Package Instance

reference_id

2148477

reference_type

scores

value	6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:41:32Z/

url

https://security.openstack.org/ossa/OSSA-2026-015.html

reference_url

reference_id

OSSA-2026-015.html

reference_type

scores

value	6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:41:32Z/

url

https://security.openstack.org/ossa/OSSA-2026-015.html

fixed_packages

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2026-43000

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2d7v-rmys-akfg

url VCID-3vnr-dg8w-4qg6

vulnerability_id VCID-3vnr-dg8w-4qg6

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-42999

reference_id

reference_type

scores

value	0.00034
scoring_system	epss
scoring_elements	0.10447
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-42999

reference_url

https://bugs.launchpad.net/keystone/+bug/2148398

reference_id

2148398

reference_type

scores

value	6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:42:13Z/

url

https://bugs.launchpad.net/keystone/+bug/2148398

reference_url

https://security.openstack.org/ossa/OSSA-2026-015.html

reference_id

OSSA-2026-015.html

reference_type

scores

value	6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:42:13Z/

url

https://security.openstack.org/ossa/OSSA-2026-015.html

fixed_packages

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2026-42999

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3vnr-dg8w-4qg6

url VCID-7k2c-zp2n-pbek

vulnerability_id VCID-7k2c-zp2n-pbek

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-44394

reference_id

reference_type

scores

value	0.00063
scoring_system	epss
scoring_elements	0.19951
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-44394

reference_url

https://bugs.launchpad.net/keystone/+bug/2150379

reference_id

2150379

reference_type

scores

value	6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:42:48Z/

url

https://bugs.launchpad.net/keystone/+bug/2150379

reference_url

https://security.openstack.org/ossa/OSSA-2026-015.html

reference_id

OSSA-2026-015.html

reference_type

scores

value	6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:42:48Z/

url

https://security.openstack.org/ossa/OSSA-2026-015.html

fixed_packages

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2026-44394

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7k2c-zp2n-pbek

url VCID-nctt-8ksu-5ud5

vulnerability_id VCID-nctt-8ksu-5ud5

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33551.json

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33551.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-33551

reference_id

reference_type

scores

value	0.00026
scoring_system	epss
scoring_elements	0.07971
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-33551

reference_url

https://bugs.launchpad.net/keystone/+bug/2142138

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T13:50:09Z/

url

https://bugs.launchpad.net/keystone/+bug/2142138

reference_url

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-33551

reference_url

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-33551

reference_url

https://security.openstack.org/ossa/OSSA-2026-005.html

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T13:50:09Z/

url

https://security.openstack.org/ossa/OSSA-2026-005.html

reference_url

http://www.openwall.com/lists/oss-security/2026/04/07/12

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2026/04/07/12

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133118
reference_id	1133118
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133118

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2451037
reference_id	2451037
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2451037

fixed_packages

url	pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2026-33551, GHSA-4phw-6824-6cfp

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nctt-8ksu-5ud5

url VCID-tyh8-xsy3-efeh

vulnerability_id VCID-tyh8-xsy3-efeh

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43001.json

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43001.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-43001

reference_id

reference_type

scores

value	0.00012
scoring_system	epss
scoring_elements	0.01973
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-43001

reference_url

https://bugs.launchpad.net/keystone/+bug/2149775

reference_id

reference_type

scores

value	7.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T13:28:01Z/

url

https://bugs.launchpad.net/keystone/+bug/2149775

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-43001

reference_id

reference_type

scores

value	7.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-43001

reference_url

https://review.opendev.org/c/openstack/keystone

reference_id

reference_type

scores

value	7.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://review.opendev.org/c/openstack/keystone

reference_url

https://review.opendev.org/c/openstack/keystone/+/985804

reference_id

reference_type

scores

value	7.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T13:28:01Z/

url

https://review.opendev.org/c/openstack/keystone/+/985804

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135645
reference_id	1135645
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135645

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2464305
reference_id	2464305
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2464305

reference_url

https://security.openstack.org/ossa/OSSA-2026-015.html

reference_id

OSSA-2026-015.html

reference_type

scores

value	7.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T13:28:01Z/

url

https://security.openstack.org/ossa/OSSA-2026-015.html

fixed_packages

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2026-43001, GHSA-hhq2-3832-xxcv

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tyh8-xsy3-efeh

url VCID-w3tv-9q89-b3f3

vulnerability_id VCID-w3tv-9q89-b3f3

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40683.json

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40683.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-40683

reference_id

reference_type

scores

value	0.0002
scoring_system	epss
scoring_elements	0.05805
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-40683

reference_url

https://bugs.launchpad.net/keystone/+bug/2121152

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T20:14:37Z/

url

https://bugs.launchpad.net/keystone/+bug/2121152

reference_url

https://bugs.launchpad.net/keystone/+bug/2141713

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T20:14:37Z/

url

https://bugs.launchpad.net/keystone/+bug/2141713

reference_url

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-40683

reference_url

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-40683

reference_url

https://review.opendev.org/958205

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T20:14:37Z/

url

https://review.opendev.org/958205

reference_url

https://www.openwall.com/lists/oss-security/2026/04/14/9

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T20:14:37Z/

url

https://www.openwall.com/lists/oss-security/2026/04/14/9

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133884
reference_id	1133884
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133884

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2458472
reference_id	2458472
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2458472

fixed_packages

url	pkg:deb/debian/keystone@2:29.0.0~rc1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.0~rc1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0~rc1-2%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2026-40683, GHSA-pfx2-9x9m-7ghx

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w3tv-9q89-b3f3

url VCID-x278-p5ca-h7d4

vulnerability_id VCID-x278-p5ca-h7d4

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-42998

reference_id

reference_type

scores

value	0.00058
scoring_system	epss
scoring_elements	0.18311
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-42998

reference_url

reference_id

2148477

reference_type

scores

value	6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:38:16Z/

url

https://security.openstack.org/ossa/OSSA-2026-015.html

reference_url

reference_id

OSSA-2026-015.html

reference_type

scores

value	6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:38:16Z/

url

https://security.openstack.org/ossa/OSSA-2026-015.html

fixed_packages

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2026-42998

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x278-p5ca-h7d4

Fixing_vulnerabilities

url VCID-2e7f-s5gx-hyht

vulnerability_id VCID-2e7f-s5gx-hyht

summary OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-3542

reference_id

reference_type

scores

value	0.01949
scoring_system	epss
scoring_elements	0.83761
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-3542

reference_url

https://bugs.launchpad.net/keystone/+bug/1040626

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1040626

reference_url	http://secunia.com/advisories/50467
reference_id
reference_type
scores
url	http://secunia.com/advisories/50467

reference_url	http://secunia.com/advisories/50494
reference_id
reference_type
scores
url	http://secunia.com/advisories/50494

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/5438d3b5a219d7c8fa67e66e538d325a61617155

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/5438d3b5a219d7c8fa67e66e538d325a61617155

reference_url

https://github.com/openstack/keystone/commit/c13d0ba606f7b2bdc609a7f388334e5efec3f3aa

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/c13d0ba606f7b2bdc609a7f388334e5efec3f3aa

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2012-19.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2012-19.yaml

reference_url

https://lists.launchpad.net/openstack/msg16282.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.launchpad.net/openstack/msg16282.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-3542

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-3542

reference_url

https://web.archive.org/web/20121114023909/http://www.securityfocus.com/bid/55326

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20121114023909/http://www.securityfocus.com/bid/55326

reference_url

https://web.archive.org/web/20140802052724/http://secunia.com/advisories/50467

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20140802052724/http://secunia.com/advisories/50467

reference_url

https://web.archive.org/web/20140804204333/http://secunia.com/advisories/50494

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20140804204333/http://secunia.com/advisories/50494

reference_url

http://www.openwall.com/lists/oss-security/2012/08/30/6

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2012/08/30/6

reference_url	http://www.securityfocus.com/bid/55326
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/55326

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html

reference_url	https://usn.ubuntu.com/1552-1/
reference_id	USN-1552-1
reference_type
scores
url	https://usn.ubuntu.com/1552-1/

fixed_packages

url	pkg:deb/debian/keystone@2012.1.1-5?distro=trixie
purl	pkg:deb/debian/keystone@2012.1.1-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1.1-5%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2012-3542, GHSA-gf2q-j2qq-pjf2, PYSEC-2012-19

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2e7f-s5gx-hyht

url VCID-2n9h-y9yp-z7gn

vulnerability_id VCID-2n9h-y9yp-z7gn

summary

references

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2013-1664

reference_url

reference_id

reference_type

scores

value	0.03938
scoring_system	epss
scoring_elements	0.88535
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-1664

reference_url

https://bugs.launchpad.net/nova/+bug/1100282

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/nova/+bug/1100282

reference_url

https://github.com/django/django

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django

reference_url

https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40

reference_url

https://github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-1664

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-1664

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2013/02/19/2

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2013/02/19/2

reference_url

http://www.openwall.com/lists/oss-security/2013/02/19/4

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2013/02/19/4

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700948
reference_id	700948
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700948

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700949
reference_id	700949
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700949

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700950
reference_id	700950
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700950

reference_url	https://security.gentoo.org/glsa/201311-06
reference_id	GLSA-201311-06
reference_type
scores
url	https://security.gentoo.org/glsa/201311-06

reference_url	https://security.gentoo.org/glsa/201412-11
reference_id	GLSA-201412-11
reference_type
scores
url	https://security.gentoo.org/glsa/201412-11

reference_url	https://usn.ubuntu.com/1730-1/
reference_id	USN-1730-1
reference_type
scores
url	https://usn.ubuntu.com/1730-1/

reference_url	https://usn.ubuntu.com/1731-1/
reference_id	USN-1731-1
reference_type
scores
url	https://usn.ubuntu.com/1731-1/

reference_url	https://usn.ubuntu.com/1734-1/
reference_id	USN-1734-1
reference_type
scores
url	https://usn.ubuntu.com/1734-1/

reference_url	https://usn.ubuntu.com/1757-1/
reference_id	USN-1757-1
reference_type
scores
url	https://usn.ubuntu.com/1757-1/

fixed_packages

url	pkg:deb/debian/keystone@2012.1.1-13?distro=trixie
purl	pkg:deb/debian/keystone@2012.1.1-13?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1.1-13%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2013-1664, GHSA-qrh7-x6fp-c2mp

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2n9h-y9yp-z7gn

url VCID-3nsf-9mk5-wkd4

vulnerability_id VCID-3nsf-9mk5-wkd4

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-4222

reference_id

reference_type

scores

value	0.0058
scoring_system	epss
scoring_elements	0.69214
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4222

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719290
reference_id	719290
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719290

reference_url	https://usn.ubuntu.com/2002-1/
reference_id	USN-2002-1
reference_type
scores
url	https://usn.ubuntu.com/2002-1/

fixed_packages

url	pkg:deb/debian/keystone@2013.1.3-1?distro=trixie
purl	pkg:deb/debian/keystone@2013.1.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.1.3-1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2013-4222

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3nsf-9mk5-wkd4

url VCID-3vsx-zpxf-jkew

vulnerability_id VCID-3vsx-zpxf-jkew

summary An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles.

references

reference_url

https://access.redhat.com/errata/RHSA-2017:1461

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:1461

reference_url

https://access.redhat.com/errata/RHSA-2017:1597

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2017:1597

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-2673

reference_id

reference_type

scores

value	0.00572
scoring_system	epss
scoring_elements	0.68968
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-2673

reference_url

https://bugs.launchpad.net/keystone/+bug/1677723

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1677723

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1439586

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1439586

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2673

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2673

reference_url

http://seclists.org/oss-sec/2017/q2/125

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/oss-sec/2017/q2/125

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.6
scoring_system	cvssv2
scoring_elements	AV:L/AC:M/Au:S/C:C/I:C/A:C

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/05a129e54573b6cbda1ec095f4526f2b9ba90a90

reference_url

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/05a129e54573b6cbda1ec095f4526f2b9ba90a90

reference_url

https://github.com/openstack/keystone/commit/2139639eeabc8f6941f4461fc87d609cde3118c2

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/2139639eeabc8f6941f4461fc87d609cde3118c2

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2018-152.yaml

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2018-152.yaml

reference_url

http://www.securityfocus.com/bid/98032

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/98032

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861189
reference_id	861189
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861189

reference_url

https://access.redhat.com/security/cve/CVE-2017-2673

reference_id

CVE-2017-2673

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2017-2673

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-2673

reference_id

CVE-2017-2673

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-2673

reference_url

https://github.com/advisories/GHSA-j36m-hv43-7w7m

reference_id

GHSA-j36m-hv43-7w7m

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j36m-hv43-7w7m

reference_url	https://usn.ubuntu.com/3448-1/
reference_id	USN-3448-1
reference_type
scores
url	https://usn.ubuntu.com/3448-1/

fixed_packages

url	pkg:deb/debian/keystone@2:10.0.0-9?distro=trixie
purl	pkg:deb/debian/keystone@2:10.0.0-9?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:10.0.0-9%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2017-2673, GHSA-j36m-hv43-7w7m, PYSEC-2018-152

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3vsx-zpxf-jkew

url VCID-48bs-dw8y-7ycy

vulnerability_id VCID-48bs-dw8y-7ycy

summary

OpenStack Identity Keystone is vulnerable to Block delegation escalation of privilege
OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a (1) trust or (2) OAuth token with impersonation enabled to create a new token with additional roles.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00031.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00031.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3476

reference_id

reference_type

scores

value	0.00721
scoring_system	epss
scoring_elements	0.72821
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3476

reference_url

https://bugs.launchpad.net/keystone/+bug/1324592

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1324592

reference_url

http://secunia.com/advisories/57886

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/57886

reference_url

http://secunia.com/advisories/59547

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/59547

reference_url

http://www.openwall.com/lists/oss-security/2014/06/12/3

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2014/06/12/3

reference_url

http://www.securityfocus.com/bid/68026

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/68026

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751454
reference_id	751454
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751454

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-3476

reference_id

CVE-2014-3476

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-3476

reference_url

https://github.com/advisories/GHSA-274v-r947-v34r

reference_id

GHSA-274v-r947-v34r

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-274v-r947-v34r

reference_url	https://usn.ubuntu.com/2324-1/
reference_id	USN-2324-1
reference_type
scores
url	https://usn.ubuntu.com/2324-1/

fixed_packages

url	pkg:deb/debian/keystone@2014.1.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2014.1.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.1-2%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2014-3476, GHSA-274v-r947-v34r

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-48bs-dw8y-7ycy

url VCID-4jx8-cpr5-47gw

vulnerability_id VCID-4jx8-cpr5-47gw

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-1977

reference_id

reference_type

scores

value	0.00114
scoring_system	epss
scoring_elements	0.29797
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-1977

fixed_packages

url	pkg:deb/debian/keystone@0?distro=trixie
purl	pkg:deb/debian/keystone@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@0%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2013-1977

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4jx8-cpr5-47gw

url VCID-4uww-qmj3-vyf1

vulnerability_id VCID-4uww-qmj3-vyf1

summary OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain.

references

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2014-5253

reference_url

reference_id

reference_type

scores

value	0.0031
scoring_system	epss
scoring_elements	0.54425
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-5253

reference_url

https://bugs.launchpad.net/keystone/+bug/1349597

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1349597

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/317f9d34b4da20c21edd5b851889298b67c843e1

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/317f9d34b4da20c21edd5b851889298b67c843e1

reference_url

https://github.com/openstack/keystone/commit/3e035ebb726167aef43c4a865c7e7f7d3b0978fb

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/3e035ebb726167aef43c4a865c7e7f7d3b0978fb

reference_url

https://github.com/openstack/keystone/commit/c4447f16da036fe878382ce4e1b05b84bdcc4d4e

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/c4447f16da036fe878382ce4e1b05b84bdcc4d4e

reference_url

https://github.com/openstack/keystone/commit/cccc3f3239c68479de0f6a41bd64badf2a9ec9e7

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/cccc3f3239c68479de0f6a41bd64badf2a9ec9e7

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-109.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-109.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-5253

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-5253

reference_url

http://www.openwall.com/lists/oss-security/2014/08/15/6

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2014/08/15/6

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa

reference_url	https://usn.ubuntu.com/2324-1/
reference_id	USN-2324-1
reference_type
scores
url	https://usn.ubuntu.com/2324-1/

fixed_packages

url	pkg:deb/debian/keystone@2014.1.2.1-1?distro=trixie
purl	pkg:deb/debian/keystone@2014.1.2.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.2.1-1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2014-5253, GHSA-77w8-qv8m-386h, PYSEC-2014-109

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4uww-qmj3-vyf1

url VCID-57mt-83p9-eug7

vulnerability_id VCID-57mt-83p9-eug7

summary OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.

references

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa

reference_url

http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355

reference_url

http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626

reference_url

http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d

reference_url

http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454

reference_url

http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-3426

reference_id

reference_type

scores

value	0.00561
scoring_system	epss
scoring_elements	0.68627
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-3426

reference_url

https://bugs.launchpad.net/keystone/+bug/996595

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/996595

reference_url

https://bugs.launchpad.net/keystone/+bug/997194

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/997194

reference_url

https://bugs.launchpad.net/keystone/+bug/998185

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/998185

reference_url	http://secunia.com/advisories/50045
reference_id
reference_type
scores
url	http://secunia.com/advisories/50045

reference_url	http://secunia.com/advisories/50494
reference_id
reference_type
scores
url	http://secunia.com/advisories/50494

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355

reference_url

https://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626

reference_url

https://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2012-34.yaml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2012-34.yaml

reference_url

https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-3426

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-3426

reference_url

http://www.openwall.com/lists/oss-security/2012/07/27/4

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2012/07/27/4

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2013-6391

reference_url	https://usn.ubuntu.com/1552-1/
reference_id	USN-1552-1
reference_type
scores
url	https://usn.ubuntu.com/1552-1/

fixed_packages

url	pkg:deb/debian/keystone@2012.1.1-1?distro=trixie
purl	pkg:deb/debian/keystone@2012.1.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1.1-1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2012-3426, GHSA-xp97-6w7r-4cjc, PYSEC-2012-34

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-57mt-83p9-eug7

url VCID-5vcu-gkp5-tber

vulnerability_id VCID-5vcu-gkp5-tber

summary

references

reference_url

reference_id

reference_type

scores

value	0.00498
scoring_system	epss
scoring_elements	0.66161
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-6391

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731981
reference_id	731981
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731981

reference_url	https://usn.ubuntu.com/2061-1/
reference_id	USN-2061-1
reference_type
scores
url	https://usn.ubuntu.com/2061-1/

fixed_packages

url	pkg:deb/debian/keystone@2013.2.1-1?distro=trixie
purl	pkg:deb/debian/keystone@2013.2.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.2.1-1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2013-6391

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5vcu-gkp5-tber

url VCID-6c5s-pwfv-v3gm

vulnerability_id VCID-6c5s-pwfv-v3gm

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14432

reference_id

reference_type

scores

value	0.01139
scoring_system	epss
scoring_elements	0.78716
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14432

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904616
reference_id	904616
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904616

fixed_packages

url	pkg:deb/debian/keystone@2:13.0.0-7?distro=trixie
purl	pkg:deb/debian/keystone@2:13.0.0-7?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:13.0.0-7%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2018-14432

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6c5s-pwfv-v3gm

url VCID-6knu-zpef-kyey

vulnerability_id VCID-6knu-zpef-kyey

summary An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-12692

reference_id

reference_type

scores

value	0.0014
scoring_system	epss
scoring_elements	0.33823
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-12692

reference_url

https://bugs.launchpad.net/keystone/+bug/1872737

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1872737

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-56.yaml

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-56.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-12692

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-12692

reference_url

https://opendev.org/openstack/keystone/commit/ab89ea749013e7f2c46260f68504f5687763e019

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://opendev.org/openstack/keystone/commit/ab89ea749013e7f2c46260f68504f5687763e019

reference_url

https://security.openstack.org/ossa/OSSA-2020-003.html

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.openstack.org/ossa/OSSA-2020-003.html

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2020/05/06/4

reference_url	https://usn.ubuntu.com/4480-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4480-1/

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2020/05/06/4

reference_url

http://www.openwall.com/lists/oss-security/2020/05/07/1

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2020/05/07/1

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900
reference_id	959900
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900

fixed_packages

url	pkg:deb/debian/keystone@2:17.0.0~rc2-1?distro=trixie
purl	pkg:deb/debian/keystone@2:17.0.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:17.0.0~rc2-1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2020-12692, GHSA-rqw2-hhrf-7936, PYSEC-2020-56

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6knu-zpef-kyey

url VCID-6rnf-g1zt-r7d5

vulnerability_id VCID-6rnf-g1zt-r7d5

summary

OpenStack Keystone allows context-dependent attackers to bypass access restrictions
OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-0282

reference_id

reference_type

scores

value	0.00467
scoring_system	epss
scoring_elements	0.64747
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-0282

reference_url

https://bugs.launchpad.net/keystone/+bug/1121494

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1121494

reference_url

https://github.com/openstack/keystone/commit/7402f5ef994599653bdbb3ed5ff1a2b8c3e72b9f

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/7402f5ef994599653bdbb3ed5ff1a2b8c3e72b9f

reference_url

https://github.com/openstack/keystone/commit/9572bfc393f66f5ce3b44c0a77a9e29cc0374c6f

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/9572bfc393f66f5ce3b44c0a77a9e29cc0374c6f

reference_url

https://github.com/openstack/keystone/commit/f0b4d300db5cc61d4f079f8bce9da8e8bea1081a

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/f0b4d300db5cc61d4f079f8bce9da8e8bea1081a

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://launchpad.net/keystone/+milestone/2012.2.4

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://launchpad.net/keystone/+milestone/2012.2.4

reference_url

https://review.openstack.org/#/c/22319

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://review.openstack.org/#/c/22319

reference_url	https://review.openstack.org/#/c/22319/
reference_id
reference_type
scores
url	https://review.openstack.org/#/c/22319/

reference_url

https://review.openstack.org/#/c/22320

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://review.openstack.org/#/c/22320

reference_url	https://review.openstack.org/#/c/22320/
reference_id
reference_type
scores
url	https://review.openstack.org/#/c/22320/

reference_url

https://review.openstack.org/#/c/22321

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://review.openstack.org/#/c/22321

reference_url	https://review.openstack.org/#/c/22321/
reference_id
reference_type
scores
url	https://review.openstack.org/#/c/22321/

reference_url

http://www.openwall.com/lists/oss-security/2013/02/19/3

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2013/02/19/3

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700947
reference_id	700947
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700947

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-0282

reference_id

CVE-2013-0282

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-0282

reference_url

https://github.com/advisories/GHSA-8833-qrvm-wc3h

reference_id

GHSA-8833-qrvm-wc3h

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8833-qrvm-wc3h

reference_url	https://usn.ubuntu.com/1730-1/
reference_id	USN-1730-1
reference_type
scores
url	https://usn.ubuntu.com/1730-1/

fixed_packages

url	pkg:deb/debian/keystone@2012.1.1-13?distro=trixie
purl	pkg:deb/debian/keystone@2012.1.1-13?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1.1-13%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2013-0282, GHSA-8833-qrvm-wc3h

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6rnf-g1zt-r7d5

url VCID-86d1-vsfn-ruah

vulnerability_id VCID-86d1-vsfn-ruah

summary private key recovery

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3563

reference_id

reference_type

scores

value	0.00041
scoring_system	epss
scoring_elements	0.12871
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3563

reference_url

https://bugs.launchpad.net/ossa/+bug/1901891

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/ossa/+bug/1901891

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1962908

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1962908

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://lists.debian.org/debian-lts-announce/2024/01/msg00007.html

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/01/msg00007.html

reference_url

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://opendev.org/openstack/keystone/commit/7859ed26003858ebfd9a5e866b43f1a6a9e83dca

reference_url

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://opendev.org/openstack/keystone/commit/7859ed26003858ebfd9a5e866b43f1a6a9e83dca

reference_url

https://review.opendev.org/c/openstack/keystone/+/803641

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://review.opendev.org/c/openstack/keystone/+/803641

reference_url

https://review.opendev.org/c/openstack/keystone/+/828595

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://review.opendev.org/c/openstack/keystone/+/828595

reference_url

https://review.opendev.org/c/openstack/keystone/+/856489

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://review.opendev.org/c/openstack/keystone/+/856489

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989998
reference_id	989998
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989998

reference_url

https://security.archlinux.org/AVG-1979

reference_id

AVG-1979

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1979

reference_url

https://access.redhat.com/security/cve/CVE-2021-3563

reference_id

CVE-2021-3563

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2021-3563

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-3563

reference_id

CVE-2021-3563

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-3563

reference_url

https://security-tracker.debian.org/tracker/CVE-2021-3563

reference_id

CVE-2021-3563

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security-tracker.debian.org/tracker/CVE-2021-3563

reference_url

https://github.com/advisories/GHSA-cc99-whm5-mmq3

reference_id

GHSA-cc99-whm5-mmq3

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cc99-whm5-mmq3

reference_url	https://usn.ubuntu.com/7926-1/
reference_id	USN-7926-1
reference_type
scores
url	https://usn.ubuntu.com/7926-1/

fixed_packages

url	pkg:deb/debian/keystone@2:23.0.0-3?distro=trixie
purl	pkg:deb/debian/keystone@2:23.0.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:23.0.0-3%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2021-3563, GHSA-cc99-whm5-mmq3

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-86d1-vsfn-ruah

url VCID-8zhb-r2pz-83f2

vulnerability_id VCID-8zhb-r2pz-83f2

summary OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token.

references

reference_url

http://github.com/openstack/keystone/commit/255b1d43500f5d98ec73a0056525b492b14fec05

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://github.com/openstack/keystone/commit/255b1d43500f5d98ec73a0056525b492b14fec05

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101719.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101719.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00000.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-04/msg00000.html

reference_url	http://osvdb.org/91532
reference_id
reference_type
scores
url	http://osvdb.org/91532

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2013:0708

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2013:0708

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-1865

reference_id

reference_type

scores

value	0.01162
scoring_system	epss
scoring_elements	0.78917
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-1865

reference_url

https://bugs.launchpad.net/keystone/+bug/1129713

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1129713

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=922230

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=922230

reference_url	http://secunia.com/advisories/52657
reference_id
reference_type
scores
url	http://secunia.com/advisories/52657

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-39.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-39.yaml

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://review.openstack.org/24906

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://review.openstack.org/24906

reference_url

https://review.openstack.org/#/c/24906

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://review.openstack.org/#/c/24906

reference_url	https://review.openstack.org/#/c/24906/
reference_id
reference_type
scores
url	https://review.openstack.org/#/c/24906/

reference_url

https://web.archive.org/web/20170715155558/http://www.securityfocus.com/bid/58616

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20170715155558/http://www.securityfocus.com/bid/58616

reference_url

http://www.openwall.com/lists/oss-security/2013/03/20/13

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2013/03/20/13

reference_url	http://www.securityfocus.com/bid/58616
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/58616

reference_url

http://www.ubuntu.com/usn/USN-1772-1

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.ubuntu.com/usn/USN-1772-1

reference_url

https://access.redhat.com/security/cve/CVE-2013-1865

reference_id

CVE-2013-1865

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2013-1865

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-1865

reference_id

CVE-2013-1865

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-1865

reference_url	https://github.com/advisories/GHSA-22q6-wwq7-2jj9
reference_id	GHSA-22q6-wwq7-2jj9
reference_type
scores
url	https://github.com/advisories/GHSA-22q6-wwq7-2jj9

reference_url	https://usn.ubuntu.com/1772-1/
reference_id	USN-1772-1
reference_type
scores
url	https://usn.ubuntu.com/1772-1/

fixed_packages

url	pkg:deb/debian/keystone@0?distro=trixie
purl	pkg:deb/debian/keystone@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@0%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2013-1865, GHSA-22q6-wwq7-2jj9, PYSEC-2013-39

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8zhb-r2pz-83f2

url VCID-917r-mgz3-5bfm

vulnerability_id VCID-917r-mgz3-5bfm

summary

Exposure of Sensitive Information to an Unauthorized Actor
OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs.

references

reference_url

http://lists.openstack.org/pipermail/openstack-announce/2015-May/000356.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.openstack.org/pipermail/openstack-announce/2015-May/000356.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-3646

reference_id

reference_type

scores

value	0.00177
scoring_system	epss
scoring_elements	0.38896
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-3646

reference_url

https://bugs.launchpad.net/keystone/+bug/1443598

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1443598

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:P/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210122154200/http://www.securityfocus.com/bid/74456

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210122154200/http://www.securityfocus.com/bid/74456

reference_url

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-3646

reference_id

CVE-2015-3646

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-3646

reference_url

https://github.com/advisories/GHSA-jwpw-ppj5-7h4w

reference_id

GHSA-jwpw-ppj5-7h4w

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jwpw-ppj5-7h4w

fixed_packages

url	pkg:deb/debian/keystone@2015.1.0-1?distro=trixie
purl	pkg:deb/debian/keystone@2015.1.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2015.1.0-1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2015-3646, GHSA-jwpw-ppj5-7h4w

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-917r-mgz3-5bfm

url VCID-9kcy-a54w-c7fh

vulnerability_id VCID-9kcy-a54w-c7fh

summary OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106220.html

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106220.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0806.html

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0806.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-2006

reference_id

reference_type

scores

value	0.00039
scoring_system	epss
scoring_elements	0.12088
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-2006

reference_url

https://bugs.launchpad.net/keystone/+bug/1172195

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1172195

reference_url

https://bugs.launchpad.net/ossn/+bug/1168252

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/ossn/+bug/1168252

reference_url

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/c5037dd6b82909efaaa8720e8cfa8bdb8b4a0edd

reference_url

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/c5037dd6b82909efaaa8720e8cfa8bdb8b4a0edd

reference_url

https://github.com/openstack/keystone/commit/d43e2a51a1ed7adbed3c5ddf001d46bc4a824ae8

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/d43e2a51a1ed7adbed3c5ddf001d46bc4a824ae8

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-40.yaml

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-40.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-2006

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-2006

reference_url

http://www.openwall.com/lists/oss-security/2013/04/24/1

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2013/04/24/1

reference_url

http://www.openwall.com/lists/oss-security/2013/04/24/2

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2013/04/24/2

reference_url

http://www.securityfocus.com/bid/59411

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/59411

fixed_packages

url	pkg:deb/debian/keystone@2013.1.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2013.1.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.1.1-2%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2013-2006, GHSA-rxrm-xvp4-jqvh, PYSEC-2013-40

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9kcy-a54w-c7fh

url VCID-9pf4-c5at-a7d4

vulnerability_id VCID-9pf4-c5at-a7d4

summary

OpenStack Identity Keystone Exposure of Sensitive Information
The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field.

references

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-1789.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-1789.html

reference_url

http://rhn.redhat.com/errata/RHSA-2014-1790.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-1790.html

reference_url

https://access.redhat.com/errata/RHSA-2014:1688

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2014:1688

reference_url

https://access.redhat.com/errata/RHSA-2014:1789

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2014:1789

reference_url

https://access.redhat.com/errata/RHSA-2014:1790

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2014:1790

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3621

reference_id

reference_type

scores

value	0.00426
scoring_system	epss
scoring_elements	0.62563
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3621

reference_url

https://bugs.launchpad.net/keystone/+bug/1354208

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1354208

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1139937

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1139937

reference_url

https://github.com/openstack/keystone/commit/2989ff257e4fde6a168e25b926805e700406aa80

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/2989ff257e4fde6a168e25b926805e700406aa80

reference_url

https://github.com/openstack/keystone/commit/52714633c9a4dae5e60279217090859aa6dbcb4f

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/52714633c9a4dae5e60279217090859aa6dbcb4f

reference_url

http://www.openwall.com/lists/oss-security/2014/09/16/10

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2014/09/16/10

reference_url

http://www.ubuntu.com/usn/USN-2406-1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.ubuntu.com/usn/USN-2406-1

reference_url

https://access.redhat.com/security/cve/CVE-2014-3621

reference_id

CVE-2014-3621

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2014-3621

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-3621

reference_id

CVE-2014-3621

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-3621

reference_url

https://github.com/advisories/GHSA-8v8f-vc72-pmhc

reference_id

GHSA-8v8f-vc72-pmhc

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8v8f-vc72-pmhc

reference_url	https://usn.ubuntu.com/2406-1/
reference_id	USN-2406-1
reference_type
scores
url	https://usn.ubuntu.com/2406-1/

fixed_packages

url	pkg:deb/debian/keystone@2014.1.3-1?distro=trixie
purl	pkg:deb/debian/keystone@2014.1.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2014-3621, GHSA-8v8f-vc72-pmhc

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9pf4-c5at-a7d4

url VCID-9phy-48qv-2bgw

vulnerability_id VCID-9phy-48qv-2bgw

summary OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106220.html

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106220.html

reference_url

http://lists.opensuse.org/opensuse-updates/2013-06/msg00085.html

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-06/msg00085.html

reference_url	http://osvdb.org/93134
reference_id
reference_type
scores
url	http://osvdb.org/93134

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-2059

reference_id

reference_type

scores

value	0.00908
scoring_system	epss
scoring_elements	0.76117
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-2059

reference_url

https://bugs.launchpad.net/keystone/+bug/1166670

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1166670

reference_url	http://secunia.com/advisories/53326
reference_id
reference_type
scores
url	http://secunia.com/advisories/53326

reference_url	http://secunia.com/advisories/53339
reference_id
reference_type
scores
url	http://secunia.com/advisories/53339

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/84135

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/84135

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/33214f311aa36b17f8f5ff06bee2130bf061df8f

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/33214f311aa36b17f8f5ff06bee2130bf061df8f

reference_url

https://github.com/openstack/keystone/commit/678b06a91f772d6be82eb54ed11f27e20f446b57

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/678b06a91f772d6be82eb54ed11f27e20f446b57

reference_url

https://github.com/openstack/keystone/commit/992466d1dbf80a940190703dedf800d6d12dede8

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/992466d1dbf80a940190703dedf800d6d12dede8

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-41.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-41.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-2059

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-2059

reference_url

http://www.openwall.com/lists/oss-security/2013/05/09/3

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2013/05/09/3

reference_url

http://www.openwall.com/lists/oss-security/2013/05/09/4

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2013/05/09/4

reference_url	http://www.securityfocus.com/bid/59787
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/59787

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707598
reference_id	707598
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707598

reference_url	https://usn.ubuntu.com/1830-1/
reference_id	USN-1830-1
reference_type
scores
url	https://usn.ubuntu.com/1830-1/

fixed_packages

url	pkg:deb/debian/keystone@2013.1.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2013.1.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.1.1-2%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2013-2059, GHSA-hj89-qmx9-8qmh, PYSEC-2013-41

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9phy-48qv-2bgw

url VCID-b1d5-3vyr-7qbc

vulnerability_id VCID-b1d5-3vyr-7qbc

summary

references

reference_url

http://github.com/openstack/keystone/commit/58ac6691a21675be9e2ffb0f84a05fc3cd4d2e2e

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://github.com/openstack/keystone/commit/58ac6691a21675be9e2ffb0f84a05fc3cd4d2e2e

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2012-4413

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2012-4413

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-4413

reference_id

reference_type

scores

value	0.00428
scoring_system	epss
scoring_elements	0.62738
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-4413

reference_url

https://bugs.launchpad.net/keystone/+bug/1041396

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1041396

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=855491

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=855491

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/78478

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/78478

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-4413

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-4413

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://review.opendev.org/c/openstack/keystone/+/12870

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://review.opendev.org/c/openstack/keystone/+/12870

reference_url

https://web.archive.org/web/20121114023848/http://www.securityfocus.com/bid/55524

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20121114023848/http://www.securityfocus.com/bid/55524

reference_url

http://www.openwall.com/lists/oss-security/2012/09/12/7

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2012/09/12/7

reference_url

http://www.ubuntu.com/usn/USN-1564-1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.ubuntu.com/usn/USN-1564-1

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687428
reference_id	687428
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687428

reference_url	https://usn.ubuntu.com/1564-1/
reference_id	USN-1564-1
reference_type
scores
url	https://usn.ubuntu.com/1564-1/

fixed_packages

url	pkg:deb/debian/keystone@2012.1.1-6?distro=trixie
purl	pkg:deb/debian/keystone@2012.1.1-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1.1-6%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2012-4413, GHSA-mrxv-65rv-6hxq

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b1d5-3vyr-7qbc

url VCID-b5fc-55sj-47a4

vulnerability_id VCID-b5fc-55sj-47a4

summary An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-12689

reference_id

reference_type

scores

value	0.01066
scoring_system	epss
scoring_elements	0.77999
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-12689

reference_url

https://bugs.launchpad.net/keystone/+bug/1872735

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1872735

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/37e9907a176dad6843819b1bec4946c3aecc4548

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/37e9907a176dad6843819b1bec4946c3aecc4548

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-53.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-53.yaml

reference_url

https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-12689

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-12689

reference_url

https://security.openstack.org/ossa/OSSA-2020-004.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.openstack.org/ossa/OSSA-2020-004.html

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2020/05/06/5

reference_url	https://usn.ubuntu.com/4480-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4480-1/

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2020/05/06/5

reference_url

http://www.openwall.com/lists/oss-security/2020/05/07/2

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2020/05/07/2

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900
reference_id	959900
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900

fixed_packages

url	pkg:deb/debian/keystone@2:17.0.0~rc2-1?distro=trixie
purl	pkg:deb/debian/keystone@2:17.0.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:17.0.0~rc2-1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2020-12689, GHSA-chgw-36xv-47cw, PYSEC-2020-53

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b5fc-55sj-47a4

url VCID-baxe-uxur-6fe4

vulnerability_id VCID-baxe-uxur-6fe4

summary

Improper Authentication
OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-4457

reference_id

reference_type

scores

value	0.00561
scoring_system	epss
scoring_elements	0.68624
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-4457

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=861180

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=861180

reference_url

http://secunia.com/advisories/50665

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/50665

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/78947

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/78947

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/4ebfdfaf23c6da8e3c182bf3ec2cb2b7132ef685

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/4ebfdfaf23c6da8e3c182bf3ec2cb2b7132ef685

reference_url

https://github.com/openstack/keystone/commit/5373601bbdda10f879c08af1698852142b75f8d5

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/5373601bbdda10f879c08af1698852142b75f8d5

reference_url

https://lists.launchpad.net/openstack/msg17035.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.launchpad.net/openstack/msg17035.html

reference_url

http://www.openwall.com/lists/oss-security/2012/09/28/6

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2012/09/28/6

reference_url

http://www.securityfocus.com/bid/55716

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/55716

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689210
reference_id	689210
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689210

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-4457

reference_id

CVE-2012-4457

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-4457

reference_url	https://github.com/advisories/GHSA-x8h4-xf47-pqc3
reference_id	GHSA-x8h4-xf47-pqc3
reference_type
scores
url	https://github.com/advisories/GHSA-x8h4-xf47-pqc3

fixed_packages

url	pkg:deb/debian/keystone@2012.1.1-9?distro=trixie
purl	pkg:deb/debian/keystone@2012.1.1-9?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1.1-9%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2012-4457, GHSA-x8h4-xf47-pqc3

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-baxe-uxur-6fe4

url VCID-bgx2-uchd-5bh4

vulnerability_id VCID-bgx2-uchd-5bh4

summary

OpenStack Identity (Keystone) Denial of Service
OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests.

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2013-July/111914.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2013-July/111914.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-2014

reference_id

reference_type

scores

value	0.02372
scoring_system	epss
scoring_elements	0.85223
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-2014

reference_url

https://bugs.launchpad.net/keystone/+bug/1098177

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1098177

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/53397

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/53397

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/84347

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/84347

reference_url

https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8

reference_url

http://www.securityfocus.com/bid/59936

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/59936

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708515
reference_id	708515
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708515

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-2014

reference_id

CVE-2013-2014

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-2014

reference_url

https://github.com/advisories/GHSA-7332-36h8-8jh8

reference_id

GHSA-7332-36h8-8jh8

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7332-36h8-8jh8

fixed_packages

url	pkg:deb/debian/keystone@2013.1.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2013.1.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.1.1-2%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2013-2014, GHSA-7332-36h8-8jh8

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bgx2-uchd-5bh4

url VCID-bukc-9hym-u7av

vulnerability_id VCID-bukc-9hym-u7av

summary An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-12691

reference_id

reference_type

scores

value	0.03566
scoring_system	epss
scoring_elements	0.87918
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-12691

reference_url

https://bugs.launchpad.net/keystone/+bug/1872733

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1872733

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/37e9907a176dad6843819b1bec4946c3aecc4548

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/37e9907a176dad6843819b1bec4946c3aecc4548

reference_url

https://github.com/openstack/keystone/commit/40cbb7bebd50276412daa1981ff5a7c7b3b899a5

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/40cbb7bebd50276412daa1981ff5a7c7b3b899a5

reference_url

https://github.com/openstack/keystone/commit/95b2bbeab113d9f04d1c81f7f1b48bf692bce979

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/95b2bbeab113d9f04d1c81f7f1b48bf692bce979

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-55.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-55.yaml

reference_url

https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-12691

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-12691

reference_url

https://security.openstack.org/ossa/OSSA-2020-004.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.openstack.org/ossa/OSSA-2020-004.html

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2020/05/06/5

reference_url	https://usn.ubuntu.com/4480-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4480-1/

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2020/05/06/5

reference_url

http://www.openwall.com/lists/oss-security/2020/05/07/2

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2020/05/07/2

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900
reference_id	959900
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900

fixed_packages

url	pkg:deb/debian/keystone@2:17.0.0~rc2-1?distro=trixie
purl	pkg:deb/debian/keystone@2:17.0.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:17.0.0~rc2-1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2020-12691, GHSA-4427-7f3w-mqv6, PYSEC-2020-55

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bukc-9hym-u7av

url VCID-c5xh-hbyj-sfg5

vulnerability_id VCID-c5xh-hbyj-sfg5

summary OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression.

references

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2012-5563

reference_url

reference_id

reference_type

scores

value	0.00392
scoring_system	epss
scoring_elements	0.60465
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-5563

reference_url

https://bugs.launchpad.net/keystone/+bug/1079216

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1079216

reference_url	http://secunia.com/advisories/51423
reference_id
reference_type
scores
url	http://secunia.com/advisories/51423

reference_url	http://secunia.com/advisories/51436
reference_id
reference_type
scores
url	http://secunia.com/advisories/51436

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/80370

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/80370

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/38c7e46a640a94da4da89a39a5a1ea9c081f1eb5

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/38c7e46a640a94da4da89a39a5a1ea9c081f1eb5

reference_url

https://github.com/openstack/keystone/commit/f9d4766249a72d8f88d75dcf1575b28dd3496681

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/f9d4766249a72d8f88d75dcf1575b28dd3496681

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2012-20.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2012-20.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-5563

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-5563

reference_url

https://web.archive.org/web/20121201003009/http://secunia.com/advisories/51423

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20121201003009/http://secunia.com/advisories/51423

reference_url

https://web.archive.org/web/20140802122732/http://secunia.com/advisories/51436

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20140802122732/http://secunia.com/advisories/51436

reference_url

https://web.archive.org/web/20200228144943/http://www.securityfocus.com/bid/56727

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228144943/http://www.securityfocus.com/bid/56727

reference_url

http://www.openwall.com/lists/oss-security/2012/11/28/5

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2012/11/28/5

reference_url

http://www.openwall.com/lists/oss-security/2012/11/28/6

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2012/11/28/6

reference_url	http://www.securityfocus.com/bid/56727
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/56727

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2013-2157

reference_url	https://usn.ubuntu.com/1641-1/
reference_id	USN-1641-1
reference_type
scores
url	https://usn.ubuntu.com/1641-1/

fixed_packages

url	pkg:deb/debian/keystone@0?distro=trixie
purl	pkg:deb/debian/keystone@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@0%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2012-5563, GHSA-w66p-78g4-mr7g, PYSEC-2012-20

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c5xh-hbyj-sfg5

url VCID-cabw-p7gv-27a3

vulnerability_id VCID-cabw-p7gv-27a3

summary

references

reference_url

reference_id

reference_type

scores

value	0.00212
scoring_system	epss
scoring_elements	0.43701
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-2157

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712160
reference_id	712160
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712160

reference_url	https://usn.ubuntu.com/1875-1/
reference_id	USN-1875-1
reference_type
scores
url	https://usn.ubuntu.com/1875-1/

fixed_packages

url	pkg:deb/debian/keystone@2013.1.2-1?distro=trixie
purl	pkg:deb/debian/keystone@2013.1.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.1.2-1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2013-2157

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cabw-p7gv-27a3

url VCID-d5zm-a269-m3et

vulnerability_id VCID-d5zm-a269-m3et

summary The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-4911

reference_id

reference_type

scores

value	0.00304
scoring_system	epss
scoring_elements	0.53921
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-4911

reference_url

https://bugs.launchpad.net/keystone/+bug/1577558

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1577558

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/0d376025bae61bf5ee19d992c7f336b99ac69240

reference_url

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/0d376025bae61bf5ee19d992c7f336b99ac69240

reference_url

https://github.com/openstack/keystone/commit/ee1dc941042d1f71699971c5c30566af1b348572

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/ee1dc941042d1f71699971c5c30566af1b348572

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2016-38.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2016-38.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-4911

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-4911

reference_url

https://review.openstack.org/#/c/311886

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://review.openstack.org/#/c/311886

reference_url

https://review.openstack.org/#/c/311886/

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

url

https://review.openstack.org/#/c/311886/

reference_url

https://security.openstack.org/ossa/OSSA-2016-008.html

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.openstack.org/ossa/OSSA-2016-008.html

reference_url

http://www.openwall.com/lists/oss-security/2016/05/17/10

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/05/17/10

reference_url

http://www.openwall.com/lists/oss-security/2016/05/17/11

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2016/05/17/11

reference_url

http://www.securityfocus.com/bid/90728

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

url

http://www.securityfocus.com/bid/90728

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824683
reference_id	824683
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824683

fixed_packages

url	pkg:deb/debian/keystone@2:9.0.0-2?distro=trixie
purl	pkg:deb/debian/keystone@2:9.0.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:9.0.0-2%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2016-4911, GHSA-f82m-w3p3-cgp3, PYSEC-2016-38

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d5zm-a269-m3et

url VCID-dtx2-kjjk-zkgz

vulnerability_id VCID-dtx2-kjjk-zkgz

summary The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers, which allows remote authenticated users to bypass intended access restrictions and gain access to cloud resources by manipulating byte fields within a revoked token.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-7546

reference_id

reference_type

scores

value	0.00105
scoring_system	epss
scoring_elements	0.2823
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-7546

reference_url

https://bugs.launchpad.net/keystone/+bug/1490804

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1490804

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv2
scoring_elements	AV:A/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/openstack/keystone/commit/bff03b5726fe5cac93d44a66715eea49b89c8cb0

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/bff03b5726fe5cac93d44a66715eea49b89c8cb0

reference_url

https://github.com/openstack/keystone/commit/d5378f173da14a34ca010271477337879002d6d0

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/d5378f173da14a34ca010271477337879002d6d0

reference_url

https://github.com/openstack/keystonemiddleware/commit/96ab58e6863c92575ada57615b19652e502adfd8

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystonemiddleware/commit/96ab58e6863c92575ada57615b19652e502adfd8

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/keystonemiddleware/PYSEC-2016-20.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/keystonemiddleware/PYSEC-2016-20.yaml

reference_url

https://security.openstack.org/ossa/OSSA-2016-005.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.openstack.org/ossa/OSSA-2016-005.html

reference_url

https://web.archive.org/web/20200228002640/http://www.securityfocus.com/bid/80498

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228002640/http://www.securityfocus.com/bid/80498

reference_url

https://wiki.openstack.org/wiki/OSSN/OSSN-0062

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://wiki.openstack.org/wiki/OSSN/OSSN-0062

reference_url

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

reference_url	http://www.securityfocus.com/bid/80498
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/80498

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-7546

reference_id

CVE-2015-7546

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-7546

reference_url

https://github.com/advisories/GHSA-8c4w-v65p-jvcv

reference_id

GHSA-8c4w-v65p-jvcv

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8c4w-v65p-jvcv

fixed_packages

url	pkg:deb/debian/keystone@2:9.0.0~rc2-1?distro=trixie
purl	pkg:deb/debian/keystone@2:9.0.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:9.0.0~rc2-1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2015-7546, GHSA-8c4w-v65p-jvcv, PYSEC-2016-20

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dtx2-kjjk-zkgz

url VCID-e66j-5dhx-qqcd

vulnerability_id VCID-e66j-5dhx-qqcd

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3520

reference_id

reference_type

scores

value	0.00428
scoring_system	epss
scoring_elements	0.62718
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3520

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753511
reference_id	753511
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753511

reference_url	https://usn.ubuntu.com/2324-1/
reference_id	USN-2324-1
reference_type
scores
url	https://usn.ubuntu.com/2324-1/

fixed_packages

url	pkg:deb/debian/keystone@2014.1.1-3?distro=trixie
purl	pkg:deb/debian/keystone@2014.1.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.1-3%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2014-3520

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e66j-5dhx-qqcd

url VCID-egav-jttu-wkfd

vulnerability_id VCID-egav-jttu-wkfd

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-0247

reference_id

reference_type

scores

value	0.0296
scoring_system	epss
scoring_elements	0.86723
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-0247

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699835
reference_id	699835
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699835

reference_url	https://usn.ubuntu.com/1715-1/
reference_id	USN-1715-1
reference_type
scores
url	https://usn.ubuntu.com/1715-1/

fixed_packages

url	pkg:deb/debian/keystone@2012.1.1-12?distro=trixie
purl	pkg:deb/debian/keystone@2012.1.1-12?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1.1-12%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2013-0247

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-egav-jttu-wkfd

url VCID-fe5b-bz91-gfcw

vulnerability_id VCID-fe5b-bz91-gfcw

summary OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role.

references

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html

reference_url

http://rhn.redhat.com/errata/RHSA-2012-1556.html

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2012-1556.html

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2012-5571

reference_url

reference_id

reference_type

scores

value	0.00152
scoring_system	epss
scoring_elements	0.35612
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-5571

reference_url

https://bugs.launchpad.net/keystone/+bug/1064914

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1064914

reference_url

http://secunia.com/advisories/51423

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/51423

reference_url

http://secunia.com/advisories/51436

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://secunia.com/advisories/51436

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/80333

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/80333

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713b

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713b

reference_url

https://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19

reference_url

https://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2012-35.yaml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2012-35.yaml

reference_url

http://www.openwall.com/lists/oss-security/2012/11/28/5

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2012/11/28/5

reference_url

http://www.openwall.com/lists/oss-security/2012/11/28/6

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2012/11/28/6

reference_url

http://www.securityfocus.com/bid/56726

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/56726

reference_url

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2012-5571

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694433
reference_id	694433
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694433

reference_url

reference_id

CVE-2012-5571

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2012-5571

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-5571

reference_id

CVE-2012-5571

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-5571

reference_url	https://github.com/advisories/GHSA-qvpr-qm6w-6rcc
reference_id	GHSA-qvpr-qm6w-6rcc
reference_type
scores
url	https://github.com/advisories/GHSA-qvpr-qm6w-6rcc

reference_url	https://usn.ubuntu.com/1641-1/
reference_id	USN-1641-1
reference_type
scores
url	https://usn.ubuntu.com/1641-1/

fixed_packages

url	pkg:deb/debian/keystone@2012.1.1-11?distro=trixie
purl	pkg:deb/debian/keystone@2012.1.1-11?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1.1-11%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2012-5571, GHSA-qvpr-qm6w-6rcc, PYSEC-2012-35

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fe5b-bz91-gfcw

url VCID-fkcn-mcew-73ec

vulnerability_id VCID-fkcn-mcew-73ec

summary The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being invalidated by bulk token revocation and allows the trustee to bypass intended access restrictions.

references

reference_url	http://rhn.redhat.com/errata/RHSA-2014-0580.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2014-0580.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-2237

reference_id

reference_type

scores

value	0.00188
scoring_system	epss
scoring_elements	0.40462
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-2237

reference_url

https://bugs.launchpad.net/keystone/+bug/1260080

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1260080

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/813d1254eb4f7a7d40009b23bbadbc4c5cc5daac

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/813d1254eb4f7a7d40009b23bbadbc4c5cc5daac

reference_url

https://github.com/openstack/keystone/commit/a411c944af78c36f2fdb87d305ba452dc52d7ed3

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/a411c944af78c36f2fdb87d305ba452dc52d7ed3

reference_url

https://github.com/openstack/keystone/commit/b6f0e26da0e2ab0892a5658da281a065e668637b

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/b6f0e26da0e2ab0892a5658da281a065e668637b

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-105.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-105.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-2237

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-2237

reference_url

https://rhn.redhat.com/errata/RHSA-2014-0580.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://rhn.redhat.com/errata/RHSA-2014-0580.html

reference_url

http://www.openwall.com/lists/oss-security/2014/03/04/16

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2014/03/04/16

reference_url	http://www.securityfocus.com/bid/65895
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/65895

fixed_packages

url	pkg:deb/debian/keystone@2013.2.3-1?distro=trixie
purl	pkg:deb/debian/keystone@2013.2.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.2.3-1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2014-2237, GHSA-23x9-8hxr-978c, PYSEC-2014-105

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fkcn-mcew-73ec

url VCID-frjc-ax3k-9bfb

vulnerability_id VCID-frjc-ax3k-9bfb

summary The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.

references

reference_url	http://osvdb.org/97237
reference_id
reference_type
scores
url	http://osvdb.org/97237

reference_url

http://rhn.redhat.com/errata/RHSA-2013-1285.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-1285.html

reference_url

https://access.redhat.com/errata/RHSA-2013:1285

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2013:1285

reference_url

https://access.redhat.com/security/cve/CVE-2013-4294

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2013-4294

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-4294

reference_id

reference_type

scores

value	0.008
scoring_system	epss
scoring_elements	0.74343
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4294

reference_url

https://bugs.launchpad.net/keystone/+bug/1202952

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1202952

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1004452

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1004452

reference_url

http://seclists.org/oss-sec/2013/q3/586

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/oss-sec/2013/q3/586

reference_url	http://secunia.com/advisories/54706
reference_id
reference_type
scores
url	http://secunia.com/advisories/54706

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-42.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-42.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-4294

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-4294

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.ubuntu.com/usn/USN-2002-1

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.ubuntu.com/usn/USN-2002-1

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722505
reference_id	722505
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722505

reference_url	https://usn.ubuntu.com/2002-1/
reference_id	USN-2002-1
reference_type
scores
url	https://usn.ubuntu.com/2002-1/

fixed_packages

url	pkg:deb/debian/keystone@2013.1.3-2?distro=trixie
purl	pkg:deb/debian/keystone@2013.1.3-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.1.3-2%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2013-4294, GHSA-5qpp-v56f-mqfm, PYSEC-2013-42

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-frjc-ax3k-9bfb

url VCID-n7dg-vndn-sfas

vulnerability_id VCID-n7dg-vndn-sfas

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-1572

reference_id

reference_type

scores

value	0.00416
scoring_system	epss
scoring_elements	0.62
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-1572

fixed_packages

url	pkg:deb/debian/keystone@2012.1~rc2-1?distro=trixie
purl	pkg:deb/debian/keystone@2012.1~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1~rc2-1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2012-1572

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n7dg-vndn-sfas

url VCID-p26s-ykym-c3bz

vulnerability_id VCID-p26s-ykym-c3bz

summary The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token.

references

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2014-5251

reference_url

reference_id

reference_type

scores

value	0.0031
scoring_system	epss
scoring_elements	0.54425
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-5251

reference_url

https://bugs.launchpad.net/keystone/+bug/1347961

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1347961

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/6cbf835542d62e6e5db4b4aef7141b1731cad9dc

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/6cbf835542d62e6e5db4b4aef7141b1731cad9dc

reference_url

https://github.com/openstack/keystone/commit/7aee6304f653475a4130dc3e5be602e91481f108

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/7aee6304f653475a4130dc3e5be602e91481f108

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-107.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-107.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-5251

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-5251

reference_url

http://www.openwall.com/lists/oss-security/2014/08/15/6

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2014/08/15/6

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url	https://usn.ubuntu.com/2324-1/
reference_id	USN-2324-1
reference_type
scores
url	https://usn.ubuntu.com/2324-1/

fixed_packages

url	pkg:deb/debian/keystone@2014.1.2.1-1?distro=trixie
purl	pkg:deb/debian/keystone@2014.1.2.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.2.1-1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2014-5251, GHSA-gmvp-5rf9-mxcm, PYSEC-2014-107

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p26s-ykym-c3bz

url VCID-p4f1-xubu-tuhd

vulnerability_id VCID-p4f1-xubu-tuhd

summary

Improper Authentication
CVE-2012-4456 Openstack Keystone 2012.1.1: fails to validate tokens in Admin API

references

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2012-4456

reference_url

reference_id

reference_type

scores

value	0.0395
scoring_system	epss
scoring_elements	0.88551
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-4456

reference_url

https://bugs.launchpad.net/keystone/+bug/1006815

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1006815

reference_url

https://bugs.launchpad.net/keystone/+bug/1006822

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1006822

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=861179

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=861179

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/78944

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/78944

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/14b136aed9d988f5a8f3e699bd4577c9b874d6c1

reference_url

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/14b136aed9d988f5a8f3e699bd4577c9b874d6c1

reference_url

https://github.com/openstack/keystone/commit/1d146f5c32e58a73a677d308370f147a3271c2cb

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/1d146f5c32e58a73a677d308370f147a3271c2cb

reference_url

https://github.com/openstack/keystone/commit/24df3adb3f50cbb5ada411bc67aba8a781e6a431

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/24df3adb3f50cbb5ada411bc67aba8a781e6a431

reference_url

https://github.com/openstack/keystone/commit/868054992faa45d6f42d822bf1588cb88d7c9ccb

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/868054992faa45d6f42d822bf1588cb88d7c9ccb

reference_url

https://lists.launchpad.net/openstack/msg17034.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.launchpad.net/openstack/msg17034.html

reference_url

https://web.archive.org/web/20121114024512/http://www.securityfocus.com/bid/55716

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20121114024512/http://www.securityfocus.com/bid/55716

reference_url

http://www.openwall.com/lists/oss-security/2012/09/28/5

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2012/09/28/5

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689210
reference_id	689210
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689210

reference_url

https://access.redhat.com/security/cve/CVE-2012-4456

reference_id

CVE-2012-4456

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2012-4456

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2012-4456

reference_id

CVE-2012-4456

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2012-4456

reference_url	https://github.com/advisories/GHSA-mf98-r2gf-2x3w
reference_id	GHSA-mf98-r2gf-2x3w
reference_type
scores
url	https://github.com/advisories/GHSA-mf98-r2gf-2x3w

fixed_packages

url	pkg:deb/debian/keystone@2012.1.1-9?distro=trixie
purl	pkg:deb/debian/keystone@2012.1.1-9?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1.1-9%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2012-4456, GHSA-mf98-r2gf-2x3w

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p4f1-xubu-tuhd

url VCID-p65f-wr97-p7c4

vulnerability_id VCID-p65f-wr97-p7c4

summary

Permission Issues
The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges.

references

reference_url	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4477
reference_id
reference_type
scores
url	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4477

reference_url

http://rhn.redhat.com/errata/RHSA-2014-0113.html

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-0113.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-4477

reference_id

reference_type

scores

value	0.00151
scoring_system	epss
scoring_elements	0.3547
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4477

reference_url

https://bugs.launchpad.net/keystone/+bug/1242855

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1242855

reference_url

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/b17e7bec768bd53d3977352486378698a3db3cfa

reference_url

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/b17e7bec768bd53d3977352486378698a3db3cfa

reference_url	https://github.com/openstack/keystone/commit/c6800c
reference_id
reference_type
scores
url	https://github.com/openstack/keystone/commit/c6800c

reference_url

https://github.com/openstack/keystone/commit/c6800ca1ac984c879e75826df6694d6199444ea0

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/c6800ca1ac984c879e75826df6694d6199444ea0

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-4477

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-4477

reference_url

http://www.openwall.com/lists/oss-security/2013/10/30/6

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2013/10/30/6

reference_url

http://www.ubuntu.com/usn/USN-2034-1

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.ubuntu.com/usn/USN-2034-1

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728233
reference_id	728233
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728233

reference_url	https://usn.ubuntu.com/2034-1/
reference_id	USN-2034-1
reference_type
scores
url	https://usn.ubuntu.com/2034-1/

fixed_packages

url	pkg:deb/debian/keystone@2013.2-2?distro=trixie
purl	pkg:deb/debian/keystone@2013.2-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.2-2%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2013-4477, GHSA-f889-wfwm-6p7m

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p65f-wr97-p7c4

url VCID-qdaz-sbtw-rka1

vulnerability_id VCID-qdaz-sbtw-rka1

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-5483

reference_id

reference_type

scores

value	0.00111
scoring_system	epss
scoring_elements	0.29178
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-5483

fixed_packages

url	pkg:deb/debian/keystone@0?distro=trixie
purl	pkg:deb/debian/keystone@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@0%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2012-5483

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qdaz-sbtw-rka1

url VCID-s22u-wrpf-qka1

vulnerability_id VCID-s22u-wrpf-qka1

summary An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. This results in the provided keystone token having more role assignments than the creator intended, possibly giving unintended escalated access.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-12690

reference_id

reference_type

scores

value	0.00817
scoring_system	epss
scoring_elements	0.74646
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-12690

reference_url

https://bugs.launchpad.net/keystone/+bug/1873290

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1873290

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/advisories/GHSA-6m8p-x4qw-gh5j

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-6m8p-x4qw-gh5j

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-54.yaml

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-54.yaml

reference_url

https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-12690

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-12690

reference_url

https://security.openstack.org/ossa/OSSA-2020-005.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.openstack.org/ossa/OSSA-2020-005.html

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2020/05/06/6

reference_url	https://usn.ubuntu.com/4480-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4480-1/

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2020/05/06/6

reference_url

http://www.openwall.com/lists/oss-security/2020/05/07/3

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2020/05/07/3

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900
reference_id	959900
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900

fixed_packages

url	pkg:deb/debian/keystone@2:17.0.0~rc2-1?distro=trixie
purl	pkg:deb/debian/keystone@2:17.0.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:17.0.0~rc2-1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2020-12690, GHSA-6m8p-x4qw-gh5j, PYSEC-2020-54

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s22u-wrpf-qka1

url VCID-s3e9-fyhc-v3g6

vulnerability_id VCID-s3e9-fyhc-v3g6

summary

OpenStack Keystone Denial of Service vulnerability via a large HTTP request
OpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a large HTTP request, as demonstrated by a long tenant_name when requesting a token.

references

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2013-0270

reference_url

reference_id

reference_type

scores

value	0.02681
scoring_system	epss
scoring_elements	0.86101
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-0270

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=909012

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=909012

reference_url

https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8

reference_url

https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276d6fdc

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276d6fdc

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2013-0270

reference_url

reference_id

CVE-2013-0270

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2013-0270

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-0270

reference_id

CVE-2013-0270

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-0270

reference_url

https://github.com/advisories/GHSA-4ppj-4p4v-jf4p

reference_id

GHSA-4ppj-4p4v-jf4p

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4ppj-4p4v-jf4p

fixed_packages

url	pkg:deb/debian/keystone@2013.1.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2013.1.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.1.1-2%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2013-0270, GHSA-4ppj-4p4v-jf4p

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s3e9-fyhc-v3g6

url VCID-s6zk-39jp-q3ch

vulnerability_id VCID-s6zk-39jp-q3ch

summary The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, related to an "interaction between eventlet and python-memcached."

references

reference_url

http://rhn.redhat.com/errata/RHSA-2014-0382.html

reference_id

reference_type

scores

value	6.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-0382.html

reference_url

http://rhn.redhat.com/errata/RHSA-2014-0409.html

reference_id

reference_type

scores

value	6.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-0409.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-0105

reference_id

reference_type

scores

value	0.00455
scoring_system	epss
scoring_elements	0.64137
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-0105

reference_url

https://bugs.launchpad.net/python-keystoneclient/+bug/1282865

reference_id

reference_type

scores

value	6.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/python-keystoneclient/+bug/1282865

reference_url

reference_id

reference_type

scores

value	6.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/python-keystoneclient/PYSEC-2014-70.yaml

reference_url

reference_id

reference_type

scores

value	6.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/python-keystoneclient/PYSEC-2014-70.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-0105

reference_id

reference_type

scores

value	6.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-0105

reference_url

https://review.opendev.org/c/openstack/python-keystoneclient/+/81078

reference_id

reference_type

scores

value	6.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://review.opendev.org/c/openstack/python-keystoneclient/+/81078

reference_url

http://www.openwall.com/lists/oss-security/2014/03/27/4

reference_id

reference_type

scores

value	6.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

value	2.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2014/03/27/4

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742898
reference_id	742898
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742898

fixed_packages

url	pkg:deb/debian/keystone@2013.1.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2013.1.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.1.1-2%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2014-0105, GHSA-gwvq-rgqf-993f, PYSEC-2014-70

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s6zk-39jp-q3ch

url VCID-teaz-ujhd-eud6

vulnerability_id VCID-teaz-ujhd-eud6

summary python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires.

references

reference_url

http://lists.opensuse.org/opensuse-updates/2013-06/msg00198.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-updates/2013-06/msg00198.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-0944.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-0944.html

reference_url

https://access.redhat.com/errata/RHSA-2013:0944

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2013:0944

reference_url

https://access.redhat.com/security/cve/CVE-2013-2104

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2013-2104

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-2104

reference_id

reference_type

scores

value	0.0065
scoring_system	epss
scoring_elements	0.71174
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-2104

reference_url

https://bugs.launchpad.net/python-keystoneclient/+bug/1179615

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/python-keystoneclient/+bug/1179615

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=965852

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=965852

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/python-keystoneclient/PYSEC-2014-69.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/python-keystoneclient/PYSEC-2014-69.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-2104

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-2104

reference_url

http://www.openwall.com/lists/oss-security/2013/05/28/7

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2013/05/28/7

reference_url

http://www.ubuntu.com/usn/USN-1851-1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.ubuntu.com/usn/USN-1851-1

reference_url

http://www.ubuntu.com/usn/USN-1875-1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.ubuntu.com/usn/USN-1875-1

reference_url	https://usn.ubuntu.com/1851-1/
reference_id	USN-1851-1
reference_type
scores
url	https://usn.ubuntu.com/1851-1/

reference_url	https://usn.ubuntu.com/1875-1/
reference_id	USN-1875-1
reference_type
scores
url	https://usn.ubuntu.com/1875-1/

fixed_packages

url	pkg:deb/debian/keystone@0?distro=trixie
purl	pkg:deb/debian/keystone@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@0%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2013-2104, GHSA-4rrr-j7ff-r844, PYSEC-2014-69

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-teaz-ujhd-eud6

url VCID-tpjj-q1mx-j7en

vulnerability_id VCID-tpjj-q1mx-j7en

summary

OpenStack Keystone allows /v3/ec2tokens or /v3/s3tokens request with valid AWS Signature to provide Keystone authorization.
OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65073.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65073.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-65073

reference_id

reference_type

scores

value	0.00031
scoring_system	epss
scoring_elements	0.09478
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-65073

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2025/11/04/2

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-17T16:34:17Z/

url

https://www.openwall.com/lists/oss-security/2025/11/04/2

reference_url

http://www.openwall.com/lists/oss-security/2025/11/17/6

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2025/11/17/6

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120053
reference_id	1120053
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120053

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2415344
reference_id	2415344
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2415344

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-65073

reference_id

CVE-2025-65073

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-65073

reference_url

https://github.com/advisories/GHSA-hcqg-5g63-7j9h

reference_id

GHSA-hcqg-5g63-7j9h

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hcqg-5g63-7j9h

reference_url	https://access.redhat.com/errata/RHSA-2026:1958
reference_id	RHSA-2026:1958
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1958

reference_url	https://usn.ubuntu.com/7926-1/
reference_id	USN-7926-1
reference_type
scores
url	https://usn.ubuntu.com/7926-1/

fixed_packages

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:18.1.0-1%2Bdeb11u2?distro=trixie
purl	pkg:deb/debian/keystone@2:18.1.0-1%2Bdeb11u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.1.0-1%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:28.0.0-2?distro=trixie
purl	pkg:deb/debian/keystone@2:28.0.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:28.0.0-2%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2025-65073, GHSA-hcqg-5g63-7j9h

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tpjj-q1mx-j7en

url VCID-u2xc-r1jm-p3hy

vulnerability_id VCID-u2xc-r1jm-p3hy

summary

OpenStack Keystone and other components vulnerable to Improper Certificate Validation
HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-2255

reference_id

reference_type

scores

value	0.00414
scoring_system	epss
scoring_elements	0.61898
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-2255

reference_url

https://bugs.launchpad.net/ossn/+bug/1188189

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/ossn/+bug/1188189

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2255

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2255

reference_url

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-2255

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-2255

reference_url

https://exchange.xforce.ibmcloud.com/vulnerabilities/85562

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://exchange.xforce.ibmcloud.com/vulnerabilities/85562

reference_url

https://github.com/openstack/cinder/commit/0f9652d92e175a1f7dc3c2a37ab444b8f189375a

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/cinder/commit/0f9652d92e175a1f7dc3c2a37ab444b8f189375a

reference_url

https://github.com/openstack/keystone/commit/5bd4c2984d329625a2a8442b316fa235dbb88a3d

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/5bd4c2984d329625a2a8442b316fa235dbb88a3d

reference_url

https://github.com/openstack/neutron/commit/7255e056092f034daaeb4246a812900645d46911

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/neutron/commit/7255e056092f034daaeb4246a812900645d46911

reference_url

https://github.com/openstack/python-keystoneclient/commit/20e166fd8a943ee3f91ba362a47e9c14c7cc5f4c

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/python-keystoneclient/commit/20e166fd8a943ee3f91ba362a47e9c14c7cc5f4c

reference_url

https://web.archive.org/web/20200229073508/https://www.securityfocus.com/bid/61118

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200229073508/https://www.securityfocus.com/bid/61118

reference_url

https://access.redhat.com/security/cve/cve-2013-2255

reference_id

CVE-2013-2255

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/cve-2013-2255

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-2255

reference_id

CVE-2013-2255

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-2255

reference_url

https://security-tracker.debian.org/tracker/CVE-2013-2255

reference_id

CVE-2013-2255

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security-tracker.debian.org/tracker/CVE-2013-2255

reference_url

https://github.com/advisories/GHSA-qh2x-hpf9-cf2g

reference_id

GHSA-qh2x-hpf9-cf2g

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-qh2x-hpf9-cf2g

fixed_packages

url	pkg:deb/debian/keystone@2014.1-1?distro=trixie
purl	pkg:deb/debian/keystone@2014.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1-1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2013-2255, GHSA-qh2x-hpf9-cf2g

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u2xc-r1jm-p3hy

url VCID-vate-thdr-p7g8

vulnerability_id VCID-vate-thdr-p7g8

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-38155

reference_id

reference_type

scores

value	0.00737
scoring_system	epss
scoring_elements	0.73152
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-38155

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/1b573ae7d1c20e0ebfbde79bbe7538a09589c75d

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/1b573ae7d1c20e0ebfbde79bbe7538a09589c75d

reference_url

https://github.com/openstack/keystone/commit/8ab4eb27be4c13c9bab2b3ea700f00a190521bf8

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/8ab4eb27be4c13c9bab2b3ea700f00a190521bf8

reference_url

https://github.com/openstack/keystone/commit/ac2631ae33445877094cdae796fbcdce8833a626

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/ac2631ae33445877094cdae796fbcdce8833a626

reference_url

https://launchpad.net/bugs/1688137

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://launchpad.net/bugs/1688137

reference_url

https://lists.debian.org/debian-lts-announce/2024/01/msg00007.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/01/msg00007.html

reference_url

https://security.openstack.org/ossa/OSSA-2021-003.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.openstack.org/ossa/OSSA-2021-003.html

reference_url

http://www.openwall.com/lists/oss-security/2021/08/10/5

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2021/08/10/5

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992070
reference_id	992070
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992070

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-38155

reference_id

CVE-2021-38155

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-38155

reference_url

https://github.com/advisories/GHSA-4225-97pr-rr52

reference_id

GHSA-4225-97pr-rr52

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-4225-97pr-rr52

fixed_packages

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:19.0.0-3?distro=trixie
purl	pkg:deb/debian/keystone@2:19.0.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:19.0.0-3%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2021-38155, GHSA-4225-97pr-rr52

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vate-thdr-p7g8

url VCID-vxfp-w2jv-uyhp

vulnerability_id VCID-vxfp-w2jv-uyhp

summary The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification (1) GET or (2) HEAD request to v3/auth/tokens/.

references

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2014-5252

reference_url

reference_id

reference_type

scores

value	0.00287
scoring_system	epss
scoring_elements	0.52411
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-5252

reference_url

https://bugs.launchpad.net/keystone/+bug/1348820

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1348820

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/556fb860311675fc437585651e4602b2908451eb

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/556fb860311675fc437585651e4602b2908451eb

reference_url

https://github.com/openstack/keystone/commit/a4c73e4382cb062aa9f30fe1960d5014d3c49cc2

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/a4c73e4382cb062aa9f30fe1960d5014d3c49cc2

reference_url

https://github.com/openstack/keystone/commit/bdb88c662ac2035f9b0d8a229a5db5f60f5f16ae

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/bdb88c662ac2035f9b0d8a229a5db5f60f5f16ae

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-108.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-108.yaml

reference_url

http://www.openwall.com/lists/oss-security/2014/08/15/6

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2014/08/15/6

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-5252

reference_url

reference_id

CVE-2014-5252

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-5252

reference_url	https://github.com/advisories/GHSA-v8fq-gq9j-3v7h
reference_id	GHSA-v8fq-gq9j-3v7h
reference_type
scores
url	https://github.com/advisories/GHSA-v8fq-gq9j-3v7h

reference_url	https://usn.ubuntu.com/2324-1/
reference_id	USN-2324-1
reference_type
scores
url	https://usn.ubuntu.com/2324-1/

fixed_packages

url	pkg:deb/debian/keystone@2014.1.2.1-1?distro=trixie
purl	pkg:deb/debian/keystone@2014.1.2.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.2.1-1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2014-5252, GHSA-v8fq-gq9j-3v7h, PYSEC-2014-108

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vxfp-w2jv-uyhp

url VCID-w7kc-5swx-cfcr

vulnerability_id VCID-w7kc-5swx-cfcr

summary OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforce_scope is false. Users with a role on a project are able to view any other users' credentials, which could (for example) leak sign-on information for Time-based One Time Passwords (TOTP). Deployments with enforce_scope set to false are affected. (There will be a slight performance impact for the list credentials API once this issue is fixed.)

references

reference_url

https://access.redhat.com/errata/RHSA-2019:4358

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:4358

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-19687

reference_id

reference_type

scores

value	0.00728
scoring_system	epss
scoring_elements	0.72935
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-19687

reference_url

https://bugs.launchpad.net/keystone/+bug/1855080

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1855080

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1781470

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1781470

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/17947516b0095c51da5cff94771247f2e7c44ee6

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/17947516b0095c51da5cff94771247f2e7c44ee6

reference_url

https://github.com/openstack/keystone/commit/17c337dbdbfb9d548ad531c2ad0483c9bce5b98f

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/17c337dbdbfb9d548ad531c2ad0483c9bce5b98f

reference_url

https://github.com/openstack/keystone/commit/bd3f63787151183f4daa43578aa491856fefae5b

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/bd3f63787151183f4daa43578aa491856fefae5b

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2019-29.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2019-29.yaml

reference_url

https://git.openstack.org/cgit/openstack/keystone/commit/?id=17947516b0095c51da5cff94771247f2e7c44ee6

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://git.openstack.org/cgit/openstack/keystone/commit/?id=17947516b0095c51da5cff94771247f2e7c44ee6

reference_url

https://git.openstack.org/cgit/openstack/keystone/commit/?id=17c337dbdbfb9d548ad531c2ad0483c9bce5b98f

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://git.openstack.org/cgit/openstack/keystone/commit/?id=17c337dbdbfb9d548ad531c2ad0483c9bce5b98f

reference_url

https://git.openstack.org/cgit/openstack/keystone/commit/?id=bd3f63787151183f4daa43578aa491856fefae5b

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://git.openstack.org/cgit/openstack/keystone/commit/?id=bd3f63787151183f4daa43578aa491856fefae5b

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-19687

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-19687

reference_url

https://review.opendev.org/#/c/697355

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://review.opendev.org/#/c/697355

reference_url	https://review.opendev.org/#/c/697355/
reference_id
reference_type
scores
url	https://review.opendev.org/#/c/697355/

reference_url

https://review.opendev.org/#/c/697611

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://review.opendev.org/#/c/697611

reference_url	https://review.opendev.org/#/c/697611/
reference_id
reference_type
scores
url	https://review.opendev.org/#/c/697611/

reference_url

https://review.opendev.org/#/c/697731

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://review.opendev.org/#/c/697731

reference_url	https://review.opendev.org/#/c/697731/
reference_id
reference_type
scores
url	https://review.opendev.org/#/c/697731/

reference_url

https://security.openstack.org/ossa/OSSA-2019-006.html

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.openstack.org/ossa/OSSA-2019-006.html

reference_url

https://usn.ubuntu.com/4262-1

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://usn.ubuntu.com/4262-1

reference_url	https://usn.ubuntu.com/4262-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/4262-1/

reference_url

http://www.openwall.com/lists/oss-security/2019/12/11/8

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2019/12/11/8

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946614
reference_id	946614
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946614

fixed_packages

url	pkg:deb/debian/keystone@2:16.0.0-5?distro=trixie
purl	pkg:deb/debian/keystone@2:16.0.0-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:16.0.0-5%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2019-19687, GHSA-2j23-fwqm-mgwr, PYSEC-2019-29

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w7kc-5swx-cfcr

url VCID-wqan-zj86-jkdc

vulnerability_id VCID-wqan-zj86-jkdc

summary The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the same authentication method in a request, aka "authentication chaining."

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2014-2828

reference_url

reference_id

reference_type

scores

value	0.00864
scoring_system	epss
scoring_elements	0.75413
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-2828

reference_url

https://bugs.launchpad.net/keystone/+bug/1300274

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1300274

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/ce6cedb30c5c4b4cf4db9380f09443de22414b39

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/ce6cedb30c5c4b4cf4db9380f09443de22414b39

reference_url

https://github.com/openstack/keystone/commit/e364ba5b12de8e4c11bd80bcca903f9615dcfc2e

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/e364ba5b12de8e4c11bd80bcca903f9615dcfc2e

reference_url

https://github.com/openstack/keystone/commit/ef868ad92c00e23a4a5e9eb71e3e0bf5ae2fff0c

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/keystone/commit/ef868ad92c00e23a4a5e9eb71e3e0bf5ae2fff0c

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-106.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-106.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-2828

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-2828

reference_url

http://www.openwall.com/lists/oss-security/2014/04/10/20

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2014/04/10/20

fixed_packages

url	pkg:deb/debian/keystone@2014.1-1?distro=trixie
purl	pkg:deb/debian/keystone@2014.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1-1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-86d1-vsfn-ruah

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie

url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2d7v-rmys-akfg

vulnerability	VCID-3vnr-dg8w-4qg6

vulnerability	VCID-7k2c-zp2n-pbek

vulnerability	VCID-nctt-8ksu-5ud5

vulnerability	VCID-tyh8-xsy3-efeh

vulnerability	VCID-w3tv-9q89-b3f3

vulnerability	VCID-x278-p5ca-h7d4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl	pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie

aliases CVE-2014-2828, GHSA-6mv3-p2gr-wgqf, PYSEC-2014-106

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wqan-zj86-jkdc

url VCID-yjea-kp75-rfeu

vulnerability_id VCID-yjea-kp75-rfeu

summary

references

reference_url

http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2013-1665

reference_url

reference_id

reference_type

scores

value	0.02995
scoring_system	epss
scoring_elements	0.86795
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-1665

reference_url

https://bugs.launchpad.net/keystone/+bug/1100279

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/keystone/+bug/1100279

reference_url

https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40

reference_url

https://github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-1665

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-1665

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url