Search for packages
| purl | pkg:rpm/redhat/openstack-keystone@2013.1.5-3?arch=el6ost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-am2m-2fgu-xkfk
Aliases: CVE-2014-3520 |
openstack-keystone: Keystone V2 trusts privilege escalation through user supplied project id | There are no reported fixed by versions. |
|
VCID-s5ab-apmg-dqd9
Aliases: CVE-2014-3476 GHSA-274v-r947-v34r |
OpenStack Identity Keystone is vulnerable to Block delegation escalation of privilege OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a (1) trust or (2) OAuth token with impersonation enabled to create a new token with additional roles. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:47:38.291442+00:00 | RedHat Importer | Affected by | VCID-s5ab-apmg-dqd9 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3476.json | 38.0.0 |
| 2026-04-01T14:47:34.502355+00:00 | RedHat Importer | Affected by | VCID-am2m-2fgu-xkfk | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3520.json | 38.0.0 |