Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-s22u-wrpf-qka1
SummaryAn issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. This results in the provided keystone token having more role assignments than the creator intended, possibly giving unintended escalated access.
Aliases
0
alias CVE-2020-12690
1
alias GHSA-6m8p-x4qw-gh5j
2
alias PYSEC-2020-54
Fixed_packages
0
url pkg:deb/debian/keystone@2:17.0.0~rc2-1?distro=trixie
purl pkg:deb/debian/keystone@2:17.0.0~rc2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:17.0.0~rc2-1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2d7v-rmys-akfg
1
vulnerability VCID-3vnr-dg8w-4qg6
2
vulnerability VCID-7k2c-zp2n-pbek
3
vulnerability VCID-86d1-vsfn-ruah
4
vulnerability VCID-nctt-8ksu-5ud5
5
vulnerability VCID-tyh8-xsy3-efeh
6
vulnerability VCID-w3tv-9q89-b3f3
7
vulnerability VCID-x278-p5ca-h7d4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2d7v-rmys-akfg
1
vulnerability VCID-3vnr-dg8w-4qg6
2
vulnerability VCID-7k2c-zp2n-pbek
3
vulnerability VCID-86d1-vsfn-ruah
4
vulnerability VCID-nctt-8ksu-5ud5
5
vulnerability VCID-tyh8-xsy3-efeh
6
vulnerability VCID-w3tv-9q89-b3f3
7
vulnerability VCID-x278-p5ca-h7d4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2d7v-rmys-akfg
1
vulnerability VCID-3vnr-dg8w-4qg6
2
vulnerability VCID-7k2c-zp2n-pbek
3
vulnerability VCID-nctt-8ksu-5ud5
4
vulnerability VCID-tyh8-xsy3-efeh
5
vulnerability VCID-w3tv-9q89-b3f3
6
vulnerability VCID-x278-p5ca-h7d4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
5
url pkg:pypi/keystone@15.0.1
purl pkg:pypi/keystone@15.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-w7kc-5swx-cfcr
1
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@15.0.1
6
url pkg:pypi/keystone@16.0.0
purl pkg:pypi/keystone@16.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b5fc-55sj-47a4
1
vulnerability VCID-bukc-9hym-u7av
2
vulnerability VCID-w7kc-5swx-cfcr
3
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@16.0.0
Affected_packages
0
url pkg:pypi/keystone@12.0.2
purl pkg:pypi/keystone@12.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5sv8-3h7u-qfbu
1
vulnerability VCID-6knu-zpef-kyey
2
vulnerability VCID-b5fc-55sj-47a4
3
vulnerability VCID-bukc-9hym-u7av
4
vulnerability VCID-s22u-wrpf-qka1
5
vulnerability VCID-w7kc-5swx-cfcr
6
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@12.0.2
1
url pkg:pypi/keystone@12.0.3
purl pkg:pypi/keystone@12.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5sv8-3h7u-qfbu
1
vulnerability VCID-6knu-zpef-kyey
2
vulnerability VCID-b5fc-55sj-47a4
3
vulnerability VCID-bukc-9hym-u7av
4
vulnerability VCID-s22u-wrpf-qka1
5
vulnerability VCID-w7kc-5swx-cfcr
6
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@12.0.3
2
url pkg:pypi/keystone@13.0.2
purl pkg:pypi/keystone@13.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5sv8-3h7u-qfbu
1
vulnerability VCID-6knu-zpef-kyey
2
vulnerability VCID-b5fc-55sj-47a4
3
vulnerability VCID-bukc-9hym-u7av
4
vulnerability VCID-s22u-wrpf-qka1
5
vulnerability VCID-w7kc-5swx-cfcr
6
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@13.0.2
3
url pkg:pypi/keystone@13.0.3
purl pkg:pypi/keystone@13.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5sv8-3h7u-qfbu
1
vulnerability VCID-6knu-zpef-kyey
2
vulnerability VCID-b5fc-55sj-47a4
3
vulnerability VCID-bukc-9hym-u7av
4
vulnerability VCID-s22u-wrpf-qka1
5
vulnerability VCID-w7kc-5swx-cfcr
6
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@13.0.3
4
url pkg:pypi/keystone@13.0.4
purl pkg:pypi/keystone@13.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5sv8-3h7u-qfbu
1
vulnerability VCID-6knu-zpef-kyey
2
vulnerability VCID-b5fc-55sj-47a4
3
vulnerability VCID-bukc-9hym-u7av
4
vulnerability VCID-s22u-wrpf-qka1
5
vulnerability VCID-w7kc-5swx-cfcr
6
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@13.0.4
5
url pkg:pypi/keystone@14.0.0
purl pkg:pypi/keystone@14.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5sv8-3h7u-qfbu
1
vulnerability VCID-6knu-zpef-kyey
2
vulnerability VCID-b5fc-55sj-47a4
3
vulnerability VCID-bukc-9hym-u7av
4
vulnerability VCID-nctt-8ksu-5ud5
5
vulnerability VCID-s22u-wrpf-qka1
6
vulnerability VCID-w7kc-5swx-cfcr
7
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@14.0.0
6
url pkg:pypi/keystone@14.0.1
purl pkg:pypi/keystone@14.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5sv8-3h7u-qfbu
1
vulnerability VCID-6knu-zpef-kyey
2
vulnerability VCID-b5fc-55sj-47a4
3
vulnerability VCID-bukc-9hym-u7av
4
vulnerability VCID-s22u-wrpf-qka1
5
vulnerability VCID-w7kc-5swx-cfcr
6
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@14.0.1
7
url pkg:pypi/keystone@14.1.0
purl pkg:pypi/keystone@14.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6knu-zpef-kyey
1
vulnerability VCID-b5fc-55sj-47a4
2
vulnerability VCID-bukc-9hym-u7av
3
vulnerability VCID-s22u-wrpf-qka1
4
vulnerability VCID-w7kc-5swx-cfcr
5
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@14.1.0
8
url pkg:pypi/keystone@14.2.0
purl pkg:pypi/keystone@14.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6knu-zpef-kyey
1
vulnerability VCID-b5fc-55sj-47a4
2
vulnerability VCID-bukc-9hym-u7av
3
vulnerability VCID-s22u-wrpf-qka1
4
vulnerability VCID-w7kc-5swx-cfcr
5
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@14.2.0
9
url pkg:pypi/keystone@15.0.0.0rc1
purl pkg:pypi/keystone@15.0.0.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6knu-zpef-kyey
1
vulnerability VCID-b5fc-55sj-47a4
2
vulnerability VCID-bukc-9hym-u7av
3
vulnerability VCID-s22u-wrpf-qka1
4
vulnerability VCID-w7kc-5swx-cfcr
5
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@15.0.0.0rc1
10
url pkg:pypi/keystone@15.0.0.0rc2
purl pkg:pypi/keystone@15.0.0.0rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6knu-zpef-kyey
1
vulnerability VCID-b5fc-55sj-47a4
2
vulnerability VCID-bukc-9hym-u7av
3
vulnerability VCID-s22u-wrpf-qka1
4
vulnerability VCID-w7kc-5swx-cfcr
5
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@15.0.0.0rc2
11
url pkg:pypi/keystone@15.0.0
purl pkg:pypi/keystone@15.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6knu-zpef-kyey
1
vulnerability VCID-b5fc-55sj-47a4
2
vulnerability VCID-bukc-9hym-u7av
3
vulnerability VCID-s22u-wrpf-qka1
4
vulnerability VCID-w7kc-5swx-cfcr
5
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@15.0.0
12
url pkg:pypi/keystone@16.0.0.0rc1
purl pkg:pypi/keystone@16.0.0.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-s22u-wrpf-qka1
1
vulnerability VCID-w7kc-5swx-cfcr
2
vulnerability VCID-yy5b-2hwe-qubf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/keystone@16.0.0.0rc1
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-12690
reference_id
reference_type
scores
0
value 0.00817
scoring_system epss
scoring_elements 0.74646
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-12690
1
reference_url https://bugs.launchpad.net/keystone/+bug/1873290
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1873290
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/advisories/GHSA-6m8p-x4qw-gh5j
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-6m8p-x4qw-gh5j
4
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-54.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-54.yaml
6
reference_url https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-12690
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-12690
8
reference_url https://security.openstack.org/ossa/OSSA-2020-005.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2020-005.html
9
reference_url https://usn.ubuntu.com/4480-1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4480-1
10
reference_url https://usn.ubuntu.com/4480-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4480-1/
11
reference_url https://www.openwall.com/lists/oss-security/2020/05/06/6
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2020/05/06/6
12
reference_url http://www.openwall.com/lists/oss-security/2020/05/07/3
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/05/07/3
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900
reference_id 959900
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900
Weaknesses
0
cwe_id 613
name Insufficient Session Expiration
description According to WASC, Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score5.3 - 8.9
Exploitability0.5
Weighted_severity0.0
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-s22u-wrpf-qka1