Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/keystone@8.0
purl pkg:pypi/keystone@8.0
Tags Ghost
Next non-vulnerable version 26.1.1
Latest non-vulnerable version 28.0.1
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-844e-r6mn-bqh5
Aliases:
CVE-2015-7546
GHSA-8c4w-v65p-jvcv
PYSEC-2016-20
The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers, which allows remote authenticated users to bypass intended access restrictions and gain access to cloud resources by manipulating byte fields within a revoked token.
8.1.0
Affected by 0 other vulnerabilities.
9.0.0.0b2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T16:01:30.334376+00:00 GHSA Importer Affected by VCID-844e-r6mn-bqh5 https://github.com/advisories/GHSA-8c4w-v65p-jvcv 38.0.0
2026-04-01T12:50:16.974749+00:00 GitLab Importer Affected by VCID-844e-r6mn-bqh5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/keystone/CVE-2015-7546.yml 38.0.0