Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-qdd1-jvk8-73hd
Summary
Permission Issues
The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges.
Aliases
0
alias CVE-2013-4477
1
alias GHSA-f889-wfwm-6p7m
Fixed_packages
0
url pkg:deb/debian/keystone@2013.2-2?distro=trixie
purl pkg:deb/debian/keystone@2013.2-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.2-2%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2014.1.3-6
purl pkg:deb/debian/keystone@2014.1.3-6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-844e-r6mn-bqh5
1
vulnerability VCID-96bg-ytf8-9fhd
2
vulnerability VCID-9dhg-r711-yfg6
3
vulnerability VCID-gdk6-a746-6fac
4
vulnerability VCID-p5un-b12x-tuh5
5
vulnerability VCID-qyjh-md45-hyhh
6
vulnerability VCID-r25g-be38-b3be
7
vulnerability VCID-rgkw-6ews-rked
8
vulnerability VCID-t2ap-zxfa-fkhe
9
vulnerability VCID-w6e4-zd31-g7hu
10
vulnerability VCID-wc5s-25xb-rqaa
11
vulnerability VCID-ztee-sxym-zffv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6
2
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
1
vulnerability VCID-93vc-hgec-nfe6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6wj2-abbb-xqf6
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie
8
url pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie
Affected_packages
0
url pkg:deb/debian/keystone@2012.1.1-13%2Bwheezy1
purl pkg:deb/debian/keystone@2012.1.1-13%2Bwheezy1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-44u3-6h7t-dbah
1
vulnerability VCID-5atx-veu5-kud6
2
vulnerability VCID-655y-mj8k-dbb2
3
vulnerability VCID-6cy4-grme-mka1
4
vulnerability VCID-844e-r6mn-bqh5
5
vulnerability VCID-8bat-qwmh-fyer
6
vulnerability VCID-8tkd-pcuy-d7ax
7
vulnerability VCID-91k2-z5s1-gbbx
8
vulnerability VCID-96bg-ytf8-9fhd
9
vulnerability VCID-9dhg-r711-yfg6
10
vulnerability VCID-am2m-2fgu-xkfk
11
vulnerability VCID-cg74-2jr1-2fhp
12
vulnerability VCID-gdk6-a746-6fac
13
vulnerability VCID-h1xa-f7tm-tudx
14
vulnerability VCID-hjrj-k1wk-jbha
15
vulnerability VCID-ksj4-14rq-uyb7
16
vulnerability VCID-my7j-6x5y-97a1
17
vulnerability VCID-p5un-b12x-tuh5
18
vulnerability VCID-qdd1-jvk8-73hd
19
vulnerability VCID-qmyj-ffvg-tbe8
20
vulnerability VCID-qyjh-md45-hyhh
21
vulnerability VCID-r25g-be38-b3be
22
vulnerability VCID-rgkw-6ews-rked
23
vulnerability VCID-s3gc-cxxf-63ed
24
vulnerability VCID-s5ab-apmg-dqd9
25
vulnerability VCID-snpz-wwd6-dkb6
26
vulnerability VCID-t2ap-zxfa-fkhe
27
vulnerability VCID-uexc-7rt7-hbgx
28
vulnerability VCID-w6e4-zd31-g7hu
29
vulnerability VCID-wc5s-25xb-rqaa
30
vulnerability VCID-wm8s-rmkk-mugb
31
vulnerability VCID-ztee-sxym-zffv
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1.1-13%252Bwheezy1
1
url pkg:pypi/keystone@2013.2.1
purl pkg:pypi/keystone@2013.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qdd1-jvk8-73hd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@2013.2.1
2
url pkg:rpm/redhat/openstack-keystone@2013.1.4-2?arch=el6ost
purl pkg:rpm/redhat/openstack-keystone@2013.1.4-2?arch=el6ost
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qdd1-jvk8-73hd
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openstack-keystone@2013.1.4-2%3Farch=el6ost
References
0
reference_url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4477
reference_id
reference_type
scores
url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4477
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-0113.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0113.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4477.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4477.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4477
reference_id
reference_type
scores
0
value 0.00151
scoring_system epss
scoring_elements 0.3579
published_at 2026-04-18T12:55:00Z
1
value 0.00151
scoring_system epss
scoring_elements 0.35801
published_at 2026-04-16T12:55:00Z
2
value 0.00151
scoring_system epss
scoring_elements 0.35761
published_at 2026-04-13T12:55:00Z
3
value 0.00151
scoring_system epss
scoring_elements 0.35743
published_at 2026-04-07T12:55:00Z
4
value 0.00151
scoring_system epss
scoring_elements 0.35793
published_at 2026-04-08T12:55:00Z
5
value 0.00151
scoring_system epss
scoring_elements 0.35784
published_at 2026-04-12T12:55:00Z
6
value 0.00151
scoring_system epss
scoring_elements 0.35824
published_at 2026-04-11T12:55:00Z
7
value 0.00151
scoring_system epss
scoring_elements 0.35685
published_at 2026-04-01T12:55:00Z
8
value 0.00151
scoring_system epss
scoring_elements 0.35882
published_at 2026-04-02T12:55:00Z
9
value 0.00151
scoring_system epss
scoring_elements 0.35816
published_at 2026-04-09T12:55:00Z
10
value 0.00151
scoring_system epss
scoring_elements 0.35912
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4477
4
reference_url https://bugs.launchpad.net/keystone/+bug/1242855
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1242855
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4477
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4477
6
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
7
reference_url https://github.com/openstack/keystone/commit/b17e7bec768bd53d3977352486378698a3db3cfa
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/b17e7bec768bd53d3977352486378698a3db3cfa
8
reference_url https://github.com/openstack/keystone/commit/c6800c
reference_id
reference_type
scores
url https://github.com/openstack/keystone/commit/c6800c
9
reference_url https://github.com/openstack/keystone/commit/c6800ca1ac984c879e75826df6694d6199444ea0
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/c6800ca1ac984c879e75826df6694d6199444ea0
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4477
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4477
11
reference_url http://www.openwall.com/lists/oss-security/2013/10/30/6
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/10/30/6
12
reference_url http://www.ubuntu.com/usn/USN-2034-1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2034-1
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1024401
reference_id 1024401
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1024401
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728233
reference_id 728233
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728233
15
reference_url https://github.com/advisories/GHSA-f889-wfwm-6p7m
reference_id GHSA-f889-wfwm-6p7m
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f889-wfwm-6p7m
16
reference_url https://access.redhat.com/errata/RHSA-2014:0113
reference_id RHSA-2014:0113
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0113
17
reference_url https://usn.ubuntu.com/2034-1/
reference_id USN-2034-1
reference_type
scores
url https://usn.ubuntu.com/2034-1/
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 264
name Permissions, Privileges, and Access Controls
description Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score0.1 - 3
Exploitability0.5
Weighted_severity2.7
Risk_score1.4
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-qdd1-jvk8-73hd