Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/196111?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/196111?format=api", "purl": "pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u3", "type": "deb", "namespace": "debian", "name": "keystone", "version": "2:27.0.0-3+deb13u3", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63363?format=api", "vulnerability_id": "VCID-5ucj-ubyb-27fx", "summary": "openstack-keystone: OpenStack Keystone: Privilege escalation through EC2 credential creation", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33551.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33551.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33551", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09278", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09353", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09338", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.09998", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33551" }, { "reference_url": "https://bugs.launchpad.net/keystone/+bug/2142138", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T13:50:09Z/" } ], "url": "https://bugs.launchpad.net/keystone/+bug/2142138" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33551", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33551" }, { "reference_url": "https://github.com/openstack/keystone", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33551", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33551" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2026-005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T13:50:09Z/" } ], "url": "https://security.openstack.org/ossa/OSSA-2026-005.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/04/07/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/04/07/12" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133118", "reference_id": "1133118", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133118" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451037", "reference_id": "2451037", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451037" }, { "reference_url": "https://github.com/advisories/GHSA-4phw-6824-6cfp", "reference_id": "GHSA-4phw-6824-6cfp", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4phw-6824-6cfp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196108?format=api", "purl": "pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ucj-ubyb-27fx" }, { "vulnerability": "VCID-7b5p-zqzm-3few" }, { "vulnerability": "VCID-cage-qr17-fude" }, { "vulnerability": "VCID-eszc-r2p1-xkcv" }, { "vulnerability": "VCID-g2mr-xac1-jue9" }, { "vulnerability": "VCID-hyts-mq72-z7de" }, { "vulnerability": "VCID-v6q4-3362-fyde" }, { "vulnerability": "VCID-z3ub-exq4-4qgg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/196109?format=api", "purl": "pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/196111?format=api", "purl": "pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u3" } ], "aliases": [ "CVE-2026-33551", "GHSA-4phw-6824-6cfp", "PYSEC-2026-202" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5ucj-ubyb-27fx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59291?format=api", "vulnerability_id": "VCID-7b5p-zqzm-3few", "summary": "openstack-keystone: OpenStack Keystone: Unauthorized access and privilege escalation via arbitrary policy attribute injection", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42999.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42999.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42999", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12666", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12781", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12785", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12748", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42999" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42999", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42999" }, { "reference_url": "https://bugs.launchpad.net/keystone/+bug/2148398", "reference_id": "2148398", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:42:13Z/" } ], "url": "https://bugs.launchpad.net/keystone/+bug/2148398" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482840", "reference_id": "2482840", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482840" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2026-015.html", "reference_id": "OSSA-2026-015.html", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:42:13Z/" } ], "url": "https://security.openstack.org/ossa/OSSA-2026-015.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196108?format=api", "purl": "pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ucj-ubyb-27fx" }, { "vulnerability": "VCID-7b5p-zqzm-3few" }, { "vulnerability": "VCID-cage-qr17-fude" }, { "vulnerability": "VCID-eszc-r2p1-xkcv" }, { "vulnerability": "VCID-g2mr-xac1-jue9" }, { "vulnerability": "VCID-hyts-mq72-z7de" }, { "vulnerability": "VCID-v6q4-3362-fyde" }, { "vulnerability": "VCID-z3ub-exq4-4qgg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/196109?format=api", "purl": "pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/196111?format=api", "purl": "pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u3" } ], "aliases": [ "CVE-2026-42999" ], "risk_score": 3.8, "exploitability": "0.5", "weighted_severity": "7.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7b5p-zqzm-3few" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62815?format=api", "vulnerability_id": "VCID-cage-qr17-fude", "summary": "OpenStack Keystone: OpenStack Keystone: Unauthorized access due to incorrect LDAP user status handling", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40683.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40683.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40683", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06015", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07498", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07512", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.0752", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40683" }, { "reference_url": "https://bugs.launchpad.net/keystone/+bug/2121152", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T20:14:37Z/" } ], "url": "https://bugs.launchpad.net/keystone/+bug/2121152" }, { "reference_url": "https://bugs.launchpad.net/keystone/+bug/2141713", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T20:14:37Z/" } ], "url": "https://bugs.launchpad.net/keystone/+bug/2141713" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40683", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40683" }, { "reference_url": "https://github.com/openstack/keystone", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40683", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40683" }, { "reference_url": "https://review.opendev.org/958205", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T20:14:37Z/" } ], "url": "https://review.opendev.org/958205" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2026/04/14/9", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T20:14:37Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2026/04/14/9" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133884", "reference_id": "1133884", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133884" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458472", "reference_id": "2458472", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458472" }, { "reference_url": "https://github.com/advisories/GHSA-pfx2-9x9m-7ghx", "reference_id": "GHSA-pfx2-9x9m-7ghx", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pfx2-9x9m-7ghx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196108?format=api", "purl": "pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ucj-ubyb-27fx" }, { "vulnerability": "VCID-7b5p-zqzm-3few" }, { "vulnerability": "VCID-cage-qr17-fude" }, { "vulnerability": "VCID-eszc-r2p1-xkcv" }, { "vulnerability": "VCID-g2mr-xac1-jue9" }, { "vulnerability": "VCID-hyts-mq72-z7de" }, { "vulnerability": "VCID-v6q4-3362-fyde" }, { "vulnerability": "VCID-z3ub-exq4-4qgg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/196109?format=api", "purl": "pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/196111?format=api", "purl": "pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u3" } ], "aliases": [ "CVE-2026-40683", "GHSA-pfx2-9x9m-7ghx" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cage-qr17-fude" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59289?format=api", "vulnerability_id": "VCID-eszc-r2p1-xkcv", "summary": "openstack-keystone: OpenStack Keystone: User impersonation and unauthorized access via insufficient application credential verification.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42998.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42998.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42998", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19944", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20054", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20049", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.2001", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42998" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42998", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42998" }, { "reference_url": "https://bugs.launchpad.net/keystone/+bug/2148477", "reference_id": "2148477", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:38:16Z/" } ], "url": "https://bugs.launchpad.net/keystone/+bug/2148477" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482825", "reference_id": "2482825", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482825" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2026-015.html", "reference_id": "OSSA-2026-015.html", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:38:16Z/" } ], "url": "https://security.openstack.org/ossa/OSSA-2026-015.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196108?format=api", "purl": "pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ucj-ubyb-27fx" }, { "vulnerability": "VCID-7b5p-zqzm-3few" }, { "vulnerability": "VCID-cage-qr17-fude" }, { "vulnerability": "VCID-eszc-r2p1-xkcv" }, { "vulnerability": "VCID-g2mr-xac1-jue9" }, { "vulnerability": "VCID-hyts-mq72-z7de" }, { "vulnerability": "VCID-v6q4-3362-fyde" }, { "vulnerability": "VCID-z3ub-exq4-4qgg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/196109?format=api", "purl": "pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/196111?format=api", "purl": "pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u3" } ], "aliases": [ "CVE-2026-42998" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eszc-r2p1-xkcv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59290?format=api", "vulnerability_id": "VCID-hyts-mq72-z7de", "summary": "keystone: OpenStack Keystone: Privilege escalation via chained application credential impersonation and trust misuse", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43000.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43000.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43000", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12666", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12781", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12785", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12748", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43000" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43000", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43000" }, { "reference_url": "https://bugs.launchpad.net/keystone/+bug/2148477", "reference_id": "2148477", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:41:32Z/" } ], "url": "https://bugs.launchpad.net/keystone/+bug/2148477" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482826", "reference_id": "2482826", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482826" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2026-015.html", "reference_id": "OSSA-2026-015.html", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:41:32Z/" } ], "url": "https://security.openstack.org/ossa/OSSA-2026-015.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196108?format=api", "purl": "pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ucj-ubyb-27fx" }, { "vulnerability": "VCID-7b5p-zqzm-3few" }, { "vulnerability": "VCID-cage-qr17-fude" }, { "vulnerability": "VCID-eszc-r2p1-xkcv" }, { "vulnerability": "VCID-g2mr-xac1-jue9" }, { "vulnerability": "VCID-hyts-mq72-z7de" }, { "vulnerability": "VCID-v6q4-3362-fyde" }, { "vulnerability": "VCID-z3ub-exq4-4qgg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/196109?format=api", "purl": "pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/196111?format=api", "purl": "pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u3" } ], "aliases": [ "CVE-2026-43000" ], "risk_score": 3.8, "exploitability": "0.5", "weighted_severity": "7.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hyts-mq72-z7de" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59292?format=api", "vulnerability_id": "VCID-v6q4-3362-fyde", "summary": "openstack-keystone: OpenStack Keystone: Federated token rescoping allows indefinite access", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-44394.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-44394.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44394", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16663", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16785", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16781", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00052", "scoring_system": "epss", "scoring_elements": "0.16745", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-44394" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44394", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44394" }, { "reference_url": "https://bugs.launchpad.net/keystone/+bug/2150379", "reference_id": "2150379", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:42:48Z/" } ], "url": "https://bugs.launchpad.net/keystone/+bug/2150379" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482842", "reference_id": "2482842", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482842" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2026-015.html", "reference_id": "OSSA-2026-015.html", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:42:48Z/" } ], "url": "https://security.openstack.org/ossa/OSSA-2026-015.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196108?format=api", "purl": "pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ucj-ubyb-27fx" }, { "vulnerability": "VCID-7b5p-zqzm-3few" }, { "vulnerability": "VCID-cage-qr17-fude" }, { "vulnerability": "VCID-eszc-r2p1-xkcv" }, { "vulnerability": "VCID-g2mr-xac1-jue9" }, { "vulnerability": "VCID-hyts-mq72-z7de" }, { "vulnerability": "VCID-v6q4-3362-fyde" }, { "vulnerability": "VCID-z3ub-exq4-4qgg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/196109?format=api", "purl": "pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/196111?format=api", "purl": "pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u3" } ], "aliases": [ "CVE-2026-44394" ], "risk_score": 2.2, "exploitability": "0.5", "weighted_severity": "4.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v6q4-3362-fyde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61393?format=api", "vulnerability_id": "VCID-z3ub-exq4-4qgg", "summary": "OpenStack Keystone: OpenStack Keystone: Unauthorized cross-project access due to improper validation in EC2 credential creation", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43001.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43001.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43001", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04681", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04747", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04732", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04719", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-43001" }, { "reference_url": "https://bugs.launchpad.net/keystone/+bug/2149775", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T13:28:01Z/" } ], "url": "https://bugs.launchpad.net/keystone/+bug/2149775" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43001" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43001", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43001" }, { "reference_url": "https://review.opendev.org/c/openstack/keystone", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.opendev.org/c/openstack/keystone" }, { "reference_url": "https://review.opendev.org/c/openstack/keystone/+/985804", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T13:28:01Z/" } ], "url": "https://review.opendev.org/c/openstack/keystone/+/985804" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135645", "reference_id": "1135645", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135645" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464305", "reference_id": "2464305", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464305" }, { "reference_url": "https://github.com/advisories/GHSA-hhq2-3832-xxcv", "reference_id": "GHSA-hhq2-3832-xxcv", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hhq2-3832-xxcv" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2026-015.html", "reference_id": "OSSA-2026-015.html", "reference_type": "", "scores": [ { "value": "7.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T13:28:01Z/" } ], "url": "https://security.openstack.org/ossa/OSSA-2026-015.html" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196108?format=api", "purl": "pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5ucj-ubyb-27fx" }, { "vulnerability": "VCID-7b5p-zqzm-3few" }, { "vulnerability": "VCID-cage-qr17-fude" }, { "vulnerability": "VCID-eszc-r2p1-xkcv" }, { "vulnerability": "VCID-g2mr-xac1-jue9" }, { "vulnerability": "VCID-hyts-mq72-z7de" }, { "vulnerability": "VCID-v6q4-3362-fyde" }, { "vulnerability": "VCID-z3ub-exq4-4qgg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/196109?format=api", "purl": "pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/196111?format=api", "purl": "pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u3" } ], "aliases": [ "CVE-2026-43001", "GHSA-hhq2-3832-xxcv" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z3ub-exq4-4qgg" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u3" }