Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/keystonemiddleware@1.1.0
Typepypi
Namespace
Namekeystonemiddleware
Version1.1.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.3.3
Latest_non_vulnerable_version4.1.0
Affected_by_vulnerabilities
0
url VCID-5st1-zx32-3yfw
vulnerability_id VCID-5st1-zx32-3yfw
summary The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate, a different vulnerability than CVE-2014-7144.
references
0
reference_url http://lists.openstack.org/pipermail/openstack-announce/2015-April/000350.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.openstack.org/pipermail/openstack-announce/2015-April/000350.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2015-1677.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-1677.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2015-1685.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-1685.html
3
reference_url https://access.redhat.com/errata/RHSA-2015:1677
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2015:1677
4
reference_url https://access.redhat.com/errata/RHSA-2015:1685
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2015:1685
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1852.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1852.json
6
reference_url https://access.redhat.com/security/cve/CVE-2015-1852
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2015-1852
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-1852
reference_id
reference_type
scores
0
value 0.00219
scoring_system epss
scoring_elements 0.44582
published_at 2026-04-18T12:55:00Z
1
value 0.00219
scoring_system epss
scoring_elements 0.44462
published_at 2026-04-01T12:55:00Z
2
value 0.00219
scoring_system epss
scoring_elements 0.44532
published_at 2026-04-02T12:55:00Z
3
value 0.00219
scoring_system epss
scoring_elements 0.44553
published_at 2026-04-04T12:55:00Z
4
value 0.00219
scoring_system epss
scoring_elements 0.44492
published_at 2026-04-07T12:55:00Z
5
value 0.00219
scoring_system epss
scoring_elements 0.44542
published_at 2026-04-08T12:55:00Z
6
value 0.00219
scoring_system epss
scoring_elements 0.44547
published_at 2026-04-09T12:55:00Z
7
value 0.00219
scoring_system epss
scoring_elements 0.44564
published_at 2026-04-11T12:55:00Z
8
value 0.00219
scoring_system epss
scoring_elements 0.44534
published_at 2026-04-12T12:55:00Z
9
value 0.00219
scoring_system epss
scoring_elements 0.44535
published_at 2026-04-13T12:55:00Z
10
value 0.00219
scoring_system epss
scoring_elements 0.44591
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-1852
8
reference_url https://bugs.launchpad.net/keystonemiddleware/+bug/1411063
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystonemiddleware/+bug/1411063
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1209527
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1209527
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1852
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1852
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystonemiddleware/PYSEC-2015-30.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystonemiddleware/PYSEC-2015-30.yaml
12
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/python-keystoneclient/PYSEC-2015-31.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/python-keystoneclient/PYSEC-2015-31.yaml
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-1852
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-1852
14
reference_url https://web.archive.org/web/20200228060649/http://www.securityfocus.com/bid/74187
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228060649/http://www.securityfocus.com/bid/74187
15
reference_url http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
16
reference_url http://www.securityfocus.com/bid/74187
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/74187
17
reference_url http://www.ubuntu.com/usn/USN-2705-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2705-1
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783164
reference_id 783164
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783164
19
reference_url https://github.com/advisories/GHSA-p9wq-mjh8-q72m
reference_id GHSA-p9wq-mjh8-q72m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p9wq-mjh8-q72m
20
reference_url https://usn.ubuntu.com/2705-1/
reference_id USN-2705-1
reference_type
scores
url https://usn.ubuntu.com/2705-1/
fixed_packages
0
url pkg:pypi/keystonemiddleware@1.6.0
purl pkg:pypi/keystonemiddleware@1.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-844e-r6mn-bqh5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystonemiddleware@1.6.0
aliases CVE-2015-1852, GHSA-p9wq-mjh8-q72m, PYSEC-2015-30, PYSEC-2015-31
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5st1-zx32-3yfw
1
url VCID-79rs-7766-4ycf
vulnerability_id VCID-79rs-7766-4ycf
summary OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2014-1783.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1783.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-1784.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1784.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2015-0020.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2015-0020.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7144.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7144.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-7144
reference_id
reference_type
scores
0
value 0.00365
scoring_system epss
scoring_elements 0.5852
published_at 2026-04-04T12:55:00Z
1
value 0.00365
scoring_system epss
scoring_elements 0.5855
published_at 2026-04-09T12:55:00Z
2
value 0.00365
scoring_system epss
scoring_elements 0.58564
published_at 2026-04-18T12:55:00Z
3
value 0.00365
scoring_system epss
scoring_elements 0.5856
published_at 2026-04-16T12:55:00Z
4
value 0.00365
scoring_system epss
scoring_elements 0.58526
published_at 2026-04-13T12:55:00Z
5
value 0.00365
scoring_system epss
scoring_elements 0.58546
published_at 2026-04-12T12:55:00Z
6
value 0.00365
scoring_system epss
scoring_elements 0.58566
published_at 2026-04-11T12:55:00Z
7
value 0.00365
scoring_system epss
scoring_elements 0.58415
published_at 2026-04-01T12:55:00Z
8
value 0.00365
scoring_system epss
scoring_elements 0.58543
published_at 2026-04-08T12:55:00Z
9
value 0.00365
scoring_system epss
scoring_elements 0.58491
published_at 2026-04-07T12:55:00Z
10
value 0.00365
scoring_system epss
scoring_elements 0.585
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-7144
5
reference_url https://bugs.launchpad.net/python-keystoneclient/+bug/1353315
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/python-keystoneclient/+bug/1353315
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7144
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7144
7
reference_url http://secunia.com/advisories/62709
reference_id
reference_type
scores
url http://secunia.com/advisories/62709
8
reference_url https://github.com/openstack/ossa/blob/23e15de721f4a6890374a231d93524e02965a97f/ossa/OSSA-2014-030.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/ossa/blob/23e15de721f4a6890374a231d93524e02965a97f/ossa/OSSA-2014-030.yaml
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystonemiddleware/PYSEC-2014-26.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystonemiddleware/PYSEC-2014-26.yaml
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/python-keystoneclient/PYSEC-2014-71.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/python-keystoneclient/PYSEC-2014-71.yaml
11
reference_url https://web.archive.org/web/20200228053850/http://www.securityfocus.com/bid/69864
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228053850/http://www.securityfocus.com/bid/69864
12
reference_url https://web.archive.org/web/20200228060511/https://www.securityfocus.com/bid/69864
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228060511/https://www.securityfocus.com/bid/69864
13
reference_url http://www.openwall.com/lists/oss-security/2014/09/25/51
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/09/25/51
14
reference_url http://www.securityfocus.com/bid/69864
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/69864
15
reference_url http://www.ubuntu.com/usn/USN-2705-1
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2705-1
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1143808
reference_id 1143808
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1143808
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762748
reference_id 762748
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762748
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762749
reference_id 762749
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762749
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystonemiddleware:1.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystonemiddleware:1.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystonemiddleware:1.0.0:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystonemiddleware:1.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystonemiddleware:1.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystonemiddleware:1.1.0:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystonemiddleware:1.1.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystonemiddleware:1.1.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystonemiddleware:1.1.1:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:python-keystoneclient:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:python-keystoneclient:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:python-keystoneclient:*:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-7144
reference_id CVE-2014-7144
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:P/A:N
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-7144
24
reference_url https://github.com/advisories/GHSA-7f2c-vp52-gmfw
reference_id GHSA-7f2c-vp52-gmfw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7f2c-vp52-gmfw
25
reference_url https://access.redhat.com/errata/RHSA-2014:1783
reference_id RHSA-2014:1783
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:1783
26
reference_url https://access.redhat.com/errata/RHSA-2014:1784
reference_id RHSA-2014:1784
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:1784
27
reference_url https://access.redhat.com/errata/RHSA-2015:0020
reference_id RHSA-2015:0020
reference_type
scores
url https://access.redhat.com/errata/RHSA-2015:0020
28
reference_url https://usn.ubuntu.com/2705-1/
reference_id USN-2705-1
reference_type
scores
url https://usn.ubuntu.com/2705-1/
fixed_packages
0
url pkg:pypi/keystonemiddleware@1.2.0
purl pkg:pypi/keystonemiddleware@1.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5st1-zx32-3yfw
1
vulnerability VCID-844e-r6mn-bqh5
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystonemiddleware@1.2.0
aliases CVE-2014-7144, GHSA-7f2c-vp52-gmfw, PYSEC-2014-26, PYSEC-2014-71
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-79rs-7766-4ycf
2
url VCID-844e-r6mn-bqh5
vulnerability_id VCID-844e-r6mn-bqh5
summary The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers, which allows remote authenticated users to bypass intended access restrictions and gain access to cloud resources by manipulating byte fields within a revoked token.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7546.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7546.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-7546
reference_id
reference_type
scores
0
value 0.00105
scoring_system epss
scoring_elements 0.28612
published_at 2026-04-01T12:55:00Z
1
value 0.00105
scoring_system epss
scoring_elements 0.28561
published_at 2026-04-18T12:55:00Z
2
value 0.00105
scoring_system epss
scoring_elements 0.28586
published_at 2026-04-16T12:55:00Z
3
value 0.00105
scoring_system epss
scoring_elements 0.28566
published_at 2026-04-13T12:55:00Z
4
value 0.00105
scoring_system epss
scoring_elements 0.28614
published_at 2026-04-12T12:55:00Z
5
value 0.00105
scoring_system epss
scoring_elements 0.28658
published_at 2026-04-11T12:55:00Z
6
value 0.00105
scoring_system epss
scoring_elements 0.28656
published_at 2026-04-09T12:55:00Z
7
value 0.00105
scoring_system epss
scoring_elements 0.28616
published_at 2026-04-08T12:55:00Z
8
value 0.00105
scoring_system epss
scoring_elements 0.28551
published_at 2026-04-07T12:55:00Z
9
value 0.00105
scoring_system epss
scoring_elements 0.28743
published_at 2026-04-04T12:55:00Z
10
value 0.00105
scoring_system epss
scoring_elements 0.28695
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-7546
2
reference_url https://bugs.launchpad.net/keystone/+bug/1490804
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1490804
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7546
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7546
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv2
scoring_elements AV:A/AC:M/Au:N/C:P/I:P/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/openstack/keystone/commit/bff03b5726fe5cac93d44a66715eea49b89c8cb0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/bff03b5726fe5cac93d44a66715eea49b89c8cb0
6
reference_url https://github.com/openstack/keystone/commit/d5378f173da14a34ca010271477337879002d6d0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/d5378f173da14a34ca010271477337879002d6d0
7
reference_url https://github.com/openstack/keystonemiddleware/commit/96ab58e6863c92575ada57615b19652e502adfd8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystonemiddleware/commit/96ab58e6863c92575ada57615b19652e502adfd8
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystonemiddleware/PYSEC-2016-20.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystonemiddleware/PYSEC-2016-20.yaml
9
reference_url https://security.openstack.org/ossa/OSSA-2016-005.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2016-005.html
10
reference_url https://web.archive.org/web/20200228002640/http://www.securityfocus.com/bid/80498
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228002640/http://www.securityfocus.com/bid/80498
11
reference_url https://wiki.openstack.org/wiki/OSSN/OSSN-0062
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://wiki.openstack.org/wiki/OSSN/OSSN-0062
12
reference_url http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
13
reference_url http://www.securityfocus.com/bid/80498
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/80498
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1290774
reference_id 1290774
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1290774
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystonemiddleware:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:openstack:keystonemiddleware:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystonemiddleware:*:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
reference_id cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-7546
reference_id CVE-2015-7546
reference_type
scores
0
value 6.0
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:P/I:P/A:P
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-7546
19
reference_url https://github.com/advisories/GHSA-8c4w-v65p-jvcv
reference_id GHSA-8c4w-v65p-jvcv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8c4w-v65p-jvcv
fixed_packages
0
url pkg:pypi/keystonemiddleware@1.5.4
purl pkg:pypi/keystonemiddleware@1.5.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystonemiddleware@1.5.4
1
url pkg:pypi/keystonemiddleware@2.3.3
purl pkg:pypi/keystonemiddleware@2.3.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystonemiddleware@2.3.3
2
url pkg:pypi/keystonemiddleware@4.1.0
purl pkg:pypi/keystonemiddleware@4.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystonemiddleware@4.1.0
aliases CVE-2015-7546, GHSA-8c4w-v65p-jvcv, PYSEC-2016-20
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-844e-r6mn-bqh5
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/keystonemiddleware@1.1.0