring_elements 0.73997
published_at 2026-04-02T12:55:00Z
10
value 0.008
scoring_system epss
scoring_elements 0.74042
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4294
6
reference_url https://bugs.launchpad.net/keystone/+bug/1202952
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1202952
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1004452
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1004452
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4294
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4294
9
reference_url http://seclists.org/oss-sec/2013/q3/586
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/oss-sec/2013/q3/586
10
reference_url http://secunia.com/advisories/54706
reference_id
reference_type
scores
url http://secunia.com/advisories/54706
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-42.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-42.yaml
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4294
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4294
13
reference_url https://opendev.org/openstack/keystone
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/keystone
14
reference_url http://www.ubuntu.com/usn/USN-2002-1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2002-1
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722505
reference_id 722505
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722505
16
reference_url https://github.com/advisories/GHSA-5qpp-v56f-mqfm
reference_id GHSA-5qpp-v56f-mqfm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5qpp-v56f-mqfm
17
reference_url https://usn.ubuntu.com/2002-1/
reference_id USN-2002-1
reference_type
scores
url https://usn.ubuntu.com/2002-1/
fixed_packages
0
url pkg:deb/debian/keystone@2013.1.3-2?distro=trixie
purl pkg:deb/debian/keystone@2013.1.3-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.1.3-2%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2013-4294, GHSA-5qpp-v56f-mqfm, PYSEC-2013-42
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wm8s-rmkk-mugb
49
url VCID-ztee-sxym-zffv
vulnerability_id VCID-ztee-sxym-zffv
summary security update
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14432.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14432.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14432
reference_id
reference_type
scores
0
value 0.01139
scoring_system epss
scoring_elements 0.78351
published_at 2026-04-01T12:55:00Z
1
value 0.01139
scoring_system epss
scoring_elements 0.78357
published_at 2026-04-02T12:55:00Z
2
value 0.01139
scoring_system epss
scoring_elements 0.78388
published_at 2026-04-04T12:55:00Z
3
value 0.01139
scoring_system epss
scoring_elements 0.78372
published_at 2026-04-07T12:55:00Z
4
value 0.01139
scoring_system epss
scoring_elements 0.78398
published_at 2026-04-08T12:55:00Z
5
value 0.01139
scoring_system epss
scoring_elements 0.78404
published_at 2026-04-09T12:55:00Z
6
value 0.01139
scoring_system epss
scoring_elements 0.7843
published_at 2026-04-11T12:55:00Z
7
value 0.01139
scoring_system epss
scoring_elements 0.78412
published_at 2026-04-12T12:55:00Z
8
value 0.01139
scoring_system epss
scoring_elements 0.78405
published_at 2026-04-13T12:55:00Z
9
value 0.01139
scoring_system epss
scoring_elements 0.78434
published_at 2026-04-16T12:55:00Z
10
value 0.01139
scoring_system epss
scoring_elements 0.78432
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14432
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14432
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1606868
reference_id 1606868
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1606868
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904616
reference_id 904616
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904616
6
reference_url https://access.redhat.com/errata/RHSA-2018:2523
reference_id RHSA-2018:2523
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2523
7
reference_url https://access.redhat.com/errata/RHSA-2018:2533
reference_id RHSA-2018:2533
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2533
8
reference_url https://access.redhat.com/errata/RHSA-2018:2543
reference_id RHSA-2018:2543
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2543
fixed_packages
0
url pkg:deb/debian/keystone@2:13.0.0-7?distro=trixie
purl pkg:deb/debian/keystone@2:13.0.0-7?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:13.0.0-7%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
aliases CVE-2018-14432
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ztee-sxym-zffv
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie