Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-6knu-zpef-kyey
SummaryAn issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times.
Aliases
0
alias CVE-2020-12692
1
alias GHSA-rqw2-hhrf-7936
2
alias PYSEC-2020-56
Fixed_packages
0
url pkg:deb/debian/keystone@2:17.0.0~rc2-1?distro=trixie
purl pkg:deb/debian/keystone@2:17.0.0~rc2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:17.0.0~rc2-1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2d7v-rmys-akfg
1
vulnerability VCID-3vnr-dg8w-4qg6
2
vulnerability VCID-7k2c-zp2n-pbek
3
vulnerability VCID-86d1-vsfn-ruah
4
vulnerability VCID-nctt-8ksu-5ud5
5
vulnerability VCID-tyh8-xsy3-efeh
6
vulnerability VCID-w3tv-9q89-b3f3
7
vulnerability VCID-x278-p5ca-h7d4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2d7v-rmys-akfg
1
vulnerability VCID-3vnr-dg8w-4qg6
2
vulnerability VCID-7k2c-zp2n-pbek
3
vulnerability VCID-86d1-vsfn-ruah
4
vulnerability VCID-nctt-8ksu-5ud5
5
vulnerability VCID-tyh8-xsy3-efeh
6
vulnerability VCID-w3tv-9q89-b3f3
7
vulnerability VCID-x278-p5ca-h7d4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2d7v-rmys-akfg
1
vulnerability VCID-3vnr-dg8w-4qg6
2
vulnerability VCID-7k2c-zp2n-pbek
3
vulnerability VCID-nctt-8ksu-5ud5
4
vulnerability VCID-tyh8-xsy3-efeh
5
vulnerability VCID-w3tv-9q89-b3f3
6
vulnerability VCID-x278-p5ca-h7d4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
5
url pkg:pypi/keystone@15.0.1
purl pkg:pypi/keystone@15.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-w7kc-5swx-cfcr
1
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@15.0.1
6
url pkg:pypi/keystone@16.0.0
purl pkg:pypi/keystone@16.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b5fc-55sj-47a4
1
vulnerability VCID-bukc-9hym-u7av
2
vulnerability VCID-w7kc-5swx-cfcr
3
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@16.0.0
Affected_packages
0
url pkg:pypi/keystone@12.0.2
purl pkg:pypi/keystone@12.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5sv8-3h7u-qfbu
1
vulnerability VCID-6knu-zpef-kyey
2
vulnerability VCID-b5fc-55sj-47a4
3
vulnerability VCID-bukc-9hym-u7av
4
vulnerability VCID-s22u-wrpf-qka1
5
vulnerability VCID-w7kc-5swx-cfcr
6
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@12.0.2
1
url pkg:pypi/keystone@12.0.3
purl pkg:pypi/keystone@12.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5sv8-3h7u-qfbu
1
vulnerability VCID-6knu-zpef-kyey
2
vulnerability VCID-b5fc-55sj-47a4
3
vulnerability VCID-bukc-9hym-u7av
4
vulnerability VCID-s22u-wrpf-qka1
5
vulnerability VCID-w7kc-5swx-cfcr
6
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@12.0.3
2
url pkg:pypi/keystone@13.0.2
purl pkg:pypi/keystone@13.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5sv8-3h7u-qfbu
1
vulnerability VCID-6knu-zpef-kyey
2
vulnerability VCID-b5fc-55sj-47a4
3
vulnerability VCID-bukc-9hym-u7av
4
vulnerability VCID-s22u-wrpf-qka1
5
vulnerability VCID-w7kc-5swx-cfcr
6
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@13.0.2
3
url pkg:pypi/keystone@13.0.3
purl pkg:pypi/keystone@13.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5sv8-3h7u-qfbu
1
vulnerability VCID-6knu-zpef-kyey
2
vulnerability VCID-b5fc-55sj-47a4
3
vulnerability VCID-bukc-9hym-u7av
4
vulnerability VCID-s22u-wrpf-qka1
5
vulnerability VCID-w7kc-5swx-cfcr
6
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@13.0.3
4
url pkg:pypi/keystone@13.0.4
purl pkg:pypi/keystone@13.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5sv8-3h7u-qfbu
1
vulnerability VCID-6knu-zpef-kyey
2
vulnerability VCID-b5fc-55sj-47a4
3
vulnerability VCID-bukc-9hym-u7av
4
vulnerability VCID-s22u-wrpf-qka1
5
vulnerability VCID-w7kc-5swx-cfcr
6
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@13.0.4
5
url pkg:pypi/keystone@14.0.0
purl pkg:pypi/keystone@14.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5sv8-3h7u-qfbu
1
vulnerability VCID-6knu-zpef-kyey
2
vulnerability VCID-b5fc-55sj-47a4
3
vulnerability VCID-bukc-9hym-u7av
4
vulnerability VCID-s22u-wrpf-qka1
5
vulnerability VCID-w7kc-5swx-cfcr
6
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@14.0.0
6
url pkg:pypi/keystone@14.0.1
purl pkg:pypi/keystone@14.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5sv8-3h7u-qfbu
1
vulnerability VCID-6knu-zpef-kyey
2
vulnerability VCID-b5fc-55sj-47a4
3
vulnerability VCID-bukc-9hym-u7av
4
vulnerability VCID-s22u-wrpf-qka1
5
vulnerability VCID-w7kc-5swx-cfcr
6
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@14.0.1
7
url pkg:pypi/keystone@14.1.0
purl pkg:pypi/keystone@14.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6knu-zpef-kyey
1
vulnerability VCID-b5fc-55sj-47a4
2
vulnerability VCID-bukc-9hym-u7av
3
vulnerability VCID-s22u-wrpf-qka1
4
vulnerability VCID-w7kc-5swx-cfcr
5
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@14.1.0
8
url pkg:pypi/keystone@14.2.0
purl pkg:pypi/keystone@14.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6knu-zpef-kyey
1
vulnerability VCID-b5fc-55sj-47a4
2
vulnerability VCID-bukc-9hym-u7av
3
vulnerability VCID-s22u-wrpf-qka1
4
vulnerability VCID-w7kc-5swx-cfcr
5
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@14.2.0
9
url pkg:pypi/keystone@15.0.0.0rc1
purl pkg:pypi/keystone@15.0.0.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6knu-zpef-kyey
1
vulnerability VCID-b5fc-55sj-47a4
2
vulnerability VCID-bukc-9hym-u7av
3
vulnerability VCID-s22u-wrpf-qka1
4
vulnerability VCID-w7kc-5swx-cfcr
5
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@15.0.0.0rc1
10
url pkg:pypi/keystone@15.0.0.0rc2
purl pkg:pypi/keystone@15.0.0.0rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6knu-zpef-kyey
1
vulnerability VCID-b5fc-55sj-47a4
2
vulnerability VCID-bukc-9hym-u7av
3
vulnerability VCID-s22u-wrpf-qka1
4
vulnerability VCID-w7kc-5swx-cfcr
5
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@15.0.0.0rc2
11
url pkg:pypi/keystone@15.0.0
purl pkg:pypi/keystone@15.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6knu-zpef-kyey
1
vulnerability VCID-b5fc-55sj-47a4
2
vulnerability VCID-bukc-9hym-u7av
3
vulnerability VCID-s22u-wrpf-qka1
4
vulnerability VCID-w7kc-5swx-cfcr
5
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@15.0.0
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-12692
reference_id
reference_type
scores
0
value 0.0014
scoring_system epss
scoring_elements 0.33823
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-12692
1
reference_url https://bugs.launchpad.net/keystone/+bug/1872737
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1872737
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-56.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-56.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-12692
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-12692
6
reference_url https://opendev.org/openstack/keystone/commit/ab89ea749013e7f2c46260f68504f5687763e019
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/keystone/commit/ab89ea749013e7f2c46260f68504f5687763e019
7
reference_url https://security.openstack.org/ossa/OSSA-2020-003.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2020-003.html
8
reference_url https://usn.ubuntu.com/4480-1
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4480-1
9
reference_url https://usn.ubuntu.com/4480-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4480-1/
10
reference_url https://www.openwall.com/lists/oss-security/2020/05/06/4
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2020/05/06/4
11
reference_url http://www.openwall.com/lists/oss-security/2020/05/07/1
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/05/07/1
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900
reference_id 959900
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900
Weaknesses
0
cwe_id 311
name Missing Encryption of Sensitive Data
description The product does not encrypt sensitive or critical information before storage or transmission.
1
cwe_id 347
name Improper Verification of Cryptographic Signature
description The product does not verify, or incorrectly verifies, the cryptographic signature for data.
Exploits
Severity_range_score4.0 - 7.0
Exploitability0.5
Weighted_severity0.0
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-6knu-zpef-kyey