Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1037391?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1037391?format=api", "purl": "pkg:deb/debian/keystone@2014.1.3-6", "type": "deb", "namespace": "debian", "name": "keystone", "version": "2014.1.3-6", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2:29.0.1-1", "latest_non_vulnerable_version": "2:29.0.1-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5496?format=api", "vulnerability_id": "VCID-844e-r6mn-bqh5", "summary": "The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers, which allows remote authenticated users to bypass intended access restrictions and gain access to cloud resources by manipulating byte fields within a revoked token.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7546.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7546.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7546", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28695", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28139", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28068", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28048", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28286", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28398", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28512", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28561", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28586", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28566", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28614", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28658", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28656", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28616", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28551", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28612", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28743", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28131", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28106", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28044", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00105", "scoring_system": "epss", "scoring_elements": "0.28207", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-7546" }, { "reference_url": "https://bugs.launchpad.net/keystone/+bug/1490804", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/keystone/+bug/1490804" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7546", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7546" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv2", "scoring_elements": "AV:A/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/keystone/commit/bff03b5726fe5cac93d44a66715eea49b89c8cb0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/bff03b5726fe5cac93d44a66715eea49b89c8cb0" }, { "reference_url": "https://github.com/openstack/keystone/commit/d5378f173da14a34ca010271477337879002d6d0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/d5378f173da14a34ca010271477337879002d6d0" }, { "reference_url": "https://github.com/openstack/keystonemiddleware/commit/96ab58e6863c92575ada57615b19652e502adfd8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystonemiddleware/commit/96ab58e6863c92575ada57615b19652e502adfd8" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/keystonemiddleware/PYSEC-2016-20.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/keystonemiddleware/PYSEC-2016-20.yaml" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2016-005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2016-005.html" }, { "reference_url": "https://web.archive.org/web/20200228002640/http://www.securityfocus.com/bid/80498", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228002640/http://www.securityfocus.com/bid/80498" }, { "reference_url": "https://wiki.openstack.org/wiki/OSSN/OSSN-0062", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://wiki.openstack.org/wiki/OSSN/OSSN-0062" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "reference_url": "http://www.securityfocus.com/bid/80498", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/80498" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1290774", "reference_id": "1290774", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1290774" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystonemiddleware:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:keystonemiddleware:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystonemiddleware:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7546", "reference_id": "CVE-2015-7546", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:P" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7546" }, { "reference_url": "https://github.com/advisories/GHSA-8c4w-v65p-jvcv", "reference_id": "GHSA-8c4w-v65p-jvcv", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8c4w-v65p-jvcv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037392?format=api", "purl": "pkg:deb/debian/keystone@2:9.0.0-2~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-96bg-ytf8-9fhd" }, { "vulnerability": "VCID-gdk6-a746-6fac" }, { "vulnerability": "VCID-p5un-b12x-tuh5" }, { "vulnerability": "VCID-qyjh-md45-hyhh" }, { "vulnerability": "VCID-r25g-be38-b3be" }, { "vulnerability": "VCID-rgkw-6ews-rked" }, { "vulnerability": "VCID-t2ap-zxfa-fkhe" }, { "vulnerability": "VCID-w6e4-zd31-g7hu" }, { "vulnerability": "VCID-wc5s-25xb-rqaa" }, { "vulnerability": "VCID-ztee-sxym-zffv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:9.0.0-2~bpo8%252B1" } ], "aliases": [ "CVE-2015-7546", "GHSA-8c4w-v65p-jvcv", "PYSEC-2016-20" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-844e-r6mn-bqh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5756?format=api", "vulnerability_id": "VCID-96bg-ytf8-9fhd", "summary": "An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1461", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1597", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1597" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2673.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2673.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2673", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00572", "scoring_system": "epss", "scoring_elements": "0.6874", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00572", "scoring_system": "epss", "scoring_elements": "0.68734", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00572", "scoring_system": "epss", "scoring_elements": "0.68729", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00572", "scoring_system": "epss", "scoring_elements": "0.6868", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00572", "scoring_system": "epss", "scoring_elements": "0.687", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00572", "scoring_system": "epss", "scoring_elements": "0.68676", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00572", "scoring_system": "epss", "scoring_elements": "0.68763", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00572", "scoring_system": "epss", "scoring_elements": "0.68788", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00572", "scoring_system": "epss", "scoring_elements": "0.68842", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00572", "scoring_system": "epss", "scoring_elements": "0.68583", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00572", "scoring_system": "epss", "scoring_elements": "0.68761", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00572", "scoring_system": "epss", "scoring_elements": "0.68719", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00572", "scoring_system": "epss", "scoring_elements": "0.68665", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00572", "scoring_system": "epss", "scoring_elements": "0.68647", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00572", "scoring_system": "epss", "scoring_elements": "0.68596", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00572", "scoring_system": "epss", "scoring_elements": "0.68619", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00572", "scoring_system": "epss", "scoring_elements": "0.68601", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00572", "scoring_system": "epss", "scoring_elements": "0.68797", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00572", "scoring_system": "epss", "scoring_elements": "0.68689", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-2673" }, { "reference_url": "https://bugs.launchpad.net/keystone/+bug/1677723", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/keystone/+bug/1677723" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1439586", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1439586" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2673", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2673" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2673", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2673" }, { "reference_url": "http://seclists.org/oss-sec/2017/q2/125", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2017/q2/125" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:S/C:C/I:C/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/keystone", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone" }, { "reference_url": "https://github.com/openstack/keystone/commit/05a129e54573b6cbda1ec095f4526f2b9ba90a90", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/05a129e54573b6cbda1ec095f4526f2b9ba90a90" }, { "reference_url": "https://github.com/openstack/keystone/commit/2139639eeabc8f6941f4461fc87d609cde3118c2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/2139639eeabc8f6941f4461fc87d609cde3118c2" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2018-152.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2018-152.yaml" }, { "reference_url": "http://www.securityfocus.com/bid/98032", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/98032" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861189", "reference_id": "861189", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861189" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2017-2673", "reference_id": "CVE-2017-2673", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2017-2673" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2673", "reference_id": "CVE-2017-2673", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P" }, { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2673" }, { "reference_url": "https://github.com/advisories/GHSA-j36m-hv43-7w7m", "reference_id": "GHSA-j36m-hv43-7w7m", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j36m-hv43-7w7m" }, { "reference_url": "https://usn.ubuntu.com/3448-1/", "reference_id": "USN-3448-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3448-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037393?format=api", "purl": "pkg:deb/debian/keystone@2:10.0.0-9%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gdk6-a746-6fac" }, { "vulnerability": "VCID-p5un-b12x-tuh5" }, { "vulnerability": "VCID-qyjh-md45-hyhh" }, { "vulnerability": "VCID-r25g-be38-b3be" }, { "vulnerability": "VCID-rgkw-6ews-rked" }, { "vulnerability": "VCID-w6e4-zd31-g7hu" }, { "vulnerability": "VCID-wc5s-25xb-rqaa" }, { "vulnerability": "VCID-ztee-sxym-zffv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:10.0.0-9%252Bdeb9u1" } ], "aliases": [ "CVE-2017-2673", "GHSA-j36m-hv43-7w7m", "PYSEC-2018-152" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-96bg-ytf8-9fhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14506?format=api", "vulnerability_id": "VCID-9dhg-r711-yfg6", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nOpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs.", "references": [ { "reference_url": "http://lists.openstack.org/pipermail/openstack-announce/2015-May/000356.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.openstack.org/pipermail/openstack-announce/2015-May/000356.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3646.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3646.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3646", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38783", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38909", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38891", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38811", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38686", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.3876", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38774", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38708", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39029", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39214", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39236", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39156", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.3921", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39226", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39238", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39201", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39182", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39207", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39118", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3646" }, { "reference_url": "https://bugs.launchpad.net/keystone/+bug/1443598", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/keystone/+bug/1443598" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3646", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3646" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/keystone", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone" }, { "reference_url": "https://web.archive.org/web/20210122154200/http://www.securityfocus.com/bid/74456", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20210122154200/http://www.securityfocus.com/bid/74456" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1218640", "reference_id": "1218640", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1218640" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3646", "reference_id": "CVE-2015-3646", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3646" }, { "reference_url": "https://github.com/advisories/GHSA-jwpw-ppj5-7h4w", "reference_id": "GHSA-jwpw-ppj5-7h4w", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jwpw-ppj5-7h4w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037392?format=api", "purl": "pkg:deb/debian/keystone@2:9.0.0-2~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-96bg-ytf8-9fhd" }, { "vulnerability": "VCID-gdk6-a746-6fac" }, { "vulnerability": "VCID-p5un-b12x-tuh5" }, { "vulnerability": "VCID-qyjh-md45-hyhh" }, { "vulnerability": "VCID-r25g-be38-b3be" }, { "vulnerability": "VCID-rgkw-6ews-rked" }, { "vulnerability": "VCID-t2ap-zxfa-fkhe" }, { "vulnerability": "VCID-w6e4-zd31-g7hu" }, { "vulnerability": "VCID-wc5s-25xb-rqaa" }, { "vulnerability": "VCID-ztee-sxym-zffv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:9.0.0-2~bpo8%252B1" } ], "aliases": [ "CVE-2015-3646", "GHSA-jwpw-ppj5-7h4w" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9dhg-r711-yfg6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5978?format=api", "vulnerability_id": "VCID-gdk6-a746-6fac", "summary": "OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforce_scope is false. Users with a role on a project are able to view any other users' credentials, which could (for example) leak sign-on information for Time-based One Time Passwords (TOTP). Deployments with enforce_scope set to false are affected. (There will be a slight performance impact for the list credentials API once this issue is fixed.)", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4358", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:4358" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19687.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19687.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19687", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.72573", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.72791", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.72737", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.72712", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.72566", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.72589", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.72565", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.72748", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.72723", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.72693", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.72702", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.72706", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.72697", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.72655", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.72664", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.72654", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.72612", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.72622", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.72639", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.72616", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00728", "scoring_system": "epss", "scoring_elements": "0.72604", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19687" }, { "reference_url": "https://bugs.launchpad.net/keystone/+bug/1855080", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/keystone/+bug/1855080" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781470", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19687", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19687" }, { "reference_url": "https://github.com/openstack/keystone", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone" }, { "reference_url": "https://github.com/openstack/keystone/commit/17947516b0095c51da5cff94771247f2e7c44ee6", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/17947516b0095c51da5cff94771247f2e7c44ee6" }, { "reference_url": "https://github.com/openstack/keystone/commit/17c337dbdbfb9d548ad531c2ad0483c9bce5b98f", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/17c337dbdbfb9d548ad531c2ad0483c9bce5b98f" }, { "reference_url": "https://github.com/openstack/keystone/commit/bd3f63787151183f4daa43578aa491856fefae5b", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/bd3f63787151183f4daa43578aa491856fefae5b" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2019-29.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2019-29.yaml" }, { "reference_url": "https://git.openstack.org/cgit/openstack/keystone/commit/?id=17947516b0095c51da5cff94771247f2e7c44ee6", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.openstack.org/cgit/openstack/keystone/commit/?id=17947516b0095c51da5cff94771247f2e7c44ee6" }, { "reference_url": "https://git.openstack.org/cgit/openstack/keystone/commit/?id=17c337dbdbfb9d548ad531c2ad0483c9bce5b98f", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.openstack.org/cgit/openstack/keystone/commit/?id=17c337dbdbfb9d548ad531c2ad0483c9bce5b98f" }, { "reference_url": "https://git.openstack.org/cgit/openstack/keystone/commit/?id=bd3f63787151183f4daa43578aa491856fefae5b", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.openstack.org/cgit/openstack/keystone/commit/?id=bd3f63787151183f4daa43578aa491856fefae5b" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19687", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19687" }, { "reference_url": "https://review.opendev.org/#/c/697355", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.opendev.org/#/c/697355" }, { "reference_url": "https://review.opendev.org/#/c/697355/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://review.opendev.org/#/c/697355/" }, { "reference_url": "https://review.opendev.org/#/c/697611", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.opendev.org/#/c/697611" }, { "reference_url": "https://review.opendev.org/#/c/697611/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://review.opendev.org/#/c/697611/" }, { "reference_url": "https://review.opendev.org/#/c/697731", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.opendev.org/#/c/697731" }, { "reference_url": "https://review.opendev.org/#/c/697731/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://review.opendev.org/#/c/697731/" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2019-006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2019-006.html" }, { "reference_url": "https://usn.ubuntu.com/4262-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4262-1" }, { "reference_url": "https://usn.ubuntu.com/4262-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4262-1/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/12/11/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2019/12/11/8" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946614", "reference_id": "946614", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946614" }, { "reference_url": "https://github.com/advisories/GHSA-2j23-fwqm-mgwr", "reference_id": "GHSA-2j23-fwqm-mgwr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2j23-fwqm-mgwr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051594?format=api", "purl": "pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6wj2-abbb-xqf6" }, { "vulnerability": "VCID-93vc-hgec-nfe6" }, { "vulnerability": "VCID-r25g-be38-b3be" }, { "vulnerability": "VCID-z3vj-se4e-hbgw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1" } ], "aliases": [ "CVE-2019-19687", "GHSA-2j23-fwqm-mgwr", "PYSEC-2019-29" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gdk6-a746-6fac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54457?format=api", "vulnerability_id": "VCID-p5un-b12x-tuh5", "summary": "OpenStack Keystone allows information disclosure during account locking\nOpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). By guessing the name of an account and failing to authenticate multiple times, any unauthenticated actor could both confirm the account exists and obtain that account's corresponding UUID, which might be leveraged for other unrelated attacks. All deployments enabling security_compliance.lockout_failure_attempts are affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-38155", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72781", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.73006", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72954", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.7293", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72968", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72943", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72917", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72922", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72925", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72915", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72874", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72882", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72872", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72838", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72855", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.7283", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72817", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72779", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72802", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72775", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-38155" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38155", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38155" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/keystone", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone" }, { "reference_url": "https://github.com/openstack/keystone/commit/1b573ae7d1c20e0ebfbde79bbe7538a09589c75d", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/1b573ae7d1c20e0ebfbde79bbe7538a09589c75d" }, { "reference_url": "https://github.com/openstack/keystone/commit/8ab4eb27be4c13c9bab2b3ea700f00a190521bf8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/8ab4eb27be4c13c9bab2b3ea700f00a190521bf8" }, { "reference_url": "https://github.com/openstack/keystone/commit/ac2631ae33445877094cdae796fbcdce8833a626", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/ac2631ae33445877094cdae796fbcdce8833a626" }, { "reference_url": "https://launchpad.net/bugs/1688137", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/bugs/1688137" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00007.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00007.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38155", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38155" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2021-003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2021-003.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/08/10/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/08/10/5" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992070", "reference_id": "992070", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992070" }, { "reference_url": "https://github.com/advisories/GHSA-4225-97pr-rr52", "reference_id": "GHSA-4225-97pr-rr52", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4225-97pr-rr52" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1051594?format=api", "purl": "pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6wj2-abbb-xqf6" }, { "vulnerability": "VCID-93vc-hgec-nfe6" }, { "vulnerability": "VCID-r25g-be38-b3be" }, { "vulnerability": "VCID-z3vj-se4e-hbgw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1" } ], "aliases": [ "CVE-2021-38155", "GHSA-4225-97pr-rr52" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p5un-b12x-tuh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6078?format=api", "vulnerability_id": "VCID-qyjh-md45-hyhh", "summary": "An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12691.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12691.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12691", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03566", "scoring_system": "epss", "scoring_elements": "0.87733", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.03566", "scoring_system": "epss", "scoring_elements": "0.8773", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.03566", "scoring_system": "epss", "scoring_elements": "0.87734", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.03566", "scoring_system": "epss", "scoring_elements": "0.87719", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03566", "scoring_system": "epss", "scoring_elements": "0.87722", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03566", "scoring_system": "epss", "scoring_elements": "0.87728", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03566", "scoring_system": "epss", "scoring_elements": "0.87717", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03566", "scoring_system": "epss", "scoring_elements": "0.8771", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03566", "scoring_system": "epss", "scoring_elements": "0.87689", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03566", "scoring_system": "epss", "scoring_elements": "0.87688", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03566", "scoring_system": "epss", "scoring_elements": "0.87675", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03566", "scoring_system": "epss", "scoring_elements": "0.87665", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03566", "scoring_system": "epss", "scoring_elements": "0.87843", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.03566", "scoring_system": "epss", "scoring_elements": "0.87811", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.03566", "scoring_system": "epss", "scoring_elements": "0.87797", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.03566", "scoring_system": "epss", "scoring_elements": "0.87801", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.03566", "scoring_system": "epss", "scoring_elements": "0.87783", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.03566", "scoring_system": "epss", "scoring_elements": "0.87768", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.03566", "scoring_system": "epss", "scoring_elements": "0.87753", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.03566", "scoring_system": "epss", "scoring_elements": "0.87755", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.03566", "scoring_system": "epss", "scoring_elements": "0.87748", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12691" }, { "reference_url": "https://bugs.launchpad.net/keystone/+bug/1872733", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/keystone/+bug/1872733" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/keystone", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone" }, { "reference_url": "https://github.com/openstack/keystone/commit/37e9907a176dad6843819b1bec4946c3aecc4548", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/37e9907a176dad6843819b1bec4946c3aecc4548" }, { "reference_url": "https://github.com/openstack/keystone/commit/40cbb7bebd50276412daa1981ff5a7c7b3b899a5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/40cbb7bebd50276412daa1981ff5a7c7b3b899a5" }, { "reference_url": "https://github.com/openstack/keystone/commit/95b2bbeab113d9f04d1c81f7f1b48bf692bce979", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/95b2bbeab113d9f04d1c81f7f1b48bf692bce979" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-55.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-55.yaml" }, { "reference_url": "https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12691", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12691" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2020-004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2020-004.html" }, { "reference_url": "https://usn.ubuntu.com/4480-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4480-1" }, { "reference_url": "https://usn.ubuntu.com/4480-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4480-1/" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2020/05/06/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2020/05/06/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/05/07/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2020/05/07/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1830384", "reference_id": "1830384", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1830384" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900", "reference_id": "959900", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900" }, { "reference_url": "https://github.com/advisories/GHSA-4427-7f3w-mqv6", "reference_id": "GHSA-4427-7f3w-mqv6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4427-7f3w-mqv6" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2732", "reference_id": "RHSA-2020:2732", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2732" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3096", "reference_id": "RHSA-2020:3096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3096" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3102", "reference_id": "RHSA-2020:3102", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3102" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3105", "reference_id": "RHSA-2020:3105", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3105" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037954?format=api", "purl": "pkg:deb/debian/keystone@2:14.2.0-0%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gdk6-a746-6fac" }, { "vulnerability": "VCID-p5un-b12x-tuh5" }, { "vulnerability": "VCID-qyjh-md45-hyhh" }, { "vulnerability": "VCID-r25g-be38-b3be" }, { "vulnerability": "VCID-rgkw-6ews-rked" }, { "vulnerability": "VCID-w6e4-zd31-g7hu" }, { "vulnerability": "VCID-wc5s-25xb-rqaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:14.2.0-0%252Bdeb10u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1051594?format=api", "purl": "pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6wj2-abbb-xqf6" }, { "vulnerability": "VCID-93vc-hgec-nfe6" }, { "vulnerability": "VCID-r25g-be38-b3be" }, { "vulnerability": "VCID-z3vj-se4e-hbgw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1" } ], "aliases": [ "CVE-2020-12691", "GHSA-4427-7f3w-mqv6", "PYSEC-2020-55" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qyjh-md45-hyhh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/22337?format=api", "vulnerability_id": "VCID-r25g-be38-b3be", "summary": "OpenStack Keystone allows /v3/ec2tokens or /v3/s3tokens request with valid AWS Signature to provide Keystone authorization.\nOpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65073.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65073.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-65073", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07203", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07294", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07329", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07287", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07208", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08982", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09011", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09018", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08947", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08798", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.08884", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09079", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15139", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15126", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15193", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.14999", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15087", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15105", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15067", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15006", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-65073" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65073", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65073" }, { "reference_url": "https://github.com/openstack/keystone", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2025/11/04/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-17T16:34:17Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2025/11/04/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/11/17/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/11/17/6" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120053", "reference_id": "1120053", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120053" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415344", "reference_id": "2415344", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415344" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65073", "reference_id": "CVE-2025-65073", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65073" }, { "reference_url": "https://github.com/advisories/GHSA-hcqg-5g63-7j9h", "reference_id": "GHSA-hcqg-5g63-7j9h", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hcqg-5g63-7j9h" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1958", "reference_id": "RHSA-2026:1958", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1958" }, { "reference_url": "https://usn.ubuntu.com/7926-1/", "reference_id": "USN-7926-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7926-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1053030?format=api", "purl": "pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6wj2-abbb-xqf6" }, { "vulnerability": "VCID-93vc-hgec-nfe6" }, { "vulnerability": "VCID-z3vj-se4e-hbgw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1" } ], "aliases": [ "CVE-2025-65073", "GHSA-hcqg-5g63-7j9h" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r25g-be38-b3be" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6076?format=api", "vulnerability_id": "VCID-rgkw-6ews-rked", "summary": "An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12689.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12689.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12689", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01066", "scoring_system": "epss", "scoring_elements": "0.77637", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01066", "scoring_system": "epss", "scoring_elements": "0.77695", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01066", "scoring_system": "epss", "scoring_elements": "0.77696", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01066", "scoring_system": "epss", "scoring_elements": "0.77713", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01066", "scoring_system": "epss", "scoring_elements": "0.77686", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01066", "scoring_system": "epss", "scoring_elements": "0.77681", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01066", "scoring_system": "epss", "scoring_elements": "0.77653", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01066", "scoring_system": "epss", "scoring_elements": "0.77671", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01066", "scoring_system": "epss", "scoring_elements": "0.77644", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01066", "scoring_system": "epss", "scoring_elements": "0.77893", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.01066", "scoring_system": "epss", "scoring_elements": "0.77848", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.01066", "scoring_system": "epss", "scoring_elements": "0.7783", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.01066", "scoring_system": "epss", "scoring_elements": "0.77841", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01066", "scoring_system": "epss", "scoring_elements": "0.77823", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01066", "scoring_system": "epss", "scoring_elements": "0.77793", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01066", "scoring_system": "epss", "scoring_elements": "0.77781", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01066", "scoring_system": "epss", "scoring_elements": "0.77765", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01066", "scoring_system": "epss", "scoring_elements": "0.77756", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01066", "scoring_system": "epss", "scoring_elements": "0.77725", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01066", "scoring_system": "epss", "scoring_elements": "0.77731", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01066", "scoring_system": "epss", "scoring_elements": "0.77732", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12689" }, { "reference_url": "https://bugs.launchpad.net/keystone/+bug/1872735", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/keystone/+bug/1872735" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/keystone", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone" }, { "reference_url": "https://github.com/openstack/keystone/commit/37e9907a176dad6843819b1bec4946c3aecc4548", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/37e9907a176dad6843819b1bec4946c3aecc4548" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-53.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-53.yaml" }, { "reference_url": "https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12689", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12689" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2020-004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2020-004.html" }, { "reference_url": "https://usn.ubuntu.com/4480-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4480-1" }, { "reference_url": "https://usn.ubuntu.com/4480-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4480-1/" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2020/05/06/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2020/05/06/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/05/07/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2020/05/07/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1830396", "reference_id": "1830396", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1830396" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900", "reference_id": "959900", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900" }, { "reference_url": "https://github.com/advisories/GHSA-chgw-36xv-47cw", "reference_id": "GHSA-chgw-36xv-47cw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-chgw-36xv-47cw" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2732", "reference_id": "RHSA-2020:2732", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2732" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3096", "reference_id": "RHSA-2020:3096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3096" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3102", "reference_id": "RHSA-2020:3102", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3102" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3105", "reference_id": "RHSA-2020:3105", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3105" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037954?format=api", "purl": "pkg:deb/debian/keystone@2:14.2.0-0%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gdk6-a746-6fac" }, { "vulnerability": "VCID-p5un-b12x-tuh5" }, { "vulnerability": "VCID-qyjh-md45-hyhh" }, { "vulnerability": "VCID-r25g-be38-b3be" }, { "vulnerability": "VCID-rgkw-6ews-rked" }, { "vulnerability": "VCID-w6e4-zd31-g7hu" }, { "vulnerability": "VCID-wc5s-25xb-rqaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:14.2.0-0%252Bdeb10u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1051594?format=api", "purl": "pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6wj2-abbb-xqf6" }, { "vulnerability": "VCID-93vc-hgec-nfe6" }, { "vulnerability": "VCID-r25g-be38-b3be" }, { "vulnerability": "VCID-z3vj-se4e-hbgw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1" } ], "aliases": [ "CVE-2020-12689", "GHSA-chgw-36xv-47cw", "PYSEC-2020-53" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rgkw-6ews-rked" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5514?format=api", "vulnerability_id": "VCID-t2ap-zxfa-fkhe", "summary": "The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4911.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4911.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4911", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53616", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53751", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53678", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53653", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.537", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53718", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53714", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53676", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53693", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.5371", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53661", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53663", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53611", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53644", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53592", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53691", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53638", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.5364", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00304", "scoring_system": "epss", "scoring_elements": "0.53675", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4911" }, { "reference_url": "https://bugs.launchpad.net/keystone/+bug/1577558", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/keystone/+bug/1577558" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4911", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4911" }, { "reference_url": "https://github.com/openstack/keystone", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone" }, { "reference_url": "https://github.com/openstack/keystone/commit/0d376025bae61bf5ee19d992c7f336b99ac69240", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/0d376025bae61bf5ee19d992c7f336b99ac69240" }, { "reference_url": "https://github.com/openstack/keystone/commit/ee1dc941042d1f71699971c5c30566af1b348572", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/ee1dc941042d1f71699971c5c30566af1b348572" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2016-38.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2016-38.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4911", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:P/A:N" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4911" }, { "reference_url": "https://review.openstack.org/#/c/311886", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/311886" }, { "reference_url": "https://review.openstack.org/#/c/311886/", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://review.openstack.org/#/c/311886/" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2016-008.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2016-008.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/05/17/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/05/17/10" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2016/05/17/11", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2016/05/17/11" }, { "reference_url": "http://www.securityfocus.com/bid/90728", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "http://www.securityfocus.com/bid/90728" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1337079", "reference_id": "1337079", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1337079" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824683", "reference_id": "824683", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824683" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc3:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-f82m-w3p3-cgp3", "reference_id": "GHSA-f82m-w3p3-cgp3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f82m-w3p3-cgp3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037393?format=api", "purl": "pkg:deb/debian/keystone@2:10.0.0-9%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gdk6-a746-6fac" }, { "vulnerability": "VCID-p5un-b12x-tuh5" }, { "vulnerability": "VCID-qyjh-md45-hyhh" }, { "vulnerability": "VCID-r25g-be38-b3be" }, { "vulnerability": "VCID-rgkw-6ews-rked" }, { "vulnerability": "VCID-w6e4-zd31-g7hu" }, { "vulnerability": "VCID-wc5s-25xb-rqaa" }, { "vulnerability": "VCID-ztee-sxym-zffv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:10.0.0-9%252Bdeb9u1" } ], "aliases": [ "CVE-2016-4911", "GHSA-f82m-w3p3-cgp3", "PYSEC-2016-38" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t2ap-zxfa-fkhe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6079?format=api", "vulnerability_id": "VCID-w6e4-zd31-g7hu", "summary": "An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. This results in the provided keystone token having more role assignments than the creator intended, possibly giving unintended escalated access.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12690.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12690.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12690", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00817", "scoring_system": "epss", "scoring_elements": "0.7451", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00817", "scoring_system": "epss", "scoring_elements": "0.74454", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00817", "scoring_system": "epss", "scoring_elements": "0.74433", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00817", "scoring_system": "epss", "scoring_elements": "0.74288", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00817", "scoring_system": "epss", "scoring_elements": "0.7438", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00817", "scoring_system": "epss", "scoring_elements": "0.74372", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00817", "scoring_system": "epss", "scoring_elements": "0.74335", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00817", "scoring_system": "epss", "scoring_elements": "0.74343", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00817", "scoring_system": "epss", "scoring_elements": "0.74363", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00817", "scoring_system": "epss", "scoring_elements": "0.74342", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00817", "scoring_system": "epss", "scoring_elements": "0.74327", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00817", "scoring_system": "epss", "scoring_elements": "0.74294", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00817", "scoring_system": "epss", "scoring_elements": "0.74321", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00817", "scoring_system": "epss", "scoring_elements": "0.74293", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00817", "scoring_system": "epss", "scoring_elements": "0.74467", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00817", "scoring_system": "epss", "scoring_elements": "0.74441", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00817", "scoring_system": "epss", "scoring_elements": "0.74411", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00817", "scoring_system": "epss", "scoring_elements": "0.74414", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00817", "scoring_system": "epss", "scoring_elements": "0.74415", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00817", "scoring_system": "epss", "scoring_elements": "0.74407", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00817", "scoring_system": "epss", "scoring_elements": "0.74373", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12690" }, { "reference_url": "https://bugs.launchpad.net/keystone/+bug/1873290", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/keystone/+bug/1873290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-6m8p-x4qw-gh5j", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6m8p-x4qw-gh5j" }, { "reference_url": "https://github.com/openstack/keystone", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-54.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-54.yaml" }, { "reference_url": "https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12690", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12690" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2020-005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2020-005.html" }, { "reference_url": "https://usn.ubuntu.com/4480-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4480-1" }, { "reference_url": "https://usn.ubuntu.com/4480-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4480-1/" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2020/05/06/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2020/05/06/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/05/07/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2020/05/07/3" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1830395", "reference_id": "1830395", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1830395" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900", "reference_id": "959900", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3102", "reference_id": "RHSA-2020:3102", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3102" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3105", "reference_id": "RHSA-2020:3105", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3105" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037954?format=api", "purl": "pkg:deb/debian/keystone@2:14.2.0-0%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gdk6-a746-6fac" }, { "vulnerability": "VCID-p5un-b12x-tuh5" }, { "vulnerability": "VCID-qyjh-md45-hyhh" }, { "vulnerability": "VCID-r25g-be38-b3be" }, { "vulnerability": "VCID-rgkw-6ews-rked" }, { "vulnerability": "VCID-w6e4-zd31-g7hu" }, { "vulnerability": "VCID-wc5s-25xb-rqaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:14.2.0-0%252Bdeb10u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1051594?format=api", "purl": "pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6wj2-abbb-xqf6" }, { "vulnerability": "VCID-93vc-hgec-nfe6" }, { "vulnerability": "VCID-r25g-be38-b3be" }, { "vulnerability": "VCID-z3vj-se4e-hbgw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1" } ], "aliases": [ "CVE-2020-12690", "GHSA-6m8p-x4qw-gh5j", "PYSEC-2020-54" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w6e4-zd31-g7hu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6077?format=api", "vulnerability_id": "VCID-wc5s-25xb-rqaa", "summary": "An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12692.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12692.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12692", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.33678", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.33601", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.33578", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.33785", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34174", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34197", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34238", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34209", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34166", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34303", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.3427", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.33668", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.33625", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.33556", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.33675", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.33762", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.33931", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34158", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34194", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34207", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12692" }, { "reference_url": "https://bugs.launchpad.net/keystone/+bug/1872737", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/keystone/+bug/1872737" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/keystone", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-56.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-56.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12692", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12692" }, { "reference_url": "https://opendev.org/openstack/keystone/commit/ab89ea749013e7f2c46260f68504f5687763e019", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/keystone/commit/ab89ea749013e7f2c46260f68504f5687763e019" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2020-003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2020-003.html" }, { "reference_url": "https://usn.ubuntu.com/4480-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4480-1" }, { "reference_url": "https://usn.ubuntu.com/4480-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4480-1/" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2020/05/06/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2020/05/06/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/05/07/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2020/05/07/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1833164", "reference_id": "1833164", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1833164" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900", "reference_id": "959900", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900" }, { "reference_url": "https://github.com/advisories/GHSA-rqw2-hhrf-7936", "reference_id": "GHSA-rqw2-hhrf-7936", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rqw2-hhrf-7936" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2732", "reference_id": "RHSA-2020:2732", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2732" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3102", "reference_id": "RHSA-2020:3102", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3102" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3105", "reference_id": "RHSA-2020:3105", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3105" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037954?format=api", "purl": "pkg:deb/debian/keystone@2:14.2.0-0%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gdk6-a746-6fac" }, { "vulnerability": "VCID-p5un-b12x-tuh5" }, { "vulnerability": "VCID-qyjh-md45-hyhh" }, { "vulnerability": "VCID-r25g-be38-b3be" }, { "vulnerability": "VCID-rgkw-6ews-rked" }, { "vulnerability": "VCID-w6e4-zd31-g7hu" }, { "vulnerability": "VCID-wc5s-25xb-rqaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:14.2.0-0%252Bdeb10u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1051594?format=api", "purl": "pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6wj2-abbb-xqf6" }, { "vulnerability": "VCID-93vc-hgec-nfe6" }, { "vulnerability": "VCID-r25g-be38-b3be" }, { "vulnerability": "VCID-z3vj-se4e-hbgw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1" } ], "aliases": [ "CVE-2020-12692", "GHSA-rqw2-hhrf-7936", "PYSEC-2020-56" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wc5s-25xb-rqaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/73837?format=api", "vulnerability_id": "VCID-ztee-sxym-zffv", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14432.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14432.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14432", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01139", "scoring_system": "epss", "scoring_elements": "0.78351", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01139", "scoring_system": "epss", "scoring_elements": "0.78357", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01139", "scoring_system": "epss", "scoring_elements": "0.78388", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01139", "scoring_system": "epss", "scoring_elements": "0.78372", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01139", "scoring_system": "epss", "scoring_elements": "0.78398", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01139", "scoring_system": "epss", "scoring_elements": "0.78404", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01139", "scoring_system": "epss", "scoring_elements": "0.7843", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01139", "scoring_system": "epss", "scoring_elements": "0.78412", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01139", "scoring_system": "epss", "scoring_elements": "0.78405", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01139", "scoring_system": "epss", "scoring_elements": "0.78434", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01139", "scoring_system": "epss", "scoring_elements": "0.78432", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01139", "scoring_system": "epss", "scoring_elements": "0.78428", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01139", "scoring_system": "epss", "scoring_elements": "0.78461", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01139", "scoring_system": "epss", "scoring_elements": "0.78469", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01139", "scoring_system": "epss", "scoring_elements": "0.78484", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01139", "scoring_system": "epss", "scoring_elements": "0.78498", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01139", "scoring_system": "epss", "scoring_elements": "0.78522", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01139", "scoring_system": "epss", "scoring_elements": "0.78539", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01139", "scoring_system": "epss", "scoring_elements": "0.78536", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.01139", "scoring_system": "epss", "scoring_elements": "0.78551", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.01139", "scoring_system": "epss", "scoring_elements": "0.78589", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14432" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14432", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14432" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1606868", "reference_id": "1606868", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1606868" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904616", "reference_id": "904616", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904616" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2523", "reference_id": "RHSA-2018:2523", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2523" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2533", "reference_id": "RHSA-2018:2533", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2533" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2543", "reference_id": "RHSA-2018:2543", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2543" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037393?format=api", "purl": "pkg:deb/debian/keystone@2:10.0.0-9%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gdk6-a746-6fac" }, { "vulnerability": "VCID-p5un-b12x-tuh5" }, { "vulnerability": "VCID-qyjh-md45-hyhh" }, { "vulnerability": "VCID-r25g-be38-b3be" }, { "vulnerability": "VCID-rgkw-6ews-rked" }, { "vulnerability": "VCID-w6e4-zd31-g7hu" }, { "vulnerability": "VCID-wc5s-25xb-rqaa" }, { "vulnerability": "VCID-ztee-sxym-zffv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:10.0.0-9%252Bdeb9u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037954?format=api", "purl": "pkg:deb/debian/keystone@2:14.2.0-0%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gdk6-a746-6fac" }, { "vulnerability": "VCID-p5un-b12x-tuh5" }, { "vulnerability": "VCID-qyjh-md45-hyhh" }, { "vulnerability": "VCID-r25g-be38-b3be" }, { "vulnerability": "VCID-rgkw-6ews-rked" }, { "vulnerability": "VCID-w6e4-zd31-g7hu" }, { "vulnerability": "VCID-wc5s-25xb-rqaa" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:14.2.0-0%252Bdeb10u1" } ], "aliases": [ "CVE-2018-14432" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ztee-sxym-zffv" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5378?format=api", "vulnerability_id": "VCID-44u3-6h7t-dbah", "summary": "The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, related to an \"interaction between eventlet and python-memcached.\"", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0382.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0382.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0409.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0409.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0105.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0105.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0105", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.59041", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58819", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58894", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58916", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58883", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58935", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.5894", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58959", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58941", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58922", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58957", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.5896", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58939", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58921", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58937", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58931", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58989", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58943", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00371", "scoring_system": "epss", "scoring_elements": "0.58972", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0105" }, { "reference_url": "https://bugs.launchpad.net/python-keystoneclient/+bug/1282865", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/python-keystoneclient/+bug/1282865" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0105", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0105" }, { "reference_url": "https://github.com/openstack/python-keystoneclient", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/python-keystoneclient" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/python-keystoneclient/PYSEC-2014-70.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/python-keystoneclient/PYSEC-2014-70.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0105", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0105" }, { "reference_url": "https://review.opendev.org/c/openstack/python-keystoneclient/+/81078", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.opendev.org/c/openstack/python-keystoneclient/+/81078" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/03/27/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/03/27/4" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1082165", "reference_id": "1082165", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1082165" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742898", "reference_id": "742898", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742898" }, { "reference_url": "https://github.com/advisories/GHSA-gwvq-rgqf-993f", "reference_id": "GHSA-gwvq-rgqf-993f", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gwvq-rgqf-993f" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0382", "reference_id": "RHSA-2014:0382", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0382" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0409", "reference_id": "RHSA-2014:0409", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0409" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0442", "reference_id": "RHSA-2014:0442", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0442" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037391?format=api", "purl": "pkg:deb/debian/keystone@2014.1.3-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-844e-r6mn-bqh5" }, { "vulnerability": "VCID-96bg-ytf8-9fhd" }, { "vulnerability": "VCID-9dhg-r711-yfg6" }, { "vulnerability": "VCID-gdk6-a746-6fac" }, { "vulnerability": "VCID-p5un-b12x-tuh5" }, { "vulnerability": "VCID-qyjh-md45-hyhh" }, { "vulnerability": "VCID-r25g-be38-b3be" }, { "vulnerability": "VCID-rgkw-6ews-rked" }, { "vulnerability": "VCID-t2ap-zxfa-fkhe" }, { "vulnerability": "VCID-w6e4-zd31-g7hu" }, { "vulnerability": "VCID-wc5s-25xb-rqaa" }, { "vulnerability": "VCID-ztee-sxym-zffv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6" } ], "aliases": [ "CVE-2014-0105", "GHSA-gwvq-rgqf-993f", "PYSEC-2014-70" ], "risk_score": 2.7, "exploitability": "0.5", "weighted_severity": "5.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-44u3-6h7t-dbah" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86595?format=api", "vulnerability_id": "VCID-5atx-veu5-kud6", "summary": "OpenStack: Keystone disabling a tenant does not disable a user token", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4222.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4222.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4222", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68814", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68833", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68853", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68834", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68884", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68903", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68925", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68911", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68882", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68923", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68933", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68961", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68967", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68973", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68953", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68997", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.69031", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.68998", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.69023", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0058", "scoring_system": "epss", "scoring_elements": "0.69074", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4222" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4222", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4222" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719290", "reference_id": "719290", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719290" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=995598", "reference_id": "995598", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=995598" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1524", "reference_id": "RHSA-2013:1524", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1524" }, { "reference_url": "https://usn.ubuntu.com/2002-1/", "reference_id": "USN-2002-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2002-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037391?format=api", "purl": "pkg:deb/debian/keystone@2014.1.3-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-844e-r6mn-bqh5" }, { "vulnerability": "VCID-96bg-ytf8-9fhd" }, { "vulnerability": "VCID-9dhg-r711-yfg6" }, { "vulnerability": "VCID-gdk6-a746-6fac" }, { "vulnerability": "VCID-p5un-b12x-tuh5" }, { "vulnerability": "VCID-qyjh-md45-hyhh" }, { "vulnerability": "VCID-r25g-be38-b3be" }, { "vulnerability": "VCID-rgkw-6ews-rked" }, { "vulnerability": "VCID-t2ap-zxfa-fkhe" }, { "vulnerability": "VCID-w6e4-zd31-g7hu" }, { "vulnerability": "VCID-wc5s-25xb-rqaa" }, { "vulnerability": "VCID-ztee-sxym-zffv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6" } ], "aliases": [ "CVE-2013-4222" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5atx-veu5-kud6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86436?format=api", "vulnerability_id": "VCID-655y-mj8k-dbb2", "summary": "Keystone: trust circumvention through EC2-style tokens", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6391.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6391.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6391", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65778", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65827", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65857", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65823", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65875", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65887", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65906", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65893", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65863", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65899", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65913", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65902", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65912", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65923", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65921", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65896", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65942", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65986", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65956", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.65975", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.66033", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-6391" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6391", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6391" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039164", "reference_id": "1039164", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039164" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731981", "reference_id": "731981", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0089", "reference_id": "RHSA-2014:0089", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0089" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0368", "reference_id": "RHSA-2014:0368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0368" }, { "reference_url": "https://usn.ubuntu.com/2061-1/", "reference_id": "USN-2061-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2061-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037391?format=api", "purl": "pkg:deb/debian/keystone@2014.1.3-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-844e-r6mn-bqh5" }, { "vulnerability": "VCID-96bg-ytf8-9fhd" }, { "vulnerability": "VCID-9dhg-r711-yfg6" }, { "vulnerability": "VCID-gdk6-a746-6fac" }, { "vulnerability": "VCID-p5un-b12x-tuh5" }, { "vulnerability": "VCID-qyjh-md45-hyhh" }, { "vulnerability": "VCID-r25g-be38-b3be" }, { "vulnerability": "VCID-rgkw-6ews-rked" }, { "vulnerability": "VCID-t2ap-zxfa-fkhe" }, { "vulnerability": "VCID-w6e4-zd31-g7hu" }, { "vulnerability": "VCID-wc5s-25xb-rqaa" }, { "vulnerability": "VCID-ztee-sxym-zffv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6" } ], "aliases": [ "CVE-2013-6391" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-655y-mj8k-dbb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14998?format=api", "vulnerability_id": "VCID-6cy4-grme-mka1", "summary": "OpenStack Identity Keystone Improper Privilege Management\nOpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0204.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0204.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0204", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57733", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57687", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57667", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57697", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57671", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57629", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57649", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57628", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57583", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57691", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57666", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57554", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57638", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.5766", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57636", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.5769", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57693", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57708", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0204" }, { "reference_url": "https://bugs.launchpad.net/keystone/+bug/1309228", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/keystone/+bug/1309228" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0204", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0204" }, { "reference_url": "https://github.com/openstack/keystone/commit/729dcad7384ba66ee7494154969cdd7ae90d86ee", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/729dcad7384ba66ee7494154969cdd7ae90d86ee" }, { "reference_url": "https://github.com/openstack/keystone/commit/786af9829c5329a982e3451f77afebbfb21850bd", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/786af9829c5329a982e3451f77afebbfb21850bd" }, { "reference_url": "https://github.com/openstack/keystone/commit/97dfd55ad1b40365754dcbfce856f7ffae280a44", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/97dfd55ad1b40365754dcbfce856f7ffae280a44" }, { "reference_url": "https://github.com/openstack/keystone/commit/f0eee2f3b48dd0cffb9f75e396da2d914925cba5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/f0eee2f3b48dd0cffb9f75e396da2d914925cba5" }, { "reference_url": "https://review.openstack.org/#/c/94396", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/94396" }, { "reference_url": "https://review.openstack.org/#/c/94396/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://review.openstack.org/#/c/94396/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/05/21/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/05/21/3" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1095981", "reference_id": "1095981", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1095981" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749026", "reference_id": "749026", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749026" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0204", "reference_id": "CVE-2014-0204", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0204" }, { "reference_url": "https://github.com/advisories/GHSA-c4p9-87h3-7vr4", "reference_id": "GHSA-c4p9-87h3-7vr4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c4p9-87h3-7vr4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037391?format=api", "purl": "pkg:deb/debian/keystone@2014.1.3-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-844e-r6mn-bqh5" }, { "vulnerability": "VCID-96bg-ytf8-9fhd" }, { "vulnerability": "VCID-9dhg-r711-yfg6" }, { "vulnerability": "VCID-gdk6-a746-6fac" }, { "vulnerability": "VCID-p5un-b12x-tuh5" }, { "vulnerability": "VCID-qyjh-md45-hyhh" }, { "vulnerability": "VCID-r25g-be38-b3be" }, { "vulnerability": "VCID-rgkw-6ews-rked" }, { "vulnerability": "VCID-t2ap-zxfa-fkhe" }, { "vulnerability": "VCID-w6e4-zd31-g7hu" }, { "vulnerability": "VCID-wc5s-25xb-rqaa" }, { "vulnerability": "VCID-ztee-sxym-zffv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6" } ], "aliases": [ "CVE-2014-0204", "GHSA-c4p9-87h3-7vr4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6cy4-grme-mka1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14483?format=api", "vulnerability_id": "VCID-8bat-qwmh-fyer", "summary": "OpenStack Identity (Keystone) Denial of Service\nOpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-July/111914.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-July/111914.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2014", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02372", "scoring_system": "epss", "scoring_elements": "0.85118", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.02372", "scoring_system": "epss", "scoring_elements": "0.85007", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02372", "scoring_system": "epss", "scoring_elements": "0.85014", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.02372", "scoring_system": "epss", "scoring_elements": "0.85013", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02372", "scoring_system": "epss", "scoring_elements": "0.85029", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.02372", "scoring_system": "epss", "scoring_elements": "0.85053", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.02372", "scoring_system": "epss", "scoring_elements": "0.85073", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.02372", "scoring_system": "epss", "scoring_elements": "0.8507", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.02372", "scoring_system": "epss", "scoring_elements": "0.85085", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.02372", "scoring_system": "epss", "scoring_elements": "0.84884", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02372", "scoring_system": "epss", "scoring_elements": "0.849", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02372", "scoring_system": "epss", "scoring_elements": "0.84918", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02372", "scoring_system": "epss", "scoring_elements": "0.84923", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02372", "scoring_system": "epss", "scoring_elements": "0.84946", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02372", "scoring_system": "epss", "scoring_elements": "0.84952", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02372", "scoring_system": "epss", "scoring_elements": "0.84968", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02372", "scoring_system": "epss", "scoring_elements": "0.84966", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02372", "scoring_system": "epss", "scoring_elements": "0.84962", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02372", "scoring_system": "epss", "scoring_elements": "0.84983", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02372", "scoring_system": "epss", "scoring_elements": "0.84984", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02372", "scoring_system": "epss", "scoring_elements": "0.84981", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2014" }, { "reference_url": "https://bugs.launchpad.net/keystone/+bug/1098177", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/keystone/+bug/1098177" }, { "reference_url": "https://bugs.launchpad.net/keystone/+bug/1099025", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/keystone/+bug/1099025" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2014", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2014" }, { "reference_url": "http://secunia.com/advisories/53397", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/53397" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84347", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84347" }, { "reference_url": "https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8" }, { "reference_url": "http://www.securityfocus.com/bid/59936", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/59936" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708515", "reference_id": "708515", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708515" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2014", "reference_id": "CVE-2013-2014", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2014" }, { "reference_url": "https://github.com/advisories/GHSA-7332-36h8-8jh8", "reference_id": "GHSA-7332-36h8-8jh8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7332-36h8-8jh8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037391?format=api", "purl": "pkg:deb/debian/keystone@2014.1.3-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-844e-r6mn-bqh5" }, { "vulnerability": "VCID-96bg-ytf8-9fhd" }, { "vulnerability": "VCID-9dhg-r711-yfg6" }, { "vulnerability": "VCID-gdk6-a746-6fac" }, { "vulnerability": "VCID-p5un-b12x-tuh5" }, { "vulnerability": "VCID-qyjh-md45-hyhh" }, { "vulnerability": "VCID-r25g-be38-b3be" }, { "vulnerability": "VCID-rgkw-6ews-rked" }, { "vulnerability": "VCID-t2ap-zxfa-fkhe" }, { "vulnerability": "VCID-w6e4-zd31-g7hu" }, { "vulnerability": "VCID-wc5s-25xb-rqaa" }, { "vulnerability": "VCID-ztee-sxym-zffv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6" } ], "aliases": [ "CVE-2013-2014", "GHSA-7332-36h8-8jh8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8bat-qwmh-fyer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5373?format=api", "vulnerability_id": "VCID-8tkd-pcuy-d7ax", "summary": "The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being invalidated by bulk token revocation and allows the trustee to bypass intended access restrictions.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0580.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2014-0580.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2237.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2237.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2237", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.4069", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40355", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40287", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40261", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40699", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40614", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40651", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40359", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40341", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40272", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40415", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40498", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40511", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40671", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40724", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40728", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40701", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40707", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40611", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40687", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00188", "scoring_system": "epss", "scoring_elements": "0.40716", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2237" }, { "reference_url": "https://bugs.launchpad.net/keystone/+bug/1260080", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/keystone/+bug/1260080" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2237", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2237" }, { "reference_url": "https://github.com/openstack/keystone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone" }, { "reference_url": "https://github.com/openstack/keystone/commit/813d1254eb4f7a7d40009b23bbadbc4c5cc5daac", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/813d1254eb4f7a7d40009b23bbadbc4c5cc5daac" }, { "reference_url": "https://github.com/openstack/keystone/commit/a411c944af78c36f2fdb87d305ba452dc52d7ed3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/a411c944af78c36f2fdb87d305ba452dc52d7ed3" }, { "reference_url": "https://github.com/openstack/keystone/commit/b6f0e26da0e2ab0892a5658da281a065e668637b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/b6f0e26da0e2ab0892a5658da281a065e668637b" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-105.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-105.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2237", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2237" }, { "reference_url": "https://rhn.redhat.com/errata/RHSA-2014-0580.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rhn.redhat.com/errata/RHSA-2014-0580.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/03/04/16", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/03/04/16" }, { "reference_url": "http://www.securityfocus.com/bid/65895", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/65895" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1071434", "reference_id": "1071434", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1071434" }, { "reference_url": "https://github.com/advisories/GHSA-23x9-8hxr-978c", "reference_id": "GHSA-23x9-8hxr-978c", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-23x9-8hxr-978c" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0368", "reference_id": "RHSA-2014:0368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0580", "reference_id": "RHSA-2014:0580", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0580" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037391?format=api", "purl": "pkg:deb/debian/keystone@2014.1.3-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-844e-r6mn-bqh5" }, { "vulnerability": "VCID-96bg-ytf8-9fhd" }, { "vulnerability": "VCID-9dhg-r711-yfg6" }, { "vulnerability": "VCID-gdk6-a746-6fac" }, { "vulnerability": "VCID-p5un-b12x-tuh5" }, { "vulnerability": "VCID-qyjh-md45-hyhh" }, { "vulnerability": "VCID-r25g-be38-b3be" }, { "vulnerability": "VCID-rgkw-6ews-rked" }, { "vulnerability": "VCID-t2ap-zxfa-fkhe" }, { "vulnerability": "VCID-w6e4-zd31-g7hu" }, { "vulnerability": "VCID-wc5s-25xb-rqaa" }, { "vulnerability": "VCID-ztee-sxym-zffv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6" } ], "aliases": [ "CVE-2014-2237", "GHSA-23x9-8hxr-978c", "PYSEC-2014-105" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8tkd-pcuy-d7ax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86649?format=api", "vulnerability_id": "VCID-91k2-z5s1-gbbx", "summary": "openstack-keystone: Authentication bypass when using LDAP backend", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2157.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2157.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2157", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.5217", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52213", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.5224", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52204", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52258", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52253", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52304", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52288", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52273", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52311", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52315", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52297", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52245", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52217", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52164", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52215", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52259", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.5222", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52244", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52326", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2157" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712160", "reference_id": "712160", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712160" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=971884", "reference_id": "971884", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=971884" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0994", "reference_id": "RHSA-2013:0994", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0994" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1083", "reference_id": "RHSA-2013:1083", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1083" }, { "reference_url": "https://usn.ubuntu.com/1875-1/", "reference_id": "USN-1875-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1875-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037391?format=api", "purl": "pkg:deb/debian/keystone@2014.1.3-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-844e-r6mn-bqh5" }, { "vulnerability": "VCID-96bg-ytf8-9fhd" }, { "vulnerability": "VCID-9dhg-r711-yfg6" }, { "vulnerability": "VCID-gdk6-a746-6fac" }, { "vulnerability": "VCID-p5un-b12x-tuh5" }, { "vulnerability": "VCID-qyjh-md45-hyhh" }, { "vulnerability": "VCID-r25g-be38-b3be" }, { "vulnerability": "VCID-rgkw-6ews-rked" }, { "vulnerability": "VCID-t2ap-zxfa-fkhe" }, { "vulnerability": "VCID-w6e4-zd31-g7hu" }, { "vulnerability": "VCID-wc5s-25xb-rqaa" }, { "vulnerability": "VCID-ztee-sxym-zffv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6" } ], "aliases": [ "CVE-2013-2157" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-91k2-z5s1-gbbx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/86221?format=api", "vulnerability_id": "VCID-am2m-2fgu-xkfk", "summary": "openstack-keystone: Keystone V2 trusts privilege escalation through user supplied project id", "references": [ { "reference_url": "http://lists.openstack.org/pipermail/openstack-announce/2014-July/000248.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.openstack.org/pipermail/openstack-announce/2014-July/000248.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3520.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3520.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3520", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62573", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62327", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62385", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62416", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62381", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62429", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62447", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62466", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62456", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62433", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62477", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62484", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62476", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62493", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.6249", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62436", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62541", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.62495", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00428", "scoring_system": "epss", "scoring_elements": "0.6252", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3520" }, { "reference_url": "https://bugs.launchpad.net/keystone/+bug/1331912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.launchpad.net/keystone/+bug/1331912" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3520", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3520" }, { "reference_url": "http://secunia.com/advisories/59426", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/59426" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1112668", "reference_id": "1112668", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1112668" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753511", "reference_id": "753511", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753511" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3520", "reference_id": "CVE-2014-3520", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3520" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0994", "reference_id": "RHSA-2014:0994", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0994" }, { "reference_url": "https://usn.ubuntu.com/2324-1/", "reference_id": "USN-2324-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2324-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037391?format=api", "purl": "pkg:deb/debian/keystone@2014.1.3-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-844e-r6mn-bqh5" }, { "vulnerability": "VCID-96bg-ytf8-9fhd" }, { "vulnerability": "VCID-9dhg-r711-yfg6" }, { "vulnerability": "VCID-gdk6-a746-6fac" }, { "vulnerability": "VCID-p5un-b12x-tuh5" }, { "vulnerability": "VCID-qyjh-md45-hyhh" }, { "vulnerability": "VCID-r25g-be38-b3be" }, { "vulnerability": "VCID-rgkw-6ews-rked" }, { "vulnerability": "VCID-t2ap-zxfa-fkhe" }, { "vulnerability": "VCID-w6e4-zd31-g7hu" }, { "vulnerability": "VCID-wc5s-25xb-rqaa" }, { "vulnerability": "VCID-ztee-sxym-zffv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6" } ], "aliases": [ "CVE-2014-3520" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-am2m-2fgu-xkfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5316?format=api", "vulnerability_id": "VCID-cg74-2jr1-2fhp", "summary": "OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106220.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106220.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00085.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00085.html" }, { "reference_url": "http://osvdb.org/93134", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/93134" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2059", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00908", "scoring_system": "epss", "scoring_elements": "0.75764", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00908", "scoring_system": "epss", "scoring_elements": "0.75963", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00908", "scoring_system": "epss", "scoring_elements": "0.75912", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00908", "scoring_system": "epss", "scoring_elements": "0.75898", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00908", "scoring_system": "epss", "scoring_elements": "0.75913", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00908", "scoring_system": "epss", "scoring_elements": "0.75889", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00908", "scoring_system": "epss", "scoring_elements": "0.75859", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00908", "scoring_system": "epss", "scoring_elements": "0.75851", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00908", "scoring_system": "epss", "scoring_elements": "0.7584", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00908", "scoring_system": "epss", "scoring_elements": "0.7583", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00908", "scoring_system": "epss", "scoring_elements": "0.75791", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00908", "scoring_system": "epss", "scoring_elements": "0.75806", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00908", "scoring_system": "epss", "scoring_elements": "0.75802", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00908", "scoring_system": "epss", "scoring_elements": "0.7577", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00908", "scoring_system": "epss", "scoring_elements": "0.75789", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00908", "scoring_system": "epss", "scoring_elements": "0.7574", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00908", "scoring_system": "epss", "scoring_elements": "0.75753", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00908", "scoring_system": "epss", "scoring_elements": "0.75707", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00908", "scoring_system": "epss", "scoring_elements": "0.75719", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00908", "scoring_system": "epss", "scoring_elements": "0.75709", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2059" }, { "reference_url": "https://bugs.launchpad.net/keystone/+bug/1166670", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/keystone/+bug/1166670" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2059", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2059" }, { "reference_url": "http://secunia.com/advisories/53326", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/53326" }, { "reference_url": "http://secunia.com/advisories/53339", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/53339" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84135", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84135" }, { "reference_url": "https://github.com/openstack/keystone", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone" }, { "reference_url": "https://github.com/openstack/keystone/commit/33214f311aa36b17f8f5ff06bee2130bf061df8f", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/33214f311aa36b17f8f5ff06bee2130bf061df8f" }, { "reference_url": "https://github.com/openstack/keystone/commit/678b06a91f772d6be82eb54ed11f27e20f446b57", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/678b06a91f772d6be82eb54ed11f27e20f446b57" }, { "reference_url": "https://github.com/openstack/keystone/commit/992466d1dbf80a940190703dedf800d6d12dede8", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/992466d1dbf80a940190703dedf800d6d12dede8" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-41.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-41.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2059", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:P" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2059" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/05/09/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/05/09/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/05/09/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/05/09/4" }, { "reference_url": "http://www.securityfocus.com/bid/59787", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/59787" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707598", "reference_id": "707598", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707598" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2012.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:keystone:2012.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2012.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:keystone:2013.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-hj89-qmx9-8qmh", "reference_id": "GHSA-hj89-qmx9-8qmh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hj89-qmx9-8qmh" }, { "reference_url": "https://usn.ubuntu.com/1830-1/", "reference_id": "USN-1830-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1830-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037391?format=api", "purl": "pkg:deb/debian/keystone@2014.1.3-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-844e-r6mn-bqh5" }, { "vulnerability": "VCID-96bg-ytf8-9fhd" }, { "vulnerability": "VCID-9dhg-r711-yfg6" }, { "vulnerability": "VCID-gdk6-a746-6fac" }, { "vulnerability": "VCID-p5un-b12x-tuh5" }, { "vulnerability": "VCID-qyjh-md45-hyhh" }, { "vulnerability": "VCID-r25g-be38-b3be" }, { "vulnerability": "VCID-rgkw-6ews-rked" }, { "vulnerability": "VCID-t2ap-zxfa-fkhe" }, { "vulnerability": "VCID-w6e4-zd31-g7hu" }, { "vulnerability": "VCID-wc5s-25xb-rqaa" }, { "vulnerability": "VCID-ztee-sxym-zffv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6" } ], "aliases": [ "CVE-2013-2059", "GHSA-hj89-qmx9-8qmh", "PYSEC-2013-41" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cg74-2jr1-2fhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5409?format=api", "vulnerability_id": "VCID-h1xa-f7tm-tudx", "summary": "OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1121.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1121.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1122.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1122.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5253.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5253.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5253", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54249", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54086", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54103", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54133", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54108", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54159", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54157", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54207", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54189", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54168", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54206", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.5421", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54191", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54158", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54172", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54148", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54097", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54139", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54194", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54153", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54179", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5253" }, { "reference_url": "https://bugs.launchpad.net/keystone/+bug/1349597", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/keystone/+bug/1349597" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5253", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5253" }, { "reference_url": "https://github.com/openstack/keystone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone" }, { "reference_url": "https://github.com/openstack/keystone/commit/317f9d34b4da20c21edd5b851889298b67c843e1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/317f9d34b4da20c21edd5b851889298b67c843e1" }, { "reference_url": "https://github.com/openstack/keystone/commit/3e035ebb726167aef43c4a865c7e7f7d3b0978fb", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/3e035ebb726167aef43c4a865c7e7f7d3b0978fb" }, { "reference_url": "https://github.com/openstack/keystone/commit/c4447f16da036fe878382ce4e1b05b84bdcc4d4e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/c4447f16da036fe878382ce4e1b05b84bdcc4d4e" }, { "reference_url": "https://github.com/openstack/keystone/commit/cccc3f3239c68479de0f6a41bd64badf2a9ec9e7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/cccc3f3239c68479de0f6a41bd64badf2a9ec9e7" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-109.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-109.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-5253", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-5253" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/08/15/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/08/15/6" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2324-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-2324-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127253", "reference_id": "1127253", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127253" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:keystone:juno-1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:keystone:juno-2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-77w8-qv8m-386h", "reference_id": "GHSA-77w8-qv8m-386h", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-77w8-qv8m-386h" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1121", "reference_id": "RHSA-2014:1121", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1121" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1122", "reference_id": "RHSA-2014:1122", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1122" }, { "reference_url": "https://usn.ubuntu.com/2324-1/", "reference_id": "USN-2324-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2324-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037391?format=api", "purl": "pkg:deb/debian/keystone@2014.1.3-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-844e-r6mn-bqh5" }, { "vulnerability": "VCID-96bg-ytf8-9fhd" }, { "vulnerability": "VCID-9dhg-r711-yfg6" }, { "vulnerability": "VCID-gdk6-a746-6fac" }, { "vulnerability": "VCID-p5un-b12x-tuh5" }, { "vulnerability": "VCID-qyjh-md45-hyhh" }, { "vulnerability": "VCID-r25g-be38-b3be" }, { "vulnerability": "VCID-rgkw-6ews-rked" }, { "vulnerability": "VCID-t2ap-zxfa-fkhe" }, { "vulnerability": "VCID-w6e4-zd31-g7hu" }, { "vulnerability": "VCID-wc5s-25xb-rqaa" }, { "vulnerability": "VCID-ztee-sxym-zffv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6" } ], "aliases": [ "CVE-2014-5253", "GHSA-77w8-qv8m-386h", "PYSEC-2014-109" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h1xa-f7tm-tudx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5408?format=api", "vulnerability_id": "VCID-hjrj-k1wk-jbha", "summary": "The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1121.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1121.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1122.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1122.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5251.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5251.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5251", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54097", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54148", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54172", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54158", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54191", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.5421", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54206", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54168", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54189", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54207", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54157", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54159", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54103", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54249", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54179", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54153", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54194", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54139", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54133", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54086", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54108", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5251" }, { "reference_url": "https://bugs.launchpad.net/keystone/+bug/1347961", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/keystone/+bug/1347961" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5251", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5251" }, { "reference_url": "https://github.com/openstack/keystone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone" }, { "reference_url": "https://github.com/openstack/keystone/commit/6cbf835542d62e6e5db4b4aef7141b1731cad9dc", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/6cbf835542d62e6e5db4b4aef7141b1731cad9dc" }, { "reference_url": "https://github.com/openstack/keystone/commit/7aee6304f653475a4130dc3e5be602e91481f108", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/7aee6304f653475a4130dc3e5be602e91481f108" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-107.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-107.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-5251", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-5251" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/08/15/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/08/15/6" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2324-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-2324-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127259", "reference_id": "1127259", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127259" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:keystone:juno-1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:keystone:juno-2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-gmvp-5rf9-mxcm", "reference_id": "GHSA-gmvp-5rf9-mxcm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gmvp-5rf9-mxcm" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1121", "reference_id": "RHSA-2014:1121", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1121" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1122", "reference_id": "RHSA-2014:1122", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1122" }, { "reference_url": "https://usn.ubuntu.com/2324-1/", "reference_id": "USN-2324-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2324-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037391?format=api", "purl": "pkg:deb/debian/keystone@2014.1.3-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-844e-r6mn-bqh5" }, { "vulnerability": "VCID-96bg-ytf8-9fhd" }, { "vulnerability": "VCID-9dhg-r711-yfg6" }, { "vulnerability": "VCID-gdk6-a746-6fac" }, { "vulnerability": "VCID-p5un-b12x-tuh5" }, { "vulnerability": "VCID-qyjh-md45-hyhh" }, { "vulnerability": "VCID-r25g-be38-b3be" }, { "vulnerability": "VCID-rgkw-6ews-rked" }, { "vulnerability": "VCID-t2ap-zxfa-fkhe" }, { "vulnerability": "VCID-w6e4-zd31-g7hu" }, { "vulnerability": "VCID-wc5s-25xb-rqaa" }, { "vulnerability": "VCID-ztee-sxym-zffv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6" } ], "aliases": [ "CVE-2014-5251", "GHSA-gmvp-5rf9-mxcm", "PYSEC-2014-107" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hjrj-k1wk-jbha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5377?format=api", "vulnerability_id": "VCID-ksj4-14rq-uyb7", "summary": "The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the same authentication method in a request, aka \"authentication chaining.\"", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1688.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1688.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2828.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2828.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2828", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75215", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75234", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.7521", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75181", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75172", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75168", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75165", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75101", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75279", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75224", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.7513", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75092", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75102", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75123", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75047", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.7505", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75079", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75056", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75089", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75126", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00864", "scoring_system": "epss", "scoring_elements": "0.75136", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-2828" }, { "reference_url": "https://bugs.launchpad.net/keystone/+bug/1300274", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/keystone/+bug/1300274" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2828" }, { "reference_url": "https://github.com/openstack/keystone", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone" }, { "reference_url": "https://github.com/openstack/keystone/commit/ce6cedb30c5c4b4cf4db9380f09443de22414b39", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/ce6cedb30c5c4b4cf4db9380f09443de22414b39" }, { "reference_url": "https://github.com/openstack/keystone/commit/e364ba5b12de8e4c11bd80bcca903f9615dcfc2e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/e364ba5b12de8e4c11bd80bcca903f9615dcfc2e" }, { "reference_url": "https://github.com/openstack/keystone/commit/ef868ad92c00e23a4a5e9eb71e3e0bf5ae2fff0c", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/ef868ad92c00e23a4a5e9eb71e3e0bf5ae2fff0c" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-106.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-106.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2828", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2828" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/04/10/20", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/04/10/20" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1086211", "reference_id": "1086211", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1086211" }, { "reference_url": "https://github.com/advisories/GHSA-6mv3-p2gr-wgqf", "reference_id": "GHSA-6mv3-p2gr-wgqf", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6mv3-p2gr-wgqf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037391?format=api", "purl": "pkg:deb/debian/keystone@2014.1.3-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-844e-r6mn-bqh5" }, { "vulnerability": "VCID-96bg-ytf8-9fhd" }, { "vulnerability": "VCID-9dhg-r711-yfg6" }, { "vulnerability": "VCID-gdk6-a746-6fac" }, { "vulnerability": "VCID-p5un-b12x-tuh5" }, { "vulnerability": "VCID-qyjh-md45-hyhh" }, { "vulnerability": "VCID-r25g-be38-b3be" }, { "vulnerability": "VCID-rgkw-6ews-rked" }, { "vulnerability": "VCID-t2ap-zxfa-fkhe" }, { "vulnerability": "VCID-w6e4-zd31-g7hu" }, { "vulnerability": "VCID-wc5s-25xb-rqaa" }, { "vulnerability": "VCID-ztee-sxym-zffv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6" } ], "aliases": [ "CVE-2014-2828", "GHSA-6mv3-p2gr-wgqf", "PYSEC-2014-106" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ksj4-14rq-uyb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14731?format=api", "vulnerability_id": "VCID-my7j-6x5y-97a1", "summary": "OpenStack Identity Keystone Exposure of Sensitive Information\nThe catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by \"$(admin_token)\" in the publicurl endpoint field.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1688.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1688.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1789.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1789.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1790.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1790.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1688", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1688" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1789", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1789" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1790", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2014:1790" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3621.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3621.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3621", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62418", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62328", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62313", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62338", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62332", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62279", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62327", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62385", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62337", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62364", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62167", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62224", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62253", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.6222", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.6227", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62288", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62306", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62296", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62275", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00426", "scoring_system": "epss", "scoring_elements": "0.62321", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3621" }, { "reference_url": "https://bugs.launchpad.net/keystone/+bug/1354208", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/keystone/+bug/1354208" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1139937", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1139937" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3621", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3621" }, { "reference_url": "https://github.com/openstack/keystone/commit/2989ff257e4fde6a168e25b926805e700406aa80", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/2989ff257e4fde6a168e25b926805e700406aa80" }, { "reference_url": "https://github.com/openstack/keystone/commit/52714633c9a4dae5e60279217090859aa6dbcb4f", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/52714633c9a4dae5e60279217090859aa6dbcb4f" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/09/16/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/09/16/10" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2406-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-2406-1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2014-3621", "reference_id": "CVE-2014-3621", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2014-3621" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3621", "reference_id": "CVE-2014-3621", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3621" }, { "reference_url": "https://github.com/advisories/GHSA-8v8f-vc72-pmhc", "reference_id": "GHSA-8v8f-vc72-pmhc", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8v8f-vc72-pmhc" }, { "reference_url": "https://usn.ubuntu.com/2406-1/", "reference_id": "USN-2406-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2406-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037391?format=api", "purl": "pkg:deb/debian/keystone@2014.1.3-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-844e-r6mn-bqh5" }, { "vulnerability": "VCID-96bg-ytf8-9fhd" }, { "vulnerability": "VCID-9dhg-r711-yfg6" }, { "vulnerability": "VCID-gdk6-a746-6fac" }, { "vulnerability": "VCID-p5un-b12x-tuh5" }, { "vulnerability": "VCID-qyjh-md45-hyhh" }, { "vulnerability": "VCID-r25g-be38-b3be" }, { "vulnerability": "VCID-rgkw-6ews-rked" }, { "vulnerability": "VCID-t2ap-zxfa-fkhe" }, { "vulnerability": "VCID-w6e4-zd31-g7hu" }, { "vulnerability": "VCID-wc5s-25xb-rqaa" }, { "vulnerability": "VCID-ztee-sxym-zffv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6" } ], "aliases": [ "CVE-2014-3621", "GHSA-8v8f-vc72-pmhc" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-my7j-6x5y-97a1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6868?format=api", "vulnerability_id": "VCID-qdd1-jvk8-73hd", "summary": "Permission Issues\nThe LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges.", "references": [ { "reference_url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4477", "reference_id": "", "reference_type": "", "scores": [], "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4477" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0113.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0113.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4477.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4477.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4477", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35362", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35508", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35477", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35388", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35272", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.3534", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35364", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.3527", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35293", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35685", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35882", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35912", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35743", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35793", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35816", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35824", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35784", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35761", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35801", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.3579", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.3574", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4477" }, { "reference_url": "https://bugs.launchpad.net/keystone/+bug/1242855", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/keystone/+bug/1242855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4477", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4477" }, { "reference_url": "https://github.com/openstack/keystone", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone" }, { "reference_url": "https://github.com/openstack/keystone/commit/b17e7bec768bd53d3977352486378698a3db3cfa", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/b17e7bec768bd53d3977352486378698a3db3cfa" }, { "reference_url": "https://github.com/openstack/keystone/commit/c6800c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openstack/keystone/commit/c6800c" }, { "reference_url": "https://github.com/openstack/keystone/commit/c6800ca1ac984c879e75826df6694d6199444ea0", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/c6800ca1ac984c879e75826df6694d6199444ea0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4477", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4477" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/10/30/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/10/30/6" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2034-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-2034-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1024401", "reference_id": "1024401", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1024401" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728233", "reference_id": "728233", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728233" }, { "reference_url": "https://github.com/advisories/GHSA-f889-wfwm-6p7m", "reference_id": "GHSA-f889-wfwm-6p7m", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f889-wfwm-6p7m" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0113", "reference_id": "RHSA-2014:0113", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0113" }, { "reference_url": "https://usn.ubuntu.com/2034-1/", "reference_id": "USN-2034-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2034-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037391?format=api", "purl": "pkg:deb/debian/keystone@2014.1.3-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-844e-r6mn-bqh5" }, { "vulnerability": "VCID-96bg-ytf8-9fhd" }, { "vulnerability": "VCID-9dhg-r711-yfg6" }, { "vulnerability": "VCID-gdk6-a746-6fac" }, { "vulnerability": "VCID-p5un-b12x-tuh5" }, { "vulnerability": "VCID-qyjh-md45-hyhh" }, { "vulnerability": "VCID-r25g-be38-b3be" }, { "vulnerability": "VCID-rgkw-6ews-rked" }, { "vulnerability": "VCID-t2ap-zxfa-fkhe" }, { "vulnerability": "VCID-w6e4-zd31-g7hu" }, { "vulnerability": "VCID-wc5s-25xb-rqaa" }, { "vulnerability": "VCID-ztee-sxym-zffv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6" } ], "aliases": [ "CVE-2013-4477", "GHSA-f889-wfwm-6p7m" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qdd1-jvk8-73hd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14333?format=api", "vulnerability_id": "VCID-qmyj-ffvg-tbe8", "summary": "OpenStack Keystone Denial of Service vulnerability via a large HTTP request\nOpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a large HTTP request, as demonstrated by a long tenant_name when requesting a token.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0708.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0708.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0270.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0270.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0270", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01809", "scoring_system": "epss", "scoring_elements": "0.82778", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01809", "scoring_system": "epss", "scoring_elements": "0.82762", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01809", "scoring_system": "epss", "scoring_elements": "0.82792", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02681", "scoring_system": "epss", "scoring_elements": "0.85892", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.02681", "scoring_system": "epss", "scoring_elements": "0.8589", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.02681", "scoring_system": "epss", "scoring_elements": "0.85882", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.02681", "scoring_system": "epss", "scoring_elements": "0.85844", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02681", "scoring_system": "epss", "scoring_elements": "0.85996", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.02681", "scoring_system": "epss", "scoring_elements": "0.85962", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.02681", "scoring_system": "epss", "scoring_elements": "0.85949", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.02681", "scoring_system": "epss", "scoring_elements": "0.8595", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.02681", "scoring_system": "epss", "scoring_elements": "0.85932", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.02681", "scoring_system": "epss", "scoring_elements": "0.8591", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.02681", "scoring_system": "epss", "scoring_elements": "0.85808", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02681", "scoring_system": "epss", "scoring_elements": "0.85848", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02681", "scoring_system": "epss", "scoring_elements": "0.85862", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02681", "scoring_system": "epss", "scoring_elements": "0.85859", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.02681", "scoring_system": "epss", "scoring_elements": "0.85867", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.02681", "scoring_system": "epss", "scoring_elements": "0.85826", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02681", "scoring_system": "epss", "scoring_elements": "0.85836", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02681", "scoring_system": "epss", "scoring_elements": "0.85851", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-0270" }, { "reference_url": "https://bugs.launchpad.net/keystone/+bug/1099025", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/keystone/+bug/1099025" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=909012", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=909012" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0270", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0270" }, { "reference_url": "https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8" }, { "reference_url": "https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276d6fdc", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276d6fdc" }, { "reference_url": "https://launchpad.net/keystone/grizzly/2013.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/keystone/grizzly/2013.1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:keystone:2013.1:milestone1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:keystone:2013.1:milestone2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:keystone:2013.1:milestone3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone3:*:*:*:*:*:*" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2013-0270", "reference_id": "CVE-2013-0270", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2013-0270" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0270", "reference_id": "CVE-2013-0270", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0270" }, { "reference_url": "https://github.com/advisories/GHSA-4ppj-4p4v-jf4p", "reference_id": "GHSA-4ppj-4p4v-jf4p", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4ppj-4p4v-jf4p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037391?format=api", "purl": "pkg:deb/debian/keystone@2014.1.3-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-844e-r6mn-bqh5" }, { "vulnerability": "VCID-96bg-ytf8-9fhd" }, { "vulnerability": "VCID-9dhg-r711-yfg6" }, { "vulnerability": "VCID-gdk6-a746-6fac" }, { "vulnerability": "VCID-p5un-b12x-tuh5" }, { "vulnerability": "VCID-qyjh-md45-hyhh" }, { "vulnerability": "VCID-r25g-be38-b3be" }, { "vulnerability": "VCID-rgkw-6ews-rked" }, { "vulnerability": "VCID-t2ap-zxfa-fkhe" }, { "vulnerability": "VCID-w6e4-zd31-g7hu" }, { "vulnerability": "VCID-wc5s-25xb-rqaa" }, { "vulnerability": "VCID-ztee-sxym-zffv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6" } ], "aliases": [ "CVE-2013-0270", "GHSA-4ppj-4p4v-jf4p" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qmyj-ffvg-tbe8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5411?format=api", "vulnerability_id": "VCID-s3gc-cxxf-63ed", "summary": "The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification (1) GET or (2) HEAD request to v3/auth/tokens/.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1121.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1121.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1122.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1122.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5252.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5252.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5252", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52142", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52172", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52222", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.5224", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52237", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52198", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52212", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52229", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52178", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52182", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.5213", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52165", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52095", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52138", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52245", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52166", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52141", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.5218", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52087", "published_at": "2026-05-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5252" }, { "reference_url": "https://bugs.launchpad.net/keystone/+bug/1348820", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/keystone/+bug/1348820" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5252", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5252" }, { "reference_url": "https://github.com/openstack/keystone", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone" }, { "reference_url": "https://github.com/openstack/keystone/commit/556fb860311675fc437585651e4602b2908451eb", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/556fb860311675fc437585651e4602b2908451eb" }, { "reference_url": "https://github.com/openstack/keystone/commit/a4c73e4382cb062aa9f30fe1960d5014d3c49cc2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/a4c73e4382cb062aa9f30fe1960d5014d3c49cc2" }, { "reference_url": "https://github.com/openstack/keystone/commit/bdb88c662ac2035f9b0d8a229a5db5f60f5f16ae", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/bdb88c662ac2035f9b0d8a229a5db5f60f5f16ae" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-108.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-108.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/08/15/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/08/15/6" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2324-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-2324-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127250", "reference_id": "1127250", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1127250" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:keystone:juno-1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:keystone:juno-2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-5252", "reference_id": "CVE-2014-5252", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-5252" }, { "reference_url": "https://github.com/advisories/GHSA-v8fq-gq9j-3v7h", "reference_id": "GHSA-v8fq-gq9j-3v7h", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v8fq-gq9j-3v7h" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1121", "reference_id": "RHSA-2014:1121", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1121" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1122", "reference_id": "RHSA-2014:1122", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1122" }, { "reference_url": "https://usn.ubuntu.com/2324-1/", "reference_id": "USN-2324-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2324-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037391?format=api", "purl": "pkg:deb/debian/keystone@2014.1.3-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-844e-r6mn-bqh5" }, { "vulnerability": "VCID-96bg-ytf8-9fhd" }, { "vulnerability": "VCID-9dhg-r711-yfg6" }, { "vulnerability": "VCID-gdk6-a746-6fac" }, { "vulnerability": "VCID-p5un-b12x-tuh5" }, { "vulnerability": "VCID-qyjh-md45-hyhh" }, { "vulnerability": "VCID-r25g-be38-b3be" }, { "vulnerability": "VCID-rgkw-6ews-rked" }, { "vulnerability": "VCID-t2ap-zxfa-fkhe" }, { "vulnerability": "VCID-w6e4-zd31-g7hu" }, { "vulnerability": "VCID-wc5s-25xb-rqaa" }, { "vulnerability": "VCID-ztee-sxym-zffv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6" } ], "aliases": [ "CVE-2014-5252", "GHSA-v8fq-gq9j-3v7h", "PYSEC-2014-108" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s3gc-cxxf-63ed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14515?format=api", "vulnerability_id": "VCID-s5ab-apmg-dqd9", "summary": "OpenStack Identity Keystone is vulnerable to Block delegation escalation of privilege\nOpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a (1) trust or (2) OAuth token with impersonation enabled to create a new token with additional roles.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00031.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00031.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3476.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3476.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3476", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.72675", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.72577", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.72586", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.72584", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.72576", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.72607", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.72632", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.72595", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.72622", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.72449", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.72454", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.72472", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.72448", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.72486", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.72499", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.72522", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.72504", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.72494", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.72536", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.72546", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.72535", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3476" }, { "reference_url": "https://bugs.launchpad.net/keystone/+bug/1324592", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/keystone/+bug/1324592" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3476", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3476" }, { "reference_url": "http://secunia.com/advisories/57886", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/57886" }, { "reference_url": "http://secunia.com/advisories/59547", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://secunia.com/advisories/59547" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/06/12/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/06/12/3" }, { "reference_url": "http://www.securityfocus.com/bid/68026", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/68026" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1104524", "reference_id": "1104524", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1104524" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751454", "reference_id": "751454", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751454" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:cloud:3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:suse:cloud:3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:cloud:3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3476", "reference_id": "CVE-2014-3476", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3476" }, { "reference_url": "https://github.com/advisories/GHSA-274v-r947-v34r", "reference_id": "GHSA-274v-r947-v34r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-274v-r947-v34r" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0994", "reference_id": "RHSA-2014:0994", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0994" }, { "reference_url": "https://usn.ubuntu.com/2324-1/", "reference_id": "USN-2324-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2324-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037391?format=api", "purl": "pkg:deb/debian/keystone@2014.1.3-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-844e-r6mn-bqh5" }, { "vulnerability": "VCID-96bg-ytf8-9fhd" }, { "vulnerability": "VCID-9dhg-r711-yfg6" }, { "vulnerability": "VCID-gdk6-a746-6fac" }, { "vulnerability": "VCID-p5un-b12x-tuh5" }, { "vulnerability": "VCID-qyjh-md45-hyhh" }, { "vulnerability": "VCID-r25g-be38-b3be" }, { "vulnerability": "VCID-rgkw-6ews-rked" }, { "vulnerability": "VCID-t2ap-zxfa-fkhe" }, { "vulnerability": "VCID-w6e4-zd31-g7hu" }, { "vulnerability": "VCID-wc5s-25xb-rqaa" }, { "vulnerability": "VCID-ztee-sxym-zffv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6" } ], "aliases": [ "CVE-2014-3476", "GHSA-274v-r947-v34r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s5ab-apmg-dqd9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5315?format=api", "vulnerability_id": "VCID-snpz-wwd6-dkb6", "summary": "OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106220.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106220.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0806.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0806.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2006.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2006.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2006", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11805", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11815", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11788", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11653", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11773", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11742", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11702", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11624", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11541", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11678", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11731", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11706", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11749", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11758", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11876", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11922", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11707", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11791", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11843", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11854", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2006" }, { "reference_url": "https://bugs.launchpad.net/keystone/+bug/1172195", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/keystone/+bug/1172195" }, { "reference_url": "https://bugs.launchpad.net/ossn/+bug/1168252", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/ossn/+bug/1168252" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2006" }, { "reference_url": "https://github.com/openstack/keystone", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone" }, { "reference_url": "https://github.com/openstack/keystone/commit/c5037dd6b82909efaaa8720e8cfa8bdb8b4a0edd", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/c5037dd6b82909efaaa8720e8cfa8bdb8b4a0edd" }, { "reference_url": "https://github.com/openstack/keystone/commit/d43e2a51a1ed7adbed3c5ddf001d46bc4a824ae8", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/d43e2a51a1ed7adbed3c5ddf001d46bc4a824ae8" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-40.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-40.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2006", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2006" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/04/24/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/04/24/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/04/24/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/04/24/2" }, { "reference_url": "http://www.securityfocus.com/bid/59411", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/59411" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=956007", "reference_id": "956007", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=956007" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:keystone:2013.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-rxrm-xvp4-jqvh", "reference_id": "GHSA-rxrm-xvp4-jqvh", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rxrm-xvp4-jqvh" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0806", "reference_id": "RHSA-2013:0806", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0806" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037391?format=api", "purl": "pkg:deb/debian/keystone@2014.1.3-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-844e-r6mn-bqh5" }, { "vulnerability": "VCID-96bg-ytf8-9fhd" }, { "vulnerability": "VCID-9dhg-r711-yfg6" }, { "vulnerability": "VCID-gdk6-a746-6fac" }, { "vulnerability": "VCID-p5un-b12x-tuh5" }, { "vulnerability": "VCID-qyjh-md45-hyhh" }, { "vulnerability": "VCID-r25g-be38-b3be" }, { "vulnerability": "VCID-rgkw-6ews-rked" }, { "vulnerability": "VCID-t2ap-zxfa-fkhe" }, { "vulnerability": "VCID-w6e4-zd31-g7hu" }, { "vulnerability": "VCID-wc5s-25xb-rqaa" }, { "vulnerability": "VCID-ztee-sxym-zffv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6" } ], "aliases": [ "CVE-2013-2006", "GHSA-rxrm-xvp4-jqvh", "PYSEC-2013-40" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-snpz-wwd6-dkb6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14350?format=api", "vulnerability_id": "VCID-uexc-7rt7-hbgx", "summary": "OpenStack Keystone and other components vulnerable to Improper Certificate Validation\nHTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2255.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2255.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2255", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00414", "scoring_system": "epss", "scoring_elements": "0.61691", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00414", "scoring_system": "epss", "scoring_elements": "0.61662", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00414", "scoring_system": "epss", "scoring_elements": "0.61703", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00414", "scoring_system": "epss", "scoring_elements": "0.61643", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00414", "scoring_system": "epss", "scoring_elements": "0.61594", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00414", "scoring_system": "epss", "scoring_elements": "0.61648", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00414", "scoring_system": "epss", "scoring_elements": "0.61654", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00414", "scoring_system": "epss", "scoring_elements": "0.61638", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00414", "scoring_system": "epss", "scoring_elements": "0.6159", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00414", "scoring_system": "epss", "scoring_elements": "0.61744", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00414", "scoring_system": "epss", "scoring_elements": "0.61645", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00414", "scoring_system": "epss", "scoring_elements": "0.61624", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00414", "scoring_system": "epss", "scoring_elements": "0.61609", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00414", "scoring_system": "epss", "scoring_elements": "0.61487", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00414", "scoring_system": "epss", "scoring_elements": "0.61561", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00414", "scoring_system": "epss", "scoring_elements": "0.61562", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00414", "scoring_system": "epss", "scoring_elements": "0.61661", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00414", "scoring_system": "epss", "scoring_elements": "0.61656", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00414", "scoring_system": "epss", "scoring_elements": "0.61614", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00414", "scoring_system": "epss", "scoring_elements": "0.61634", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2255" }, { "reference_url": "https://bugs.launchpad.net/ossn/+bug/1188189", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/ossn/+bug/1188189" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2255", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2255" }, { "reference_url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-2255", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-2255" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2255", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2255" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85562", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85562" }, { "reference_url": "https://github.com/openstack/cinder/commit/0f9652d92e175a1f7dc3c2a37ab444b8f189375a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/cinder/commit/0f9652d92e175a1f7dc3c2a37ab444b8f189375a" }, { "reference_url": "https://github.com/openstack/keystone/commit/5bd4c2984d329625a2a8442b316fa235dbb88a3d", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/keystone/commit/5bd4c2984d329625a2a8442b316fa235dbb88a3d" }, { "reference_url": "https://github.com/openstack/neutron/commit/7255e056092f034daaeb4246a812900645d46911", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/neutron/commit/7255e056092f034daaeb4246a812900645d46911" }, { "reference_url": "https://github.com/openstack/python-keystoneclient/commit/20e166fd8a943ee3f91ba362a47e9c14c7cc5f4c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/python-keystoneclient/commit/20e166fd8a943ee3f91ba362a47e9c14c7cc5f4c" }, { "reference_url": "https://web.archive.org/web/20200229073508/https://www.securityfocus.com/bid/61118", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200229073508/https://www.securityfocus.com/bid/61118" }, { "reference_url": "https://www.securityfocus.com/bid/61118", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.securityfocus.com/bid/61118" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=924514", "reference_id": "924514", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=924514" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:compute:2013.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:compute:2013.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:compute:2013.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:keystone:2013:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2013-2255", "reference_id": "CVE-2013-2255", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/cve-2013-2255" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2255", "reference_id": "CVE-2013-2255", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2255" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2013-2255", "reference_id": "CVE-2013-2255", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security-tracker.debian.org/tracker/CVE-2013-2255" }, { "reference_url": "https://github.com/advisories/GHSA-qh2x-hpf9-cf2g", "reference_id": "GHSA-qh2x-hpf9-cf2g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qh2x-hpf9-cf2g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037391?format=api", "purl": "pkg:deb/debian/keystone@2014.1.3-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-844e-r6mn-bqh5" }, { "vulnerability": "VCID-96bg-ytf8-9fhd" }, { "vulnerability": "VCID-9dhg-r711-yfg6" }, { "vulnerability": "VCID-gdk6-a746-6fac" }, { "vulnerability": "VCID-p5un-b12x-tuh5" }, { "vulnerability": "VCID-qyjh-md45-hyhh" }, { "vulnerability": "VCID-r25g-be38-b3be" }, { "vulnerability": "VCID-rgkw-6ews-rked" }, { "vulnerability": "VCID-t2ap-zxfa-fkhe" }, { "vulnerability": "VCID-w6e4-zd31-g7hu" }, { "vulnerability": "VCID-wc5s-25xb-rqaa" }, { "vulnerability": "VCID-ztee-sxym-zffv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6" } ], "aliases": [ "CVE-2013-2255", "GHSA-qh2x-hpf9-cf2g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uexc-7rt7-hbgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5328?format=api", "vulnerability_id": "VCID-wm8s-rmkk-mugb", "summary": "The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.", "references": [ { "reference_url": "http://osvdb.org/97237", "reference_id": "", "reference_type": "", "scores": [], "url": "http://osvdb.org/97237" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1285.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1285.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1285", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2013:1285" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4294.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4294.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2013-4294", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2013-4294" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4294", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.008", "scoring_system": "epss", "scoring_elements": "0.74086", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.008", "scoring_system": "epss", "scoring_elements": "0.74077", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.008", "scoring_system": "epss", "scoring_elements": "0.74038", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.008", "scoring_system": "epss", "scoring_elements": "0.74045", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.008", "scoring_system": "epss", "scoring_elements": "0.74064", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.008", "scoring_system": "epss", "scoring_elements": "0.74042", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.008", "scoring_system": "epss", "scoring_elements": "0.74027", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.008", "scoring_system": "epss", "scoring_elements": "0.73994", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.008", "scoring_system": "epss", "scoring_elements": "0.74023", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.008", "scoring_system": "epss", "scoring_elements": "0.7399", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.008", "scoring_system": "epss", "scoring_elements": "0.73997", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.008", "scoring_system": "epss", "scoring_elements": "0.74205", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.008", "scoring_system": "epss", "scoring_elements": "0.74149", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.008", "scoring_system": "epss", "scoring_elements": "0.74125", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.008", "scoring_system": "epss", "scoring_elements": "0.74164", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.008", "scoring_system": "epss", "scoring_elements": "0.74141", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.008", "scoring_system": "epss", "scoring_elements": "0.74114", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.008", "scoring_system": "epss", "scoring_elements": "0.7412", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.008", "scoring_system": "epss", "scoring_elements": "0.74112", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4294" }, { "reference_url": "https://bugs.launchpad.net/keystone/+bug/1202952", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/keystone/+bug/1202952" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1004452", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1004452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4294", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4294" }, { "reference_url": "http://seclists.org/oss-sec/2013/q3/586", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q3/586" }, { "reference_url": "http://secunia.com/advisories/54706", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/54706" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-42.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-42.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4294", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4294" }, { "reference_url": "https://opendev.org/openstack/keystone", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/keystone" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2002-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-2002-1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722505", "reference_id": "722505", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722505" }, { "reference_url": "https://github.com/advisories/GHSA-5qpp-v56f-mqfm", "reference_id": "GHSA-5qpp-v56f-mqfm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5qpp-v56f-mqfm" }, { "reference_url": "https://usn.ubuntu.com/2002-1/", "reference_id": "USN-2002-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2002-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037391?format=api", "purl": "pkg:deb/debian/keystone@2014.1.3-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-844e-r6mn-bqh5" }, { "vulnerability": "VCID-96bg-ytf8-9fhd" }, { "vulnerability": "VCID-9dhg-r711-yfg6" }, { "vulnerability": "VCID-gdk6-a746-6fac" }, { "vulnerability": "VCID-p5un-b12x-tuh5" }, { "vulnerability": "VCID-qyjh-md45-hyhh" }, { "vulnerability": "VCID-r25g-be38-b3be" }, { "vulnerability": "VCID-rgkw-6ews-rked" }, { "vulnerability": "VCID-t2ap-zxfa-fkhe" }, { "vulnerability": "VCID-w6e4-zd31-g7hu" }, { "vulnerability": "VCID-wc5s-25xb-rqaa" }, { "vulnerability": "VCID-ztee-sxym-zffv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6" } ], "aliases": [ "CVE-2013-4294", "GHSA-5qpp-v56f-mqfm", "PYSEC-2013-42" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wm8s-rmkk-mugb" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-6" }