Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-b5fc-55sj-47a4
SummaryAn issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.
Aliases
0
alias CVE-2020-12689
1
alias GHSA-chgw-36xv-47cw
2
alias PYSEC-2020-53
Fixed_packages
0
url pkg:deb/debian/keystone@2:17.0.0~rc2-1?distro=trixie
purl pkg:deb/debian/keystone@2:17.0.0~rc2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:17.0.0~rc2-1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2d7v-rmys-akfg
1
vulnerability VCID-3vnr-dg8w-4qg6
2
vulnerability VCID-7k2c-zp2n-pbek
3
vulnerability VCID-86d1-vsfn-ruah
4
vulnerability VCID-nctt-8ksu-5ud5
5
vulnerability VCID-tyh8-xsy3-efeh
6
vulnerability VCID-w3tv-9q89-b3f3
7
vulnerability VCID-x278-p5ca-h7d4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2d7v-rmys-akfg
1
vulnerability VCID-3vnr-dg8w-4qg6
2
vulnerability VCID-7k2c-zp2n-pbek
3
vulnerability VCID-86d1-vsfn-ruah
4
vulnerability VCID-nctt-8ksu-5ud5
5
vulnerability VCID-tyh8-xsy3-efeh
6
vulnerability VCID-w3tv-9q89-b3f3
7
vulnerability VCID-x278-p5ca-h7d4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2d7v-rmys-akfg
1
vulnerability VCID-3vnr-dg8w-4qg6
2
vulnerability VCID-7k2c-zp2n-pbek
3
vulnerability VCID-nctt-8ksu-5ud5
4
vulnerability VCID-tyh8-xsy3-efeh
5
vulnerability VCID-w3tv-9q89-b3f3
6
vulnerability VCID-x278-p5ca-h7d4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
5
url pkg:pypi/keystone@15.0.1
purl pkg:pypi/keystone@15.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-w7kc-5swx-cfcr
1
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@15.0.1
6
url pkg:pypi/keystone@16.0.1
purl pkg:pypi/keystone@16.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@16.0.1
Affected_packages
0
url pkg:pypi/keystone@12.0.2
purl pkg:pypi/keystone@12.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5sv8-3h7u-qfbu
1
vulnerability VCID-6knu-zpef-kyey
2
vulnerability VCID-b5fc-55sj-47a4
3
vulnerability VCID-bukc-9hym-u7av
4
vulnerability VCID-s22u-wrpf-qka1
5
vulnerability VCID-w7kc-5swx-cfcr
6
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@12.0.2
1
url pkg:pypi/keystone@12.0.3
purl pkg:pypi/keystone@12.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5sv8-3h7u-qfbu
1
vulnerability VCID-6knu-zpef-kyey
2
vulnerability VCID-b5fc-55sj-47a4
3
vulnerability VCID-bukc-9hym-u7av
4
vulnerability VCID-s22u-wrpf-qka1
5
vulnerability VCID-w7kc-5swx-cfcr
6
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@12.0.3
2
url pkg:pypi/keystone@13.0.2
purl pkg:pypi/keystone@13.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5sv8-3h7u-qfbu
1
vulnerability VCID-6knu-zpef-kyey
2
vulnerability VCID-b5fc-55sj-47a4
3
vulnerability VCID-bukc-9hym-u7av
4
vulnerability VCID-s22u-wrpf-qka1
5
vulnerability VCID-w7kc-5swx-cfcr
6
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@13.0.2
3
url pkg:pypi/keystone@13.0.3
purl pkg:pypi/keystone@13.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5sv8-3h7u-qfbu
1
vulnerability VCID-6knu-zpef-kyey
2
vulnerability VCID-b5fc-55sj-47a4
3
vulnerability VCID-bukc-9hym-u7av
4
vulnerability VCID-s22u-wrpf-qka1
5
vulnerability VCID-w7kc-5swx-cfcr
6
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@13.0.3
4
url pkg:pypi/keystone@13.0.4
purl pkg:pypi/keystone@13.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5sv8-3h7u-qfbu
1
vulnerability VCID-6knu-zpef-kyey
2
vulnerability VCID-b5fc-55sj-47a4
3
vulnerability VCID-bukc-9hym-u7av
4
vulnerability VCID-s22u-wrpf-qka1
5
vulnerability VCID-w7kc-5swx-cfcr
6
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@13.0.4
5
url pkg:pypi/keystone@14.0.0
purl pkg:pypi/keystone@14.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5sv8-3h7u-qfbu
1
vulnerability VCID-6knu-zpef-kyey
2
vulnerability VCID-b5fc-55sj-47a4
3
vulnerability VCID-bukc-9hym-u7av
4
vulnerability VCID-nctt-8ksu-5ud5
5
vulnerability VCID-s22u-wrpf-qka1
6
vulnerability VCID-w7kc-5swx-cfcr
7
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@14.0.0
6
url pkg:pypi/keystone@14.0.1
purl pkg:pypi/keystone@14.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5sv8-3h7u-qfbu
1
vulnerability VCID-6knu-zpef-kyey
2
vulnerability VCID-b5fc-55sj-47a4
3
vulnerability VCID-bukc-9hym-u7av
4
vulnerability VCID-s22u-wrpf-qka1
5
vulnerability VCID-w7kc-5swx-cfcr
6
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@14.0.1
7
url pkg:pypi/keystone@14.1.0
purl pkg:pypi/keystone@14.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6knu-zpef-kyey
1
vulnerability VCID-b5fc-55sj-47a4
2
vulnerability VCID-bukc-9hym-u7av
3
vulnerability VCID-s22u-wrpf-qka1
4
vulnerability VCID-w7kc-5swx-cfcr
5
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@14.1.0
8
url pkg:pypi/keystone@14.2.0
purl pkg:pypi/keystone@14.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6knu-zpef-kyey
1
vulnerability VCID-b5fc-55sj-47a4
2
vulnerability VCID-bukc-9hym-u7av
3
vulnerability VCID-s22u-wrpf-qka1
4
vulnerability VCID-w7kc-5swx-cfcr
5
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@14.2.0
9
url pkg:pypi/keystone@15.0.0.0rc1
purl pkg:pypi/keystone@15.0.0.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6knu-zpef-kyey
1
vulnerability VCID-b5fc-55sj-47a4
2
vulnerability VCID-bukc-9hym-u7av
3
vulnerability VCID-s22u-wrpf-qka1
4
vulnerability VCID-w7kc-5swx-cfcr
5
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@15.0.0.0rc1
10
url pkg:pypi/keystone@15.0.0.0rc2
purl pkg:pypi/keystone@15.0.0.0rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6knu-zpef-kyey
1
vulnerability VCID-b5fc-55sj-47a4
2
vulnerability VCID-bukc-9hym-u7av
3
vulnerability VCID-s22u-wrpf-qka1
4
vulnerability VCID-w7kc-5swx-cfcr
5
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@15.0.0.0rc2
11
url pkg:pypi/keystone@15.0.0
purl pkg:pypi/keystone@15.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6knu-zpef-kyey
1
vulnerability VCID-b5fc-55sj-47a4
2
vulnerability VCID-bukc-9hym-u7av
3
vulnerability VCID-s22u-wrpf-qka1
4
vulnerability VCID-w7kc-5swx-cfcr
5
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@15.0.0
12
url pkg:pypi/keystone@16.0.0
purl pkg:pypi/keystone@16.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b5fc-55sj-47a4
1
vulnerability VCID-bukc-9hym-u7av
2
vulnerability VCID-w7kc-5swx-cfcr
3
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@16.0.0
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-12689
reference_id
reference_type
scores
0
value 0.01066
scoring_system epss
scoring_elements 0.77999
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-12689
1
reference_url https://bugs.launchpad.net/keystone/+bug/1872735
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1872735
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
4
reference_url https://github.com/openstack/keystone/commit/37e9907a176dad6843819b1bec4946c3aecc4548
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/37e9907a176dad6843819b1bec4946c3aecc4548
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-53.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-53.yaml
6
reference_url https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-12689
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-12689
8
reference_url https://security.openstack.org/ossa/OSSA-2020-004.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2020-004.html
9
reference_url https://usn.ubuntu.com/4480-1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4480-1
10
reference_url https://usn.ubuntu.com/4480-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4480-1/
11
reference_url https://www.openwall.com/lists/oss-security/2020/05/06/5
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2020/05/06/5
12
reference_url http://www.openwall.com/lists/oss-security/2020/05/07/2
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/05/07/2
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900
reference_id 959900
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900
Weaknesses
0
cwe_id 269
name Improper Privilege Management
description The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Exploits
Severity_range_score7.0 - 8.9
Exploitability0.5
Weighted_severity0.0
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-b5fc-55sj-47a4