Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-bukc-9hym-u7av
SummaryAn issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.
Aliases
0
alias CVE-2020-12691
1
alias GHSA-4427-7f3w-mqv6
2
alias PYSEC-2020-55
Fixed_packages
0
url pkg:deb/debian/keystone@2:17.0.0~rc2-1?distro=trixie
purl pkg:deb/debian/keystone@2:17.0.0~rc2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:17.0.0~rc2-1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2d7v-rmys-akfg
1
vulnerability VCID-3vnr-dg8w-4qg6
2
vulnerability VCID-7k2c-zp2n-pbek
3
vulnerability VCID-86d1-vsfn-ruah
4
vulnerability VCID-nctt-8ksu-5ud5
5
vulnerability VCID-tyh8-xsy3-efeh
6
vulnerability VCID-w3tv-9q89-b3f3
7
vulnerability VCID-x278-p5ca-h7d4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2d7v-rmys-akfg
1
vulnerability VCID-3vnr-dg8w-4qg6
2
vulnerability VCID-7k2c-zp2n-pbek
3
vulnerability VCID-86d1-vsfn-ruah
4
vulnerability VCID-nctt-8ksu-5ud5
5
vulnerability VCID-tyh8-xsy3-efeh
6
vulnerability VCID-w3tv-9q89-b3f3
7
vulnerability VCID-x278-p5ca-h7d4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2d7v-rmys-akfg
1
vulnerability VCID-3vnr-dg8w-4qg6
2
vulnerability VCID-7k2c-zp2n-pbek
3
vulnerability VCID-nctt-8ksu-5ud5
4
vulnerability VCID-tyh8-xsy3-efeh
5
vulnerability VCID-w3tv-9q89-b3f3
6
vulnerability VCID-x278-p5ca-h7d4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
5
url pkg:pypi/keystone@15.0.1
purl pkg:pypi/keystone@15.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-w7kc-5swx-cfcr
1
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@15.0.1
6
url pkg:pypi/keystone@16.0.1
purl pkg:pypi/keystone@16.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@16.0.1
Affected_packages
0
url pkg:pypi/keystone@12.0.2
purl pkg:pypi/keystone@12.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5sv8-3h7u-qfbu
1
vulnerability VCID-6knu-zpef-kyey
2
vulnerability VCID-b5fc-55sj-47a4
3
vulnerability VCID-bukc-9hym-u7av
4
vulnerability VCID-s22u-wrpf-qka1
5
vulnerability VCID-w7kc-5swx-cfcr
6
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@12.0.2
1
url pkg:pypi/keystone@12.0.3
purl pkg:pypi/keystone@12.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5sv8-3h7u-qfbu
1
vulnerability VCID-6knu-zpef-kyey
2
vulnerability VCID-b5fc-55sj-47a4
3
vulnerability VCID-bukc-9hym-u7av
4
vulnerability VCID-s22u-wrpf-qka1
5
vulnerability VCID-w7kc-5swx-cfcr
6
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@12.0.3
2
url pkg:pypi/keystone@13.0.2
purl pkg:pypi/keystone@13.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5sv8-3h7u-qfbu
1
vulnerability VCID-6knu-zpef-kyey
2
vulnerability VCID-b5fc-55sj-47a4
3
vulnerability VCID-bukc-9hym-u7av
4
vulnerability VCID-s22u-wrpf-qka1
5
vulnerability VCID-w7kc-5swx-cfcr
6
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@13.0.2
3
url pkg:pypi/keystone@13.0.3
purl pkg:pypi/keystone@13.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5sv8-3h7u-qfbu
1
vulnerability VCID-6knu-zpef-kyey
2
vulnerability VCID-b5fc-55sj-47a4
3
vulnerability VCID-bukc-9hym-u7av
4
vulnerability VCID-s22u-wrpf-qka1
5
vulnerability VCID-w7kc-5swx-cfcr
6
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@13.0.3
4
url pkg:pypi/keystone@13.0.4
purl pkg:pypi/keystone@13.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5sv8-3h7u-qfbu
1
vulnerability VCID-6knu-zpef-kyey
2
vulnerability VCID-b5fc-55sj-47a4
3
vulnerability VCID-bukc-9hym-u7av
4
vulnerability VCID-s22u-wrpf-qka1
5
vulnerability VCID-w7kc-5swx-cfcr
6
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@13.0.4
5
url pkg:pypi/keystone@14.0.0
purl pkg:pypi/keystone@14.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5sv8-3h7u-qfbu
1
vulnerability VCID-6knu-zpef-kyey
2
vulnerability VCID-b5fc-55sj-47a4
3
vulnerability VCID-bukc-9hym-u7av
4
vulnerability VCID-nctt-8ksu-5ud5
5
vulnerability VCID-s22u-wrpf-qka1
6
vulnerability VCID-w7kc-5swx-cfcr
7
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@14.0.0
6
url pkg:pypi/keystone@14.0.1
purl pkg:pypi/keystone@14.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5sv8-3h7u-qfbu
1
vulnerability VCID-6knu-zpef-kyey
2
vulnerability VCID-b5fc-55sj-47a4
3
vulnerability VCID-bukc-9hym-u7av
4
vulnerability VCID-s22u-wrpf-qka1
5
vulnerability VCID-w7kc-5swx-cfcr
6
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@14.0.1
7
url pkg:pypi/keystone@14.1.0
purl pkg:pypi/keystone@14.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6knu-zpef-kyey
1
vulnerability VCID-b5fc-55sj-47a4
2
vulnerability VCID-bukc-9hym-u7av
3
vulnerability VCID-s22u-wrpf-qka1
4
vulnerability VCID-w7kc-5swx-cfcr
5
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@14.1.0
8
url pkg:pypi/keystone@14.2.0
purl pkg:pypi/keystone@14.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6knu-zpef-kyey
1
vulnerability VCID-b5fc-55sj-47a4
2
vulnerability VCID-bukc-9hym-u7av
3
vulnerability VCID-s22u-wrpf-qka1
4
vulnerability VCID-w7kc-5swx-cfcr
5
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@14.2.0
9
url pkg:pypi/keystone@15.0.0.0rc1
purl pkg:pypi/keystone@15.0.0.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6knu-zpef-kyey
1
vulnerability VCID-b5fc-55sj-47a4
2
vulnerability VCID-bukc-9hym-u7av
3
vulnerability VCID-s22u-wrpf-qka1
4
vulnerability VCID-w7kc-5swx-cfcr
5
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@15.0.0.0rc1
10
url pkg:pypi/keystone@15.0.0.0rc2
purl pkg:pypi/keystone@15.0.0.0rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6knu-zpef-kyey
1
vulnerability VCID-b5fc-55sj-47a4
2
vulnerability VCID-bukc-9hym-u7av
3
vulnerability VCID-s22u-wrpf-qka1
4
vulnerability VCID-w7kc-5swx-cfcr
5
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@15.0.0.0rc2
11
url pkg:pypi/keystone@15.0.0
purl pkg:pypi/keystone@15.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6knu-zpef-kyey
1
vulnerability VCID-b5fc-55sj-47a4
2
vulnerability VCID-bukc-9hym-u7av
3
vulnerability VCID-s22u-wrpf-qka1
4
vulnerability VCID-w7kc-5swx-cfcr
5
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@15.0.0
12
url pkg:pypi/keystone@16.0.0
purl pkg:pypi/keystone@16.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b5fc-55sj-47a4
1
vulnerability VCID-bukc-9hym-u7av
2
vulnerability VCID-w7kc-5swx-cfcr
3
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@16.0.0
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-12691
reference_id
reference_type
scores
0
value 0.03566
scoring_system epss
scoring_elements 0.87918
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-12691
1
reference_url https://bugs.launchpad.net/keystone/+bug/1872733
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1872733
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
4
reference_url https://github.com/openstack/keystone/commit/37e9907a176dad6843819b1bec4946c3aecc4548
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/37e9907a176dad6843819b1bec4946c3aecc4548
5
reference_url https://github.com/openstack/keystone/commit/40cbb7bebd50276412daa1981ff5a7c7b3b899a5
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/40cbb7bebd50276412daa1981ff5a7c7b3b899a5
6
reference_url https://github.com/openstack/keystone/commit/95b2bbeab113d9f04d1c81f7f1b48bf692bce979
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/95b2bbeab113d9f04d1c81f7f1b48bf692bce979
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-55.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-55.yaml
8
reference_url https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa@%3Ccommits.druid.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-12691
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-12691
11
reference_url https://security.openstack.org/ossa/OSSA-2020-004.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2020-004.html
12
reference_url https://usn.ubuntu.com/4480-1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4480-1
13
reference_url https://usn.ubuntu.com/4480-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4480-1/
14
reference_url https://www.openwall.com/lists/oss-security/2020/05/06/5
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2020/05/06/5
15
reference_url http://www.openwall.com/lists/oss-security/2020/05/07/2
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/05/07/2
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900
reference_id 959900
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900
Weaknesses
0
cwe_id 311
name Missing Encryption of Sensitive Data
description The product does not encrypt sensitive or critical information before storage or transmission.
1
cwe_id 863
name Incorrect Authorization
description The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
Exploits
Severity_range_score7.0 - 8.9
Exploitability0.5
Weighted_severity0.0
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-bukc-9hym-u7av