Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/keystone@19.0.1
purl pkg:pypi/keystone@19.0.1
Next non-vulnerable version 26.1.1
Latest non-vulnerable version 28.0.1
Risk 4.5
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-93vc-hgec-nfe6
Aliases:
CVE-2021-3563
GHSA-cc99-whm5-mmq3
Openstack Keystone Incorrect Authorization vulnerability A flaw was found in openstack-keystone, only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity. A [patch](https://opendev.org/openstack/keystone/commit/7859ed26003858ebfd9a5e866b43f1a6a9e83dca) is available. There are no reported fixed by versions.
VCID-r25g-be38-b3be
Aliases:
CVE-2025-65073
GHSA-hcqg-5g63-7j9h
OpenStack Keystone allows /v3/ec2tokens or /v3/s3tokens request with valid AWS Signature to provide Keystone authorization. OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization.
26.0.1
Affected by 0 other vulnerabilities.
27.0.0
Affected by 0 other vulnerabilities.
28.0.0
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-p5un-b12x-tuh5 OpenStack Keystone allows information disclosure during account locking OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). By guessing the name of an account and failing to authenticate multiple times, any unauthenticated actor could both confirm the account exists and obtain that account's corresponding UUID, which might be leveraged for other unrelated attacks. All deployments enabling security_compliance.lockout_failure_attempts are affected. CVE-2021-38155
GHSA-4225-97pr-rr52

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T23:52:17.096238+00:00 GitLab Importer Affected by VCID-r25g-be38-b3be https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/keystone/CVE-2025-65073.yml 38.4.0
2026-04-16T22:07:46.466899+00:00 GitLab Importer Affected by VCID-93vc-hgec-nfe6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/keystone/CVE-2021-3563.yml 38.4.0
2026-04-12T01:13:56.292721+00:00 GitLab Importer Affected by VCID-r25g-be38-b3be https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/keystone/CVE-2025-65073.yml 38.3.0
2026-04-11T23:24:09.916108+00:00 GitLab Importer Affected by VCID-93vc-hgec-nfe6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/keystone/CVE-2021-3563.yml 38.3.0
2026-04-03T21:26:27.552550+00:00 GitLab Importer Fixing VCID-p5un-b12x-tuh5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/keystone/CVE-2021-38155.yml 38.1.0
2026-04-03T01:22:53.905193+00:00 GitLab Importer Affected by VCID-r25g-be38-b3be https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/keystone/CVE-2025-65073.yml 38.1.0
2026-04-02T23:30:35.384482+00:00 GitLab Importer Affected by VCID-93vc-hgec-nfe6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/keystone/CVE-2021-3563.yml 38.1.0
2026-04-01T17:52:05.791385+00:00 GitLab Importer Affected by VCID-93vc-hgec-nfe6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/keystone/CVE-2021-3563.yml 38.0.0
2026-04-01T16:02:13.330610+00:00 GHSA Importer Fixing VCID-p5un-b12x-tuh5 https://github.com/advisories/GHSA-4225-97pr-rr52 38.0.0
2026-04-01T13:07:42.454534+00:00 GithubOSV Importer Fixing VCID-p5un-b12x-tuh5 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4225-97pr-rr52/GHSA-4225-97pr-rr52.json 38.0.0