VulnerableCode Package Details - pkg:deb/debian/keystone@2:16.0.0-5?distro=trixie

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/keystone@2:16.0.0-5?distro=trixie

purl	pkg:deb/debian/keystone@2:16.0.0-5?distro=trixie

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-gdk6-a746-6fac	OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforce_scope is false. Users with a role on a project are able to view any other users' credentials, which could (for example) leak sign-on information for Time-based One Time Passwords (TOTP). Deployments with enforce_scope set to false are affected. (There will be a slight performance impact for the list credentials API once this issue is fixed.)	CVE-2019-19687 GHSA-2j23-fwqm-mgwr PYSEC-2019-29

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T08:57:43.585101+00:00	Debian Importer	Fixing	VCID-gdk6-a746-6fac	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-12T17:49:27.927562+00:00	Debian Importer	Fixing	VCID-gdk6-a746-6fac	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:28:03.614748+00:00	Debian Importer	Fixing	VCID-gdk6-a746-6fac	https://security-tracker.debian.org/tracker/data/json	38.1.0