VulnerableCode Package Details - pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1

Search for packages

Vulnerability	Summary	Fixed by
VCID-6wj2-abbb-xqf6 Aliases: CVE-2026-33551 GHSA-4phw-6824-6cfp		2:29.0.0-2 Affected by 0 other vulnerabilities.
VCID-93vc-hgec-nfe6 Aliases: CVE-2021-3563 GHSA-cc99-whm5-mmq3	Openstack Keystone Incorrect Authorization vulnerability A flaw was found in openstack-keystone, only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity. A [patch](https://opendev.org/openstack/keystone/commit/7859ed26003858ebfd9a5e866b43f1a6a9e83dca) is available.	2:27.0.0-3+deb13u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-6wj2-abbb-xqf6
Aliases:
CVE-2026-33551
GHSA-4phw-6824-6cfp

2:29.0.0-2
Affected by 0 other vulnerabilities.

VCID-93vc-hgec-nfe6
Aliases:
CVE-2021-3563
GHSA-cc99-whm5-mmq3

Openstack Keystone Incorrect Authorization vulnerability A flaw was found in openstack-keystone, only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity. A [patch](https://opendev.org/openstack/keystone/commit/7859ed26003858ebfd9a5e866b43f1a6a9e83dca) is available.

2:27.0.0-3+deb13u1
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-r25g-be38-b3be	OpenStack Keystone allows /v3/ec2tokens or /v3/s3tokens request with valid AWS Signature to provide Keystone authorization. OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization.	CVE-2025-65073 GHSA-hcqg-5g63-7j9h

Vulnerability

Summary

Aliases

VCID-r25g-be38-b3be

OpenStack Keystone allows /v3/ec2tokens or /v3/s3tokens request with valid AWS Signature to provide Keystone authorization. OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization.

CVE-2025-65073
GHSA-hcqg-5g63-7j9h

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T09:22:01.393104+00:00	Debian Importer	Affected by	VCID-6wj2-abbb-xqf6	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:48:11.404370+00:00	Debian Importer	Affected by	VCID-93vc-hgec-nfe6	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-15T17:26:11.023712+00:00	Debian Oval Importer	Fixing	VCID-r25g-be38-b3be	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-13T06:13:06.231055+00:00	Debian Importer	Affected by	VCID-6wj2-abbb-xqf6	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T05:46:55.718014+00:00	Debian Importer	Affected by	VCID-93vc-hgec-nfe6	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:12:32.478723+00:00	Debian Oval Importer	Fixing	VCID-r25g-be38-b3be	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-08T18:44:22.705049+00:00	Debian Importer	Affected by	VCID-93vc-hgec-nfe6	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T17:01:28.518474+00:00	Debian Oval Importer	Fixing	VCID-r25g-be38-b3be	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0