Search for packages
| purl | pkg:rpm/redhat/openstack-keystone@2013.1.5-2?arch=el6ost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-655y-mj8k-dbb2
Aliases: CVE-2013-6391 |
Keystone: trust circumvention through EC2-style tokens | There are no reported fixed by versions. |
|
VCID-8tkd-pcuy-d7ax
Aliases: CVE-2014-2237 GHSA-23x9-8hxr-978c PYSEC-2014-105 |
The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being invalidated by bulk token revocation and allows the trustee to bypass intended access restrictions. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:49:16.477247+00:00 | RedHat Importer | Affected by | VCID-8tkd-pcuy-d7ax | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2237.json | 38.0.0 |
| 2026-04-01T14:49:13.531839+00:00 | RedHat Importer | Affected by | VCID-655y-mj8k-dbb2 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6391.json | 38.0.0 |