Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
Typedeb
Namespacedebian
Namekeystone
Version2:18.0.0-3+deb11u1
Qualifiers
distro trixie
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2:18.1.0-1+deb11u2
Latest_non_vulnerable_version2:29.0.1-2
Affected_by_vulnerabilities
0
url VCID-kzaw-9ex3-s3d5
vulnerability_id VCID-kzaw-9ex3-s3d5
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3563.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3563.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-3563
reference_id
reference_type
scores
0
value 0.00041
scoring_system epss
scoring_elements 0.12898
published_at 2026-06-11T12:55:00Z
1
value 0.00041
scoring_system epss
scoring_elements 0.12993
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-3563
2
reference_url https://bugs.launchpad.net/ossa/+bug/1901891
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/ossa/+bug/1901891
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1962908
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1962908
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3563
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3563
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://lists.debian.org/debian-lts-announce/2024/01/msg00007.html
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/01/msg00007.html
7
reference_url https://opendev.org/openstack/keystone
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/keystone
8
reference_url https://opendev.org/openstack/keystone/commit/7859ed26003858ebfd9a5e866b43f1a6a9e83dca
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/keystone/commit/7859ed26003858ebfd9a5e866b43f1a6a9e83dca
9
reference_url https://review.opendev.org/c/openstack/keystone/+/803641
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://review.opendev.org/c/openstack/keystone/+/803641
10
reference_url https://review.opendev.org/c/openstack/keystone/+/828595
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://review.opendev.org/c/openstack/keystone/+/828595
11
reference_url https://review.opendev.org/c/openstack/keystone/+/856489
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://review.opendev.org/c/openstack/keystone/+/856489
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989998
reference_id 989998
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989998
13
reference_url https://security.archlinux.org/AVG-1979
reference_id AVG-1979
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1979
14
reference_url https://access.redhat.com/security/cve/CVE-2021-3563
reference_id CVE-2021-3563
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2021-3563
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3563
reference_id CVE-2021-3563
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-3563
16
reference_url https://security-tracker.debian.org/tracker/CVE-2021-3563
reference_id CVE-2021-3563
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security-tracker.debian.org/tracker/CVE-2021-3563
17
reference_url https://github.com/advisories/GHSA-cc99-whm5-mmq3
reference_id GHSA-cc99-whm5-mmq3
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cc99-whm5-mmq3
18
reference_url https://usn.ubuntu.com/7926-1/
reference_id USN-7926-1
reference_type
scores
url https://usn.ubuntu.com/7926-1/
fixed_packages
0
url pkg:deb/debian/keystone@2:23.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:23.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:23.0.0-3%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2021-3563, GHSA-cc99-whm5-mmq3
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kzaw-9ex3-s3d5
Fixing_vulnerabilities
0
url VCID-122h-f7e6-6ke2
vulnerability_id VCID-122h-f7e6-6ke2
summary OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust token request.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3520.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3520.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3520
reference_id
reference_type
scores
0
value 0.00428
scoring_system epss
scoring_elements 0.62866
published_at 2026-06-11T12:55:00Z
1
value 0.00428
scoring_system epss
scoring_elements 0.62968
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3520
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3520
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3520
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1112668
reference_id 1112668
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1112668
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753511
reference_id 753511
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753511
5
reference_url https://access.redhat.com/errata/RHSA-2014:0994
reference_id RHSA-2014:0994
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0994
6
reference_url https://usn.ubuntu.com/2324-1/
reference_id USN-2324-1
reference_type
scores
url https://usn.ubuntu.com/2324-1/
fixed_packages
0
url pkg:deb/debian/keystone@2014.1.1-3?distro=trixie
purl pkg:deb/debian/keystone@2014.1.1-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.1-3%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2014-3520
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-122h-f7e6-6ke2
1
url VCID-1k9r-a2xc-sqd1
vulnerability_id VCID-1k9r-a2xc-sqd1
summary The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.
references
0
reference_url http://osvdb.org/97237
reference_id
reference_type
scores
url http://osvdb.org/97237
1
reference_url http://rhn.redhat.com/errata/RHSA-2013-1285.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-1285.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4294.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4294.json
3
reference_url https://access.redhat.com/security/cve/CVE-2013-4294
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2013-4294
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4294
reference_id
reference_type
scores
0
value 0.008
scoring_system epss
scoring_elements 0.74476
published_at 2026-06-11T12:55:00Z
1
value 0.008
scoring_system epss
scoring_elements 0.74548
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4294
5
reference_url https://bugs.launchpad.net/keystone/+bug/1202952
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1202952
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4294
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4294
7
reference_url http://seclists.org/oss-sec/2013/q3/586
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/oss-sec/2013/q3/586
8
reference_url http://secunia.com/advisories/54706
reference_id
reference_type
scores
url http://secunia.com/advisories/54706
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-42.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-42.yaml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4294
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4294
11
reference_url https://opendev.org/openstack/keystone
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/keystone
12
reference_url http://www.ubuntu.com/usn/USN-2002-1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2002-1
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1004452
reference_id 1004452
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1004452
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722505
reference_id 722505
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722505
15
reference_url https://access.redhat.com/errata/RHSA-2013:1285
reference_id RHSA-2013:1285
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2013:1285
16
reference_url https://usn.ubuntu.com/2002-1/
reference_id USN-2002-1
reference_type
scores
url https://usn.ubuntu.com/2002-1/
fixed_packages
0
url pkg:deb/debian/keystone@2013.1.3-2?distro=trixie
purl pkg:deb/debian/keystone@2013.1.3-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.1.3-2%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2013-4294, GHSA-5qpp-v56f-mqfm, PYSEC-2013-42
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1k9r-a2xc-sqd1
2
url VCID-1kdx-zhvu-47ds
vulnerability_id VCID-1kdx-zhvu-47ds
summary OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token.
references
0
reference_url http://github.com/openstack/keystone/commit/255b1d43500f5d98ec73a0056525b492b14fec05
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://github.com/openstack/keystone/commit/255b1d43500f5d98ec73a0056525b492b14fec05
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101719.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101719.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2013-04/msg00000.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-04/msg00000.html
3
reference_url http://osvdb.org/91532
reference_id
reference_type
scores
url http://osvdb.org/91532
4
reference_url http://rhn.redhat.com/errata/RHSA-2013-0708.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0708.html
5
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1865.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1865.json
6
reference_url https://access.redhat.com/security/cve/CVE-2013-1865
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2013-1865
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-1865
reference_id
reference_type
scores
0
value 0.01162
scoring_system epss
scoring_elements 0.79015
published_at 2026-06-11T12:55:00Z
1
value 0.01162
scoring_system epss
scoring_elements 0.79081
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-1865
8
reference_url https://bugs.launchpad.net/keystone/+bug/1129713
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1129713
9
reference_url http://secunia.com/advisories/52657
reference_id
reference_type
scores
url http://secunia.com/advisories/52657
10
reference_url https://github.com/advisories/GHSA-22q6-wwq7-2jj9
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-22q6-wwq7-2jj9
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-39.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-39.yaml
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-1865
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-1865
13
reference_url https://opendev.org/openstack/keystone
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/keystone
14
reference_url https://review.openstack.org/24906
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/24906
15
reference_url https://review.openstack.org/#/c/24906
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/c/24906
16
reference_url https://review.openstack.org/#/c/24906/
reference_id
reference_type
scores
url https://review.openstack.org/#/c/24906/
17
reference_url https://web.archive.org/web/20170715155558/http://www.securityfocus.com/bid/58616
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20170715155558/http://www.securityfocus.com/bid/58616
18
reference_url http://www.openwall.com/lists/oss-security/2013/03/20/13
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/03/20/13
19
reference_url http://www.securityfocus.com/bid/58616
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/58616
20
reference_url http://www.ubuntu.com/usn/USN-1772-1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1772-1
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=922230
reference_id 922230
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=922230
22
reference_url https://access.redhat.com/errata/RHSA-2013:0708
reference_id RHSA-2013:0708
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2013:0708
23
reference_url https://usn.ubuntu.com/1772-1/
reference_id USN-1772-1
reference_type
scores
url https://usn.ubuntu.com/1772-1/
fixed_packages
0
url pkg:deb/debian/keystone@0?distro=trixie
purl pkg:deb/debian/keystone@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@0%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2013-1865, GHSA-22q6-wwq7-2jj9, PYSEC-2013-39
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1kdx-zhvu-47ds
3
url VCID-1wyx-ukrf-bkbc
vulnerability_id VCID-1wyx-ukrf-bkbc
summary OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1977.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1977.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-1977
reference_id
reference_type
scores
0
value 0.00114
scoring_system epss
scoring_elements 0.29687
published_at 2026-06-11T12:55:00Z
1
value 0.00114
scoring_system epss
scoring_elements 0.29884
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-1977
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=953910
reference_id 953910
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=953910
fixed_packages
0
url pkg:deb/debian/keystone@0?distro=trixie
purl pkg:deb/debian/keystone@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@0%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2013-1977
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1wyx-ukrf-bkbc
4
url VCID-1ya2-7sr3-p7fq
vulnerability_id VCID-1ya2-7sr3-p7fq
summary The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification (1) GET or (2) HEAD request to v3/auth/tokens/.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2014-1121.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1121.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-1122.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1122.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5252.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5252.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-5252
reference_id
reference_type
scores
0
value 0.00287
scoring_system epss
scoring_elements 0.52539
published_at 2026-06-11T12:55:00Z
1
value 0.00287
scoring_system epss
scoring_elements 0.52667
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-5252
4
reference_url https://bugs.launchpad.net/keystone/+bug/1348820
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1348820
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5252
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5252
6
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
7
reference_url https://github.com/openstack/keystone/commit/556fb860311675fc437585651e4602b2908451eb
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/556fb860311675fc437585651e4602b2908451eb
8
reference_url https://github.com/openstack/keystone/commit/a4c73e4382cb062aa9f30fe1960d5014d3c49cc2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/a4c73e4382cb062aa9f30fe1960d5014d3c49cc2
9
reference_url https://github.com/openstack/keystone/commit/bdb88c662ac2035f9b0d8a229a5db5f60f5f16ae
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/bdb88c662ac2035f9b0d8a229a5db5f60f5f16ae
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-108.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-108.yaml
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-5252
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-5252
12
reference_url http://www.openwall.com/lists/oss-security/2014/08/15/6
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/08/15/6
13
reference_url http://www.ubuntu.com/usn/USN-2324-1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2324-1
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1127250
reference_id 1127250
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1127250
15
reference_url https://github.com/advisories/GHSA-v8fq-gq9j-3v7h
reference_id GHSA-v8fq-gq9j-3v7h
reference_type
scores
url https://github.com/advisories/GHSA-v8fq-gq9j-3v7h
16
reference_url https://access.redhat.com/errata/RHSA-2014:1121
reference_id RHSA-2014:1121
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:1121
17
reference_url https://access.redhat.com/errata/RHSA-2014:1122
reference_id RHSA-2014:1122
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:1122
18
reference_url https://usn.ubuntu.com/2324-1/
reference_id USN-2324-1
reference_type
scores
url https://usn.ubuntu.com/2324-1/
fixed_packages
0
url pkg:deb/debian/keystone@2014.1.2.1-1?distro=trixie
purl pkg:deb/debian/keystone@2014.1.2.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.2.1-1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2014-5252, GHSA-v8fq-gq9j-3v7h, PYSEC-2014-108
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1ya2-7sr3-p7fq
5
url VCID-1yc7-uszx-kqh3
vulnerability_id VCID-1yc7-uszx-kqh3
summary OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0204.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0204.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0204
reference_id
reference_type
scores
0
value 0.00353
scoring_system epss
scoring_elements 0.58034
published_at 2026-06-11T12:55:00Z
1
value 0.00353
scoring_system epss
scoring_elements 0.58147
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0204
2
reference_url https://bugs.launchpad.net/keystone/+bug/1309228
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1309228
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0204
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0204
4
reference_url https://github.com/openstack/keystone/commit/729dcad7384ba66ee7494154969cdd7ae90d86ee
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/729dcad7384ba66ee7494154969cdd7ae90d86ee
5
reference_url https://github.com/openstack/keystone/commit/786af9829c5329a982e3451f77afebbfb21850bd
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/786af9829c5329a982e3451f77afebbfb21850bd
6
reference_url https://github.com/openstack/keystone/commit/97dfd55ad1b40365754dcbfce856f7ffae280a44
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/97dfd55ad1b40365754dcbfce856f7ffae280a44
7
reference_url https://github.com/openstack/keystone/commit/f0eee2f3b48dd0cffb9f75e396da2d914925cba5
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/f0eee2f3b48dd0cffb9f75e396da2d914925cba5
8
reference_url https://review.openstack.org/#/c/94396
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/c/94396
9
reference_url http://www.openwall.com/lists/oss-security/2014/05/21/3
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/05/21/3
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1095981
reference_id 1095981
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1095981
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749026
reference_id 749026
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749026
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0204
reference_id CVE-2014-0204
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0204
13
reference_url https://github.com/advisories/GHSA-c4p9-87h3-7vr4
reference_id GHSA-c4p9-87h3-7vr4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c4p9-87h3-7vr4
fixed_packages
0
url pkg:deb/debian/keystone@2014.1-5?distro=trixie
purl pkg:deb/debian/keystone@2014.1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1-5%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2014-0204, GHSA-c4p9-87h3-7vr4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1yc7-uszx-kqh3
6
url VCID-2kdk-59qe-t3d4
vulnerability_id VCID-2kdk-59qe-t3d4
summary
references
0
reference_url https://access.redhat.com/errata/RHSA-2017:1461
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:1461
1
reference_url https://access.redhat.com/errata/RHSA-2017:1597
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2017:1597
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2673.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2673.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-2673
reference_id
reference_type
scores
0
value 0.00572
scoring_system epss
scoring_elements 0.69127
published_at 2026-06-11T12:55:00Z
1
value 0.00572
scoring_system epss
scoring_elements 0.69219
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-2673
4
reference_url https://bugs.launchpad.net/keystone/+bug/1677723
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1677723
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1439586
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1439586
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2673
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2673
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2673
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2673
8
reference_url http://seclists.org/oss-sec/2017/q2/125
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://seclists.org/oss-sec/2017/q2/125
9
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv2
scoring_elements AV:L/AC:M/Au:S/C:C/I:C/A:C
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
11
reference_url https://github.com/openstack/keystone/commit/05a129e54573b6cbda1ec095f4526f2b9ba90a90
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/05a129e54573b6cbda1ec095f4526f2b9ba90a90
12
reference_url https://github.com/openstack/keystone/commit/2139639eeabc8f6941f4461fc87d609cde3118c2
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/2139639eeabc8f6941f4461fc87d609cde3118c2
13
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2018-152.yaml
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2018-152.yaml
14
reference_url http://www.securityfocus.com/bid/98032
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/98032
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861189
reference_id 861189
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861189
16
reference_url https://access.redhat.com/security/cve/CVE-2017-2673
reference_id CVE-2017-2673
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2017-2673
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2673
reference_id CVE-2017-2673
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-2673
18
reference_url https://github.com/advisories/GHSA-j36m-hv43-7w7m
reference_id GHSA-j36m-hv43-7w7m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j36m-hv43-7w7m
19
reference_url https://usn.ubuntu.com/3448-1/
reference_id USN-3448-1
reference_type
scores
url https://usn.ubuntu.com/3448-1/
fixed_packages
0
url pkg:deb/debian/keystone@2:10.0.0-9?distro=trixie
purl pkg:deb/debian/keystone@2:10.0.0-9?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:10.0.0-9%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2017-2673, GHSA-j36m-hv43-7w7m, PYSEC-2018-152
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2kdk-59qe-t3d4
7
url VCID-3umd-756n-qqbx
vulnerability_id VCID-3umd-756n-qqbx
summary In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the user_enabled_invert configuration option is False (the default). The _ldap_res_to_model method in the UserApi class only performed string-to-boolean conversion when user_enabled_invert was True. When False, the raw string value from LDAP (e.g., "FALSE") was used directly. Since non-empty strings are truthy in Python, users marked as disabled in LDAP were treated as enabled by Keystone, allowing them to authenticate and perform actions. All deployments using the LDAP identity backend without user_enabled_invert=True or user_enabled_emulation are affected.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40683.json
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40683.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-40683
reference_id
reference_type
scores
0
value 0.00021
scoring_system epss
scoring_elements 0.06089
published_at 2026-06-11T12:55:00Z
1
value 0.00021
scoring_system epss
scoring_elements 0.0611
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-40683
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40683
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40683
3
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-40683
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-40683
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133884
reference_id 1133884
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133884
6
reference_url https://bugs.launchpad.net/keystone/+bug/2121152
reference_id 2121152
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T20:14:37Z/
url https://bugs.launchpad.net/keystone/+bug/2121152
7
reference_url https://bugs.launchpad.net/keystone/+bug/2141713
reference_id 2141713
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T20:14:37Z/
url https://bugs.launchpad.net/keystone/+bug/2141713
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2458472
reference_id 2458472
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2458472
9
reference_url https://www.openwall.com/lists/oss-security/2026/04/14/9
reference_id 9
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T20:14:37Z/
url https://www.openwall.com/lists/oss-security/2026/04/14/9
10
reference_url https://review.opendev.org/958205
reference_id 958205
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T20:14:37Z/
url https://review.opendev.org/958205
11
reference_url https://github.com/advisories/GHSA-pfx2-9x9m-7ghx
reference_id GHSA-pfx2-9x9m-7ghx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pfx2-9x9m-7ghx
fixed_packages
0
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.1.0-1%2Bdeb11u3?distro=trixie
purl pkg:deb/debian/keystone@2:18.1.0-1%2Bdeb11u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.1.0-1%252Bdeb11u3%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u2%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u3?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u3%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0~rc1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0~rc1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0~rc1-2%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2026-40683, GHSA-pfx2-9x9m-7ghx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3umd-756n-qqbx
8
url VCID-3yf2-gbmf-wkg7
vulnerability_id VCID-3yf2-gbmf-wkg7
summary OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4222.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4222.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4222
reference_id
reference_type
scores
0
value 0.0058
scoring_system epss
scoring_elements 0.6937
published_at 2026-06-11T12:55:00Z
1
value 0.0058
scoring_system epss
scoring_elements 0.69462
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4222
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4222
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4222
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719290
reference_id 719290
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719290
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=995598
reference_id 995598
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=995598
5
reference_url https://access.redhat.com/errata/RHSA-2013:1524
reference_id RHSA-2013:1524
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1524
6
reference_url https://usn.ubuntu.com/2002-1/
reference_id USN-2002-1
reference_type
scores
url https://usn.ubuntu.com/2002-1/
fixed_packages
0
url pkg:deb/debian/keystone@2013.1.3-1?distro=trixie
purl pkg:deb/debian/keystone@2013.1.3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.1.3-1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2013-4222
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3yf2-gbmf-wkg7
9
url VCID-65n6-swnc-ebcc
vulnerability_id VCID-65n6-swnc-ebcc
summary An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in the authentication request matches the owner of the application credential. An attacker can authenticate with their own application credential ID and secret while specifying a different user's name and domain in the request body. Keystone issues a token attributed to the victim user. The impersonated token is project-scoped and carries the intersection of the application credential's roles and the victim's actual roles on the project. This enables audit evasion, reading the victim's credentials, and acting as the victim within shared projects.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42998.json
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42998.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42998
reference_id
reference_type
scores
0
value 0.00064
scoring_system epss
scoring_elements 0.20208
published_at 2026-06-12T12:55:00Z
1
value 0.00064
scoring_system epss
scoring_elements 0.20035
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42998
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42998
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42998
3
reference_url https://bugs.launchpad.net/keystone/+bug/2148477
reference_id 2148477
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:38:16Z/
url https://bugs.launchpad.net/keystone/+bug/2148477
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2482825
reference_id 2482825
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2482825
5
reference_url https://security.openstack.org/ossa/OSSA-2026-015.html
reference_id OSSA-2026-015.html
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:38:16Z/
url https://security.openstack.org/ossa/OSSA-2026-015.html
fixed_packages
0
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.1.0-1%2Bdeb11u3?distro=trixie
purl pkg:deb/debian/keystone@2:18.1.0-1%2Bdeb11u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.1.0-1%252Bdeb11u3%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u3?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u3%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u4?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u4%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2026-42998
risk_score 2.2
exploitability 0.5
weighted_severity 4.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-65n6-swnc-ebcc
10
url VCID-7c3j-z5fx-afcn
vulnerability_id VCID-7c3j-z5fx-afcn
summary The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, related to an "interaction between eventlet and python-memcached."
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2014-0382.html
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
2
value LOW
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0382.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-0409.html
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
2
value LOW
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0409.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0105.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0105.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0105
reference_id
reference_type
scores
0
value 0.00455
scoring_system epss
scoring_elements 0.64281
published_at 2026-06-11T12:55:00Z
1
value 0.00455
scoring_system epss
scoring_elements 0.64383
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0105
4
reference_url https://bugs.launchpad.net/python-keystoneclient/+bug/1282865
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
2
value LOW
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/python-keystoneclient/+bug/1282865
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0105
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0105
6
reference_url https://github.com/advisories/GHSA-gwvq-rgqf-993f
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-gwvq-rgqf-993f
7
reference_url https://github.com/openstack/python-keystoneclient
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/python-keystoneclient
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/python-keystoneclient/PYSEC-2014-70.yaml
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/python-keystoneclient/PYSEC-2014-70.yaml
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0105
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0105
10
reference_url https://review.opendev.org/c/openstack/python-keystoneclient/+/81078
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
2
value LOW
scoring_system generic_textual
scoring_elements
url https://review.opendev.org/c/openstack/python-keystoneclient/+/81078
11
reference_url http://www.openwall.com/lists/oss-security/2014/03/27/4
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
2
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/03/27/4
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1082165
reference_id 1082165
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1082165
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742898
reference_id 742898
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742898
14
reference_url https://access.redhat.com/errata/RHSA-2014:0382
reference_id RHSA-2014:0382
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0382
15
reference_url https://access.redhat.com/errata/RHSA-2014:0409
reference_id RHSA-2014:0409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0409
16
reference_url https://access.redhat.com/errata/RHSA-2014:0442
reference_id RHSA-2014:0442
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0442
fixed_packages
0
url pkg:deb/debian/keystone@2013.1.1-2?distro=trixie
purl pkg:deb/debian/keystone@2013.1.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.1.1-2%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2014-0105, GHSA-gwvq-rgqf-993f, PYSEC-2014-70
risk_score 2.7
exploitability 0.5
weighted_severity 5.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7c3j-z5fx-afcn
11
url VCID-7vck-9u91-1yca
vulnerability_id VCID-7vck-9u91-1yca
summary The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.
references
0
reference_url http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html
1
reference_url http://bugs.python.org/issue17239
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://bugs.python.org/issue17239
2
reference_url http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2013-0657.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0657.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2013-0658.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0658.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2013-0670.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0670.html
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1665.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1665.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-1665
reference_id
reference_type
scores
0
value 0.02995
scoring_system epss
scoring_elements 0.86905
published_at 2026-06-12T12:55:00Z
1
value 0.02995
scoring_system epss
scoring_elements 0.86857
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-1665
8
reference_url https://bugs.launchpad.net/keystone/+bug/1100279
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1100279
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1665
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1665
10
reference_url https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40
11
reference_url https://github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-1665
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-1665
13
reference_url http://ubuntu.com/usn/usn-1757-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://ubuntu.com/usn/usn-1757-1
14
reference_url http://www.debian.org/security/2013/dsa-2634
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2013/dsa-2634
15
reference_url http://www.openwall.com/lists/oss-security/2013/02/19/2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/02/19/2
16
reference_url http://www.openwall.com/lists/oss-security/2013/02/19/4
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/02/19/4
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700948
reference_id 700948
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700948
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=912982
reference_id 912982
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=912982
19
reference_url https://github.com/advisories/GHSA-x64m-686f-fmm3
reference_id GHSA-x64m-686f-fmm3
reference_type
scores
url https://github.com/advisories/GHSA-x64m-686f-fmm3
20
reference_url https://access.redhat.com/errata/RHSA-2013:0596
reference_id RHSA-2013:0596
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0596
21
reference_url https://access.redhat.com/errata/RHSA-2013:0657
reference_id RHSA-2013:0657
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0657
22
reference_url https://access.redhat.com/errata/RHSA-2013:0658
reference_id RHSA-2013:0658
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0658
23
reference_url https://access.redhat.com/errata/RHSA-2013:0670
reference_id RHSA-2013:0670
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0670
24
reference_url https://usn.ubuntu.com/1730-1/
reference_id USN-1730-1
reference_type
scores
url https://usn.ubuntu.com/1730-1/
25
reference_url https://usn.ubuntu.com/1757-1/
reference_id USN-1757-1
reference_type
scores
url https://usn.ubuntu.com/1757-1/
fixed_packages
0
url pkg:deb/debian/keystone@2012.1.1-13?distro=trixie
purl pkg:deb/debian/keystone@2012.1.1-13?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1.1-13%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2013-1665, GHSA-x64m-686f-fmm3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7vck-9u91-1yca
12
url VCID-8grp-27pb-h7dc
vulnerability_id VCID-8grp-27pb-h7dc
summary OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2012-1557.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2012-1557.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5563.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5563.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-5563
reference_id
reference_type
scores
0
value 0.00392
scoring_system epss
scoring_elements 0.60609
published_at 2026-06-11T12:55:00Z
1
value 0.00392
scoring_system epss
scoring_elements 0.60713
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-5563
3
reference_url https://bugs.launchpad.net/keystone/+bug/1079216
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1079216
4
reference_url http://secunia.com/advisories/51423
reference_id
reference_type
scores
url http://secunia.com/advisories/51423
5
reference_url http://secunia.com/advisories/51436
reference_id
reference_type
scores
url http://secunia.com/advisories/51436
6
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/80370
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/80370
7
reference_url https://github.com/advisories/GHSA-w66p-78g4-mr7g
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-w66p-78g4-mr7g
8
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
9
reference_url https://github.com/openstack/keystone/commit/38c7e46a640a94da4da89a39a5a1ea9c081f1eb5
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/38c7e46a640a94da4da89a39a5a1ea9c081f1eb5
10
reference_url https://github.com/openstack/keystone/commit/f9d4766249a72d8f88d75dcf1575b28dd3496681
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/f9d4766249a72d8f88d75dcf1575b28dd3496681
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2012-20.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2012-20.yaml
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-5563
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-5563
13
reference_url https://web.archive.org/web/20121201003009/http://secunia.com/advisories/51423
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121201003009/http://secunia.com/advisories/51423
14
reference_url https://web.archive.org/web/20140802122732/http://secunia.com/advisories/51436
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20140802122732/http://secunia.com/advisories/51436
15
reference_url https://web.archive.org/web/20200228144943/http://www.securityfocus.com/bid/56727
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228144943/http://www.securityfocus.com/bid/56727
16
reference_url http://www.openwall.com/lists/oss-security/2012/11/28/5
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/11/28/5
17
reference_url http://www.openwall.com/lists/oss-security/2012/11/28/6
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/11/28/6
18
reference_url http://www.securityfocus.com/bid/56727
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/56727
19
reference_url http://www.ubuntu.com/usn/USN-1641-1
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1641-1
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=879402
reference_id 879402
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=879402
21
reference_url https://access.redhat.com/errata/RHSA-2012:1557
reference_id RHSA-2012:1557
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1557
22
reference_url https://usn.ubuntu.com/1641-1/
reference_id USN-1641-1
reference_type
scores
url https://usn.ubuntu.com/1641-1/
fixed_packages
0
url pkg:deb/debian/keystone@0?distro=trixie
purl pkg:deb/debian/keystone@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@0%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2012-5563, GHSA-w66p-78g4-mr7g, PYSEC-2012-20
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8grp-27pb-h7dc
13
url VCID-8tq9-2hse-mqbj
vulnerability_id VCID-8tq9-2hse-mqbj
summary tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elastic Compute Cloud (Amazon EC2) is configured, uses world-readable permissions for /etc/keystone/ec2rc, which allows local users to obtain access to EC2 services by reading administrative access and secret values from this file.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5483.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5483.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-5483
reference_id
reference_type
scores
0
value 0.00111
scoring_system epss
scoring_elements 0.29072
published_at 2026-06-11T12:55:00Z
1
value 0.00111
scoring_system epss
scoring_elements 0.29274
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-5483
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=873447
reference_id 873447
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=873447
3
reference_url https://access.redhat.com/errata/RHSA-2012:1556
reference_id RHSA-2012:1556
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1556
fixed_packages
0
url pkg:deb/debian/keystone@0?distro=trixie
purl pkg:deb/debian/keystone@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@0%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2012-5483
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8tq9-2hse-mqbj
14
url VCID-9zx6-jv3m-yuhb
vulnerability_id VCID-9zx6-jv3m-yuhb
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14432.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14432.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14432
reference_id
reference_type
scores
0
value 0.01139
scoring_system epss
scoring_elements 0.78821
published_at 2026-06-11T12:55:00Z
1
value 0.01139
scoring_system epss
scoring_elements 0.78886
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14432
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14432
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14432
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1606868
reference_id 1606868
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1606868
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904616
reference_id 904616
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904616
6
reference_url https://access.redhat.com/errata/RHSA-2018:2523
reference_id RHSA-2018:2523
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2523
7
reference_url https://access.redhat.com/errata/RHSA-2018:2533
reference_id RHSA-2018:2533
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2533
8
reference_url https://access.redhat.com/errata/RHSA-2018:2543
reference_id RHSA-2018:2543
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2543
fixed_packages
0
url pkg:deb/debian/keystone@2:13.0.0-7?distro=trixie
purl pkg:deb/debian/keystone@2:13.0.0-7?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:13.0.0-7%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2018-14432
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9zx6-jv3m-yuhb
15
url VCID-ac3f-jmx4-xfb7
vulnerability_id VCID-ac3f-jmx4-xfb7
summary The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2tokens API request.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6391.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6391.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-6391
reference_id
reference_type
scores
0
value 0.00498
scoring_system epss
scoring_elements 0.66307
published_at 2026-06-11T12:55:00Z
1
value 0.00498
scoring_system epss
scoring_elements 0.66401
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-6391
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6391
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6391
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1039164
reference_id 1039164
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1039164
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731981
reference_id 731981
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731981
5
reference_url https://access.redhat.com/errata/RHSA-2014:0089
reference_id RHSA-2014:0089
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0089
6
reference_url https://access.redhat.com/errata/RHSA-2014:0368
reference_id RHSA-2014:0368
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0368
7
reference_url https://usn.ubuntu.com/2061-1/
reference_id USN-2061-1
reference_type
scores
url https://usn.ubuntu.com/2061-1/
fixed_packages
0
url pkg:deb/debian/keystone@2013.2.1-1?distro=trixie
purl pkg:deb/debian/keystone@2013.2.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.2.1-1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2013-6391
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ac3f-jmx4-xfb7
16
url VCID-b1ty-k5u4-u3bh
vulnerability_id VCID-b1ty-k5u4-u3bh
summary HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2255.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2255.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2255
reference_id
reference_type
scores
0
value 0.00414
scoring_system epss
scoring_elements 0.62153
published_at 2026-06-12T12:55:00Z
1
value 0.00414
scoring_system epss
scoring_elements 0.62052
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2255
2
reference_url https://bugs.launchpad.net/ossn/+bug/1188189
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/ossn/+bug/1188189
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2255
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2255
4
reference_url https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-2255
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-2255
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2255
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2255
6
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/85562
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/85562
7
reference_url https://github.com/openstack/cinder/commit/0f9652d92e175a1f7dc3c2a37ab444b8f189375a
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/cinder/commit/0f9652d92e175a1f7dc3c2a37ab444b8f189375a
8
reference_url https://github.com/openstack/keystone/commit/5bd4c2984d329625a2a8442b316fa235dbb88a3d
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/5bd4c2984d329625a2a8442b316fa235dbb88a3d
9
reference_url https://github.com/openstack/neutron/commit/7255e056092f034daaeb4246a812900645d46911
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/neutron/commit/7255e056092f034daaeb4246a812900645d46911
10
reference_url https://github.com/openstack/python-keystoneclient/commit/20e166fd8a943ee3f91ba362a47e9c14c7cc5f4c
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/python-keystoneclient/commit/20e166fd8a943ee3f91ba362a47e9c14c7cc5f4c
11
reference_url https://web.archive.org/web/20200229073508/https://www.securityfocus.com/bid/61118
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200229073508/https://www.securityfocus.com/bid/61118
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=924514
reference_id 924514
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=924514
13
reference_url https://access.redhat.com/security/cve/cve-2013-2255
reference_id CVE-2013-2255
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/cve-2013-2255
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2255
reference_id CVE-2013-2255
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-2255
15
reference_url https://security-tracker.debian.org/tracker/CVE-2013-2255
reference_id CVE-2013-2255
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security-tracker.debian.org/tracker/CVE-2013-2255
16
reference_url https://github.com/advisories/GHSA-qh2x-hpf9-cf2g
reference_id GHSA-qh2x-hpf9-cf2g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qh2x-hpf9-cf2g
fixed_packages
0
url pkg:deb/debian/keystone@2014.1-1?distro=trixie
purl pkg:deb/debian/keystone@2014.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1-1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2013-2255, GHSA-qh2x-hpf9-cf2g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b1ty-k5u4-u3bh
17
url VCID-bbem-sea4-3ub4
vulnerability_id VCID-bbem-sea4-3ub4
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-38155
reference_id
reference_type
scores
0
value 0.01067
scoring_system epss
scoring_elements 0.78123
published_at 2026-06-11T12:55:00Z
1
value 0.01067
scoring_system epss
scoring_elements 0.7819
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-38155
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38155
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38155
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
4
reference_url https://github.com/openstack/keystone/commit/1b573ae7d1c20e0ebfbde79bbe7538a09589c75d
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/1b573ae7d1c20e0ebfbde79bbe7538a09589c75d
5
reference_url https://github.com/openstack/keystone/commit/8ab4eb27be4c13c9bab2b3ea700f00a190521bf8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/8ab4eb27be4c13c9bab2b3ea700f00a190521bf8
6
reference_url https://github.com/openstack/keystone/commit/ac2631ae33445877094cdae796fbcdce8833a626
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/ac2631ae33445877094cdae796fbcdce8833a626
7
reference_url https://launchpad.net/bugs/1688137
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://launchpad.net/bugs/1688137
8
reference_url https://lists.debian.org/debian-lts-announce/2024/01/msg00007.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/01/msg00007.html
9
reference_url https://security.openstack.org/ossa/OSSA-2021-003.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2021-003.html
10
reference_url http://www.openwall.com/lists/oss-security/2021/08/10/5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/08/10/5
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992070
reference_id 992070
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992070
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-38155
reference_id CVE-2021-38155
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-38155
13
reference_url https://github.com/advisories/GHSA-4225-97pr-rr52
reference_id GHSA-4225-97pr-rr52
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4225-97pr-rr52
fixed_packages
0
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:19.0.0-3?distro=trixie
purl pkg:deb/debian/keystone@2:19.0.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:19.0.0-3%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2021-38155, GHSA-4225-97pr-rr52
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bbem-sea4-3ub4
18
url VCID-c18s-qdf4-3kdh
vulnerability_id VCID-c18s-qdf4-3kdh
summary OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.
references
0
reference_url http://github.com/openstack/keystone/commit/58ac6691a21675be9e2ffb0f84a05fc3cd4d2e2e
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://github.com/openstack/keystone/commit/58ac6691a21675be9e2ffb0f84a05fc3cd4d2e2e
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4413.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4413.json
2
reference_url https://access.redhat.com/security/cve/CVE-2012-4413
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2012-4413
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-4413
reference_id
reference_type
scores
0
value 0.00428
scoring_system epss
scoring_elements 0.62883
published_at 2026-06-11T12:55:00Z
1
value 0.00428
scoring_system epss
scoring_elements 0.62985
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-4413
4
reference_url https://bugs.launchpad.net/keystone/+bug/1041396
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1041396
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4413
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4413
6
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/78478
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/78478
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-4413
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-4413
8
reference_url https://opendev.org/openstack/keystone
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/keystone
9
reference_url https://review.opendev.org/c/openstack/keystone/+/12870
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://review.opendev.org/c/openstack/keystone/+/12870
10
reference_url https://review.opendev.org/c/openstack/keystone/+/12870/
reference_id
reference_type
scores
url https://review.opendev.org/c/openstack/keystone/+/12870/
11
reference_url https://web.archive.org/web/20121114023848/http://www.securityfocus.com/bid/55524
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121114023848/http://www.securityfocus.com/bid/55524
12
reference_url http://www.openwall.com/lists/oss-security/2012/09/12/7
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/09/12/7
13
reference_url http://www.ubuntu.com/usn/USN-1564-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1564-1
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687428
reference_id 687428
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687428
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=855491
reference_id 855491
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=855491
16
reference_url https://github.com/advisories/GHSA-mrxv-65rv-6hxq
reference_id GHSA-mrxv-65rv-6hxq
reference_type
scores
url https://github.com/advisories/GHSA-mrxv-65rv-6hxq
17
reference_url https://access.redhat.com/errata/RHSA-2012:1378
reference_id RHSA-2012:1378
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2012:1378
18
reference_url https://usn.ubuntu.com/1564-1/
reference_id USN-1564-1
reference_type
scores
url https://usn.ubuntu.com/1564-1/
fixed_packages
0
url pkg:deb/debian/keystone@2012.1.1-6?distro=trixie
purl pkg:deb/debian/keystone@2012.1.1-6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1.1-6%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2012-4413, GHSA-mrxv-65rv-6hxq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c18s-qdf4-3kdh
19
url VCID-ccfb-3z76-bfea
vulnerability_id VCID-ccfb-3z76-bfea
summary An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token carries the victim's identity, which passes the trustor validation check. Keystone then validates the delegated roles against the victim's actual role assignments in the database, not the roles on the requesting token. This allows the attacker to create a trust delegating the victim's admin role to themselves. The trust persists independently, and additional trusts and application credentials can be created to maintain access. All actions are logged under the victim's identity.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43000.json
reference_id
reference_type
scores
0
value 8.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43000.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-43000
reference_id
reference_type
scores
0
value 0.00041
scoring_system epss
scoring_elements 0.12878
published_at 2026-06-12T12:55:00Z
1
value 0.00041
scoring_system epss
scoring_elements 0.12783
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-43000
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43000
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43000
3
reference_url https://bugs.launchpad.net/keystone/+bug/2148477
reference_id 2148477
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:41:32Z/
url https://bugs.launchpad.net/keystone/+bug/2148477
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2482826
reference_id 2482826
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2482826
5
reference_url https://security.openstack.org/ossa/OSSA-2026-015.html
reference_id OSSA-2026-015.html
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:41:32Z/
url https://security.openstack.org/ossa/OSSA-2026-015.html
fixed_packages
0
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.1.0-1%2Bdeb11u3?distro=trixie
purl pkg:deb/debian/keystone@2:18.1.0-1%2Bdeb11u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.1.0-1%252Bdeb11u3%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u3?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u3%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u4?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u4%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2026-43000
risk_score 3.8
exploitability 0.5
weighted_severity 7.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ccfb-3z76-bfea
20
url VCID-db43-8qdt-kkes
vulnerability_id VCID-db43-8qdt-kkes
summary A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 (Elastic Compute Cloud) tokens when a user's role has been removed from a tenant. An attacker can leverage a token associated with a removed user role to gain unauthorized access.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2012-1556.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2012-1556.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2012-1557.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2012-1557.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5571.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5571.json
4
reference_url https://access.redhat.com/security/cve/CVE-2012-5571
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2012-5571
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-5571
reference_id
reference_type
scores
0
value 0.00152
scoring_system epss
scoring_elements 0.35682
published_at 2026-06-11T12:55:00Z
1
value 0.00152
scoring_system epss
scoring_elements 0.35862
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-5571
6
reference_url https://bugs.launchpad.net/keystone/+bug/1064914
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1064914
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5571
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5571
8
reference_url http://secunia.com/advisories/51423
reference_id
reference_type
scores
url http://secunia.com/advisories/51423
9
reference_url http://secunia.com/advisories/51436
reference_id
reference_type
scores
url http://secunia.com/advisories/51436
10
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/80333
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/80333
11
reference_url https://github.com/advisories/GHSA-qvpr-qm6w-6rcc
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-qvpr-qm6w-6rcc
12
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
13
reference_url https://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713b
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713b
14
reference_url https://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19
15
reference_url https://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653
16
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2012-35.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2012-35.yaml
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-5571
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-5571
18
reference_url http://www.openwall.com/lists/oss-security/2012/11/28/5
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/11/28/5
19
reference_url http://www.openwall.com/lists/oss-security/2012/11/28/6
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/11/28/6
20
reference_url http://www.securityfocus.com/bid/56726
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/56726
21
reference_url http://www.ubuntu.com/usn/USN-1641-1
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1641-1
22
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694433
reference_id 694433
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694433
23
reference_url https://usn.ubuntu.com/1641-1/
reference_id USN-1641-1
reference_type
scores
url https://usn.ubuntu.com/1641-1/
fixed_packages
0
url pkg:deb/debian/keystone@2012.1.1-11?distro=trixie
purl pkg:deb/debian/keystone@2012.1.1-11?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1.1-11%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2012-5571, GHSA-qvpr-qm6w-6rcc, PYSEC-2012-35
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-db43-8qdt-kkes
21
url VCID-dtqk-jgtz-myf1
vulnerability_id VCID-dtqk-jgtz-myf1
summary OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.
references
0
reference_url http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa
1
reference_url http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355
2
reference_url http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626
3
reference_url http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d
4
reference_url http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454
5
reference_url http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de
6
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3426
reference_id
reference_type
scores
0
value 0.00561
scoring_system epss
scoring_elements 0.68778
published_at 2026-06-11T12:55:00Z
1
value 0.00561
scoring_system epss
scoring_elements 0.68871
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3426
7
reference_url https://bugs.launchpad.net/keystone/+bug/996595
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/996595
8
reference_url https://bugs.launchpad.net/keystone/+bug/997194
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/997194
9
reference_url https://bugs.launchpad.net/keystone/+bug/998185
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/998185
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3426
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3426
11
reference_url http://secunia.com/advisories/50045
reference_id
reference_type
scores
url http://secunia.com/advisories/50045
12
reference_url http://secunia.com/advisories/50494
reference_id
reference_type
scores
url http://secunia.com/advisories/50494
13
reference_url https://github.com/advisories/GHSA-xp97-6w7r-4cjc
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-xp97-6w7r-4cjc
14
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
15
reference_url https://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355
16
reference_url https://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626
17
reference_url https://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d
18
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2012-34.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2012-34.yaml
19
reference_url https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz
20
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-3426
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-3426
21
reference_url http://www.openwall.com/lists/oss-security/2012/07/27/4
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/07/27/4
22
reference_url http://www.ubuntu.com/usn/USN-1552-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1552-1
23
reference_url https://usn.ubuntu.com/1552-1/
reference_id USN-1552-1
reference_type
scores
url https://usn.ubuntu.com/1552-1/
fixed_packages
0
url pkg:deb/debian/keystone@2012.1.1-1?distro=trixie
purl pkg:deb/debian/keystone@2012.1.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1.1-1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2012-3426, GHSA-xp97-6w7r-4cjc, PYSEC-2012-34
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dtqk-jgtz-myf1
22
url VCID-ejv6-3fkp-a7ba
vulnerability_id VCID-ejv6-3fkp-a7ba
summary 
Multiple vulnerabilities have been found in libxml2, allowing
    remote attackers to execute arbitrary code or cause Denial of Service.
references
0
reference_url http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html
1
reference_url http://bugs.python.org/issue17239
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://bugs.python.org/issue17239
2
reference_url http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html
3
reference_url http://rhn.redhat.com/errata/RHSA-2013-0657.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0657.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2013-0658.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0658.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2013-0670.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0670.html
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1664.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1664.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-1664
reference_id
reference_type
scores
0
value 0.03938
scoring_system epss
scoring_elements 0.88643
published_at 2026-06-12T12:55:00Z
1
value 0.03938
scoring_system epss
scoring_elements 0.88603
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-1664
8
reference_url https://bugs.launchpad.net/nova/+bug/1100282
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/nova/+bug/1100282
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664
10
reference_url https://github.com/django/django
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django
11
reference_url https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40
12
reference_url https://github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-1664
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-1664
14
reference_url http://ubuntu.com/usn/usn-1757-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://ubuntu.com/usn/usn-1757-1
15
reference_url http://www.openwall.com/lists/oss-security/2013/02/19/2
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/02/19/2
16
reference_url http://www.openwall.com/lists/oss-security/2013/02/19/4
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/02/19/4
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700948
reference_id 700948
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700948
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700949
reference_id 700949
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700949
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700950
reference_id 700950
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700950
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=913808
reference_id 913808
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=913808
21
reference_url https://github.com/advisories/GHSA-qrh7-x6fp-c2mp
reference_id GHSA-qrh7-x6fp-c2mp
reference_type
scores
url https://github.com/advisories/GHSA-qrh7-x6fp-c2mp
22
reference_url https://security.gentoo.org/glsa/201311-06
reference_id GLSA-201311-06
reference_type
scores
url https://security.gentoo.org/glsa/201311-06
23
reference_url https://security.gentoo.org/glsa/201412-11
reference_id GLSA-201412-11
reference_type
scores
url https://security.gentoo.org/glsa/201412-11
24
reference_url https://access.redhat.com/errata/RHSA-2013:0596
reference_id RHSA-2013:0596
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0596
25
reference_url https://access.redhat.com/errata/RHSA-2013:0657
reference_id RHSA-2013:0657
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0657
26
reference_url https://access.redhat.com/errata/RHSA-2013:0658
reference_id RHSA-2013:0658
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0658
27
reference_url https://access.redhat.com/errata/RHSA-2013:0670
reference_id RHSA-2013:0670
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0670
28
reference_url https://usn.ubuntu.com/1730-1/
reference_id USN-1730-1
reference_type
scores
url https://usn.ubuntu.com/1730-1/
29
reference_url https://usn.ubuntu.com/1731-1/
reference_id USN-1731-1
reference_type
scores
url https://usn.ubuntu.com/1731-1/
30
reference_url https://usn.ubuntu.com/1734-1/
reference_id USN-1734-1
reference_type
scores
url https://usn.ubuntu.com/1734-1/
31
reference_url https://usn.ubuntu.com/1757-1/
reference_id USN-1757-1
reference_type
scores
url https://usn.ubuntu.com/1757-1/
fixed_packages
0
url pkg:deb/debian/keystone@2012.1.1-13?distro=trixie
purl pkg:deb/debian/keystone@2012.1.1-13?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1.1-13%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2013-1664, GHSA-qrh7-x6fp-c2mp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ejv6-3fkp-a7ba
23
url VCID-ensv-km86-5uf7
vulnerability_id VCID-ensv-km86-5uf7
summary The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges.
references
0
reference_url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4477
reference_id
reference_type
scores
url http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4477
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-0113.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-0113.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4477.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4477.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4477
reference_id
reference_type
scores
0
value 0.00151
scoring_system epss
scoring_elements 0.35537
published_at 2026-06-11T12:55:00Z
1
value 0.00151
scoring_system epss
scoring_elements 0.35717
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4477
4
reference_url https://bugs.launchpad.net/keystone/+bug/1242855
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1242855
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4477
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4477
6
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
7
reference_url https://github.com/openstack/keystone/commit/b17e7bec768bd53d3977352486378698a3db3cfa
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/b17e7bec768bd53d3977352486378698a3db3cfa
8
reference_url https://github.com/openstack/keystone/commit/c6800c
reference_id
reference_type
scores
url https://github.com/openstack/keystone/commit/c6800c
9
reference_url https://github.com/openstack/keystone/commit/c6800ca1ac984c879e75826df6694d6199444ea0
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/c6800ca1ac984c879e75826df6694d6199444ea0
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-4477
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-4477
11
reference_url http://www.openwall.com/lists/oss-security/2013/10/30/6
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/10/30/6
12
reference_url http://www.ubuntu.com/usn/USN-2034-1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2034-1
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1024401
reference_id 1024401
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1024401
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728233
reference_id 728233
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728233
15
reference_url https://access.redhat.com/errata/RHSA-2014:0113
reference_id RHSA-2014:0113
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0113
16
reference_url https://usn.ubuntu.com/2034-1/
reference_id USN-2034-1
reference_type
scores
url https://usn.ubuntu.com/2034-1/
fixed_packages
0
url pkg:deb/debian/keystone@2013.2-2?distro=trixie
purl pkg:deb/debian/keystone@2013.2-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.2-2%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2013-4477, GHSA-f889-wfwm-6p7m
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ensv-km86-5uf7
24
url VCID-esad-mak2-8bg2
vulnerability_id VCID-esad-mak2-8bg2
summary An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role may obtain an EC2/S3 credential that carries the full set of the parent user's S3 permissions, effectively bypassing the role restrictions imposed on the application credential. Only deployments that use restricted application credentials in combination with the EC2/S3 compatibility API (swift3 / s3api) are affected.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33551.json
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33551.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33551
reference_id
reference_type
scores
0
value 0.00031
scoring_system epss
scoring_elements 0.09396
published_at 2026-06-11T12:55:00Z
1
value 0.00031
scoring_system epss
scoring_elements 0.09449
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33551
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33551
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33551
3
reference_url https://github.com/advisories/GHSA-4phw-6824-6cfp
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4phw-6824-6cfp
4
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2026-202.yaml
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2026-202.yaml
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33551
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33551
7
reference_url http://www.openwall.com/lists/oss-security/2026/04/07/12
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
2
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/04/07/12
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133118
reference_id 1133118
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133118
9
reference_url https://bugs.launchpad.net/keystone/+bug/2142138
reference_id 2142138
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T13:50:09Z/
url https://bugs.launchpad.net/keystone/+bug/2142138
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2451037
reference_id 2451037
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2451037
11
reference_url https://security.openstack.org/ossa/OSSA-2026-005.html
reference_id OSSA-2026-005.html
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T13:50:09Z/
url https://security.openstack.org/ossa/OSSA-2026-005.html
fixed_packages
0
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.1.0-1%2Bdeb11u3?distro=trixie
purl pkg:deb/debian/keystone@2:18.1.0-1%2Bdeb11u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.1.0-1%252Bdeb11u3%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u2?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u2%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u3?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u3%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie
7
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2026-33551, GHSA-4phw-6824-6cfp, PYSEC-2026-202
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-esad-mak2-8bg2
25
url VCID-fhme-n8v8-ybev
vulnerability_id VCID-fhme-n8v8-ybev
summary OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3542.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3542.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-3542
reference_id
reference_type
scores
0
value 0.01949
scoring_system epss
scoring_elements 0.83846
published_at 2026-06-11T12:55:00Z
1
value 0.01949
scoring_system epss
scoring_elements 0.83903
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-3542
2
reference_url https://bugs.launchpad.net/keystone/+bug/1040626
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1040626
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3542
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3542
4
reference_url http://secunia.com/advisories/50467
reference_id
reference_type
scores
url http://secunia.com/advisories/50467
5
reference_url http://secunia.com/advisories/50494
reference_id
reference_type
scores
url http://secunia.com/advisories/50494
6
reference_url https://github.com/advisories/GHSA-gf2q-j2qq-pjf2
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-gf2q-j2qq-pjf2
7
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
8
reference_url https://github.com/openstack/keystone/commit/5438d3b5a219d7c8fa67e66e538d325a61617155
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/5438d3b5a219d7c8fa67e66e538d325a61617155
9
reference_url https://github.com/openstack/keystone/commit/c13d0ba606f7b2bdc609a7f388334e5efec3f3aa
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/c13d0ba606f7b2bdc609a7f388334e5efec3f3aa
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2012-19.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2012-19.yaml
11
reference_url https://lists.launchpad.net/openstack/msg16282.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.launchpad.net/openstack/msg16282.html
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-3542
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-3542
13
reference_url https://web.archive.org/web/20121114023909/http://www.securityfocus.com/bid/55326
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121114023909/http://www.securityfocus.com/bid/55326
14
reference_url https://web.archive.org/web/20140802052724/http://secunia.com/advisories/50467
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20140802052724/http://secunia.com/advisories/50467
15
reference_url https://web.archive.org/web/20140804204333/http://secunia.com/advisories/50494
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20140804204333/http://secunia.com/advisories/50494
16
reference_url http://www.openwall.com/lists/oss-security/2012/08/30/6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/08/30/6
17
reference_url http://www.securityfocus.com/bid/55326
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/55326
18
reference_url http://www.ubuntu.com/usn/USN-1552-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1552-1
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=852510
reference_id 852510
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=852510
20
reference_url https://access.redhat.com/errata/RHSA-2012:1378
reference_id RHSA-2012:1378
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1378
21
reference_url https://usn.ubuntu.com/1552-1/
reference_id USN-1552-1
reference_type
scores
url https://usn.ubuntu.com/1552-1/
fixed_packages
0
url pkg:deb/debian/keystone@2012.1.1-5?distro=trixie
purl pkg:deb/debian/keystone@2012.1.1-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1.1-5%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2012-3542, GHSA-gf2q-j2qq-pjf2, PYSEC-2012-19
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fhme-n8v8-ybev
26
url VCID-h6c1-em7v-vqfv
vulnerability_id VCID-h6c1-em7v-vqfv
summary OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-July/111914.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2013-July/111914.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2014
reference_id
reference_type
scores
0
value 0.02372
scoring_system epss
scoring_elements 0.85303
published_at 2026-06-11T12:55:00Z
1
value 0.02372
scoring_system epss
scoring_elements 0.85355
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2014
2
reference_url https://bugs.launchpad.net/keystone/+bug/1098177
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1098177
3
reference_url https://bugs.launchpad.net/keystone/+bug/1099025
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1099025
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2014
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2014
5
reference_url http://secunia.com/advisories/53397
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/53397
6
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/84347
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/84347
7
reference_url https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8
8
reference_url http://www.securityfocus.com/bid/59936
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/59936
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708515
reference_id 708515
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708515
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2014
reference_id CVE-2013-2014
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-2014
11
reference_url https://github.com/advisories/GHSA-7332-36h8-8jh8
reference_id GHSA-7332-36h8-8jh8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7332-36h8-8jh8
fixed_packages
0
url pkg:deb/debian/keystone@2013.1.1-2?distro=trixie
purl pkg:deb/debian/keystone@2013.1.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.1.1-2%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2013-2014, GHSA-7332-36h8-8jh8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h6c1-em7v-vqfv
27
url VCID-hn3m-58g1-hbe9
vulnerability_id VCID-hn3m-58g1-hbe9
summary The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4911.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4911.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-4911
reference_id
reference_type
scores
0
value 0.00304
scoring_system epss
scoring_elements 0.54196
published_at 2026-06-12T12:55:00Z
1
value 0.00304
scoring_system epss
scoring_elements 0.54071
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-4911
2
reference_url https://bugs.launchpad.net/keystone/+bug/1577558
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1577558
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4911
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4911
4
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
5
reference_url https://github.com/openstack/keystone/commit/0d376025bae61bf5ee19d992c7f336b99ac69240
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/0d376025bae61bf5ee19d992c7f336b99ac69240
6
reference_url https://github.com/openstack/keystone/commit/ee1dc941042d1f71699971c5c30566af1b348572
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/ee1dc941042d1f71699971c5c30566af1b348572
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2016-38.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2016-38.yaml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-4911
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-4911
9
reference_url https://review.openstack.org/#/c/311886
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/c/311886
10
reference_url https://review.openstack.org/#/c/311886/
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
url https://review.openstack.org/#/c/311886/
11
reference_url https://security.openstack.org/ossa/OSSA-2016-008.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2016-008.html
12
reference_url http://www.openwall.com/lists/oss-security/2016/05/17/10
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/05/17/10
13
reference_url http://www.openwall.com/lists/oss-security/2016/05/17/11
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2016/05/17/11
14
reference_url http://www.securityfocus.com/bid/90728
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
url http://www.securityfocus.com/bid/90728
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1337079
reference_id 1337079
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1337079
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824683
reference_id 824683
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824683
fixed_packages
0
url pkg:deb/debian/keystone@2:9.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:9.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:9.0.0-2%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2016-4911, GHSA-f82m-w3p3-cgp3, PYSEC-2016-38
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hn3m-58g1-hbe9
28
url VCID-jbz5-6csy-wyfh
vulnerability_id VCID-jbz5-6csy-wyfh
summary OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2014-1121.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1121.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-1122.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1122.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5253.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5253.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-5253
reference_id
reference_type
scores
0
value 0.0031
scoring_system epss
scoring_elements 0.54578
published_at 2026-06-11T12:55:00Z
1
value 0.0031
scoring_system epss
scoring_elements 0.54703
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-5253
4
reference_url https://bugs.launchpad.net/keystone/+bug/1349597
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1349597
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5253
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5253
6
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
7
reference_url https://github.com/openstack/keystone/commit/317f9d34b4da20c21edd5b851889298b67c843e1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/317f9d34b4da20c21edd5b851889298b67c843e1
8
reference_url https://github.com/openstack/keystone/commit/3e035ebb726167aef43c4a865c7e7f7d3b0978fb
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/3e035ebb726167aef43c4a865c7e7f7d3b0978fb
9
reference_url https://github.com/openstack/keystone/commit/c4447f16da036fe878382ce4e1b05b84bdcc4d4e
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/c4447f16da036fe878382ce4e1b05b84bdcc4d4e
10
reference_url https://github.com/openstack/keystone/commit/cccc3f3239c68479de0f6a41bd64badf2a9ec9e7
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/cccc3f3239c68479de0f6a41bd64badf2a9ec9e7
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-109.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-109.yaml
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-5253
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-5253
13
reference_url http://www.openwall.com/lists/oss-security/2014/08/15/6
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/08/15/6
14
reference_url http://www.ubuntu.com/usn/USN-2324-1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2324-1
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1127253
reference_id 1127253
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1127253
16
reference_url https://access.redhat.com/errata/RHSA-2014:1121
reference_id RHSA-2014:1121
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:1121
17
reference_url https://access.redhat.com/errata/RHSA-2014:1122
reference_id RHSA-2014:1122
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:1122
18
reference_url https://usn.ubuntu.com/2324-1/
reference_id USN-2324-1
reference_type
scores
url https://usn.ubuntu.com/2324-1/
fixed_packages
0
url pkg:deb/debian/keystone@2014.1.2.1-1?distro=trixie
purl pkg:deb/debian/keystone@2014.1.2.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.2.1-1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2014-5253, GHSA-77w8-qv8m-386h, PYSEC-2014-109
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jbz5-6csy-wyfh
29
url VCID-jc9x-jf2k-t3h9
vulnerability_id VCID-jc9x-jf2k-t3h9
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12689.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12689.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-12689
reference_id
reference_type
scores
0
value 0.01066
scoring_system epss
scoring_elements 0.78111
published_at 2026-06-11T12:55:00Z
1
value 0.01066
scoring_system epss
scoring_elements 0.78179
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-12689
2
reference_url https://bugs.launchpad.net/keystone/+bug/1872735
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1872735
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/advisories/GHSA-chgw-36xv-47cw
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-chgw-36xv-47cw
9
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
10
reference_url https://github.com/openstack/keystone/commit/37e9907a176dad6843819b1bec4946c3aecc4548
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/37e9907a176dad6843819b1bec4946c3aecc4548
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-53.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-53.yaml
12
reference_url https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-12689
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-12689
14
reference_url https://security.openstack.org/ossa/OSSA-2020-004.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2020-004.html
15
reference_url https://usn.ubuntu.com/4480-1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4480-1
16
reference_url https://usn.ubuntu.com/4480-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4480-1/
17
reference_url https://www.openwall.com/lists/oss-security/2020/05/06/5
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2020/05/06/5
18
reference_url http://www.openwall.com/lists/oss-security/2020/05/07/2
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/05/07/2
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1830396
reference_id 1830396
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1830396
20
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900
reference_id 959900
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900
21
reference_url https://access.redhat.com/errata/RHSA-2020:2732
reference_id RHSA-2020:2732
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2732
22
reference_url https://access.redhat.com/errata/RHSA-2020:3096
reference_id RHSA-2020:3096
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3096
23
reference_url https://access.redhat.com/errata/RHSA-2020:3102
reference_id RHSA-2020:3102
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3102
24
reference_url https://access.redhat.com/errata/RHSA-2020:3105
reference_id RHSA-2020:3105
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3105
fixed_packages
0
url pkg:deb/debian/keystone@2:17.0.0~rc2-1?distro=trixie
purl pkg:deb/debian/keystone@2:17.0.0~rc2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:17.0.0~rc2-1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2020-12689, GHSA-chgw-36xv-47cw, PYSEC-2020-53
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jc9x-jf2k-t3h9
30
url VCID-kx8v-3tf5-jygb
vulnerability_id VCID-kx8v-3tf5-jygb
summary OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0282.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0282.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-0282
reference_id
reference_type
scores
0
value 0.00467
scoring_system epss
scoring_elements 0.64986
published_at 2026-06-12T12:55:00Z
1
value 0.00467
scoring_system epss
scoring_elements 0.64885
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-0282
2
reference_url https://bugs.launchpad.net/keystone/+bug/1121494
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1121494
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0282
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0282
4
reference_url https://github.com/openstack/keystone/commit/7402f5ef994599653bdbb3ed5ff1a2b8c3e72b9f
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/7402f5ef994599653bdbb3ed5ff1a2b8c3e72b9f
5
reference_url https://github.com/openstack/keystone/commit/9572bfc393f66f5ce3b44c0a77a9e29cc0374c6f
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/9572bfc393f66f5ce3b44c0a77a9e29cc0374c6f
6
reference_url https://github.com/openstack/keystone/commit/f0b4d300db5cc61d4f079f8bce9da8e8bea1081a
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/f0b4d300db5cc61d4f079f8bce9da8e8bea1081a
7
reference_url https://launchpad.net/keystone/grizzly/2013.1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://launchpad.net/keystone/grizzly/2013.1
8
reference_url https://launchpad.net/keystone/+milestone/2012.2.4
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://launchpad.net/keystone/+milestone/2012.2.4
9
reference_url https://review.openstack.org/#/c/22319
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/c/22319
10
reference_url https://review.openstack.org/#/c/22319/
reference_id
reference_type
scores
url https://review.openstack.org/#/c/22319/
11
reference_url https://review.openstack.org/#/c/22320
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/c/22320
12
reference_url https://review.openstack.org/#/c/22320/
reference_id
reference_type
scores
url https://review.openstack.org/#/c/22320/
13
reference_url https://review.openstack.org/#/c/22321
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://review.openstack.org/#/c/22321
14
reference_url https://review.openstack.org/#/c/22321/
reference_id
reference_type
scores
url https://review.openstack.org/#/c/22321/
15
reference_url http://www.openwall.com/lists/oss-security/2013/02/19/3
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/02/19/3
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700947
reference_id 700947
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700947
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=910928
reference_id 910928
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=910928
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-0282
reference_id CVE-2013-0282
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-0282
19
reference_url https://github.com/advisories/GHSA-8833-qrvm-wc3h
reference_id GHSA-8833-qrvm-wc3h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8833-qrvm-wc3h
20
reference_url https://access.redhat.com/errata/RHSA-2013:0596
reference_id RHSA-2013:0596
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0596
21
reference_url https://usn.ubuntu.com/1730-1/
reference_id USN-1730-1
reference_type
scores
url https://usn.ubuntu.com/1730-1/
fixed_packages
0
url pkg:deb/debian/keystone@2012.1.1-13?distro=trixie
purl pkg:deb/debian/keystone@2012.1.1-13?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1.1-13%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2013-0282, GHSA-8833-qrvm-wc3h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kx8v-3tf5-jygb
31
url VCID-ky25-jwae-nffv
vulnerability_id VCID-ky25-jwae-nffv
summary OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106220.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106220.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2013-0806.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0806.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2006.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2006.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2006
reference_id
reference_type
scores
0
value 0.00039
scoring_system epss
scoring_elements 0.1207
published_at 2026-06-11T12:55:00Z
1
value 0.00039
scoring_system epss
scoring_elements 0.12163
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2006
5
reference_url https://bugs.launchpad.net/keystone/+bug/1172195
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1172195
6
reference_url https://bugs.launchpad.net/ossn/+bug/1168252
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/ossn/+bug/1168252
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2006
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2006
8
reference_url https://github.com/advisories/GHSA-rxrm-xvp4-jqvh
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-rxrm-xvp4-jqvh
9
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
10
reference_url https://github.com/openstack/keystone/commit/c5037dd6b82909efaaa8720e8cfa8bdb8b4a0edd
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/c5037dd6b82909efaaa8720e8cfa8bdb8b4a0edd
11
reference_url https://github.com/openstack/keystone/commit/d43e2a51a1ed7adbed3c5ddf001d46bc4a824ae8
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/d43e2a51a1ed7adbed3c5ddf001d46bc4a824ae8
12
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-40.yaml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-40.yaml
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2006
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-2006
14
reference_url http://www.openwall.com/lists/oss-security/2013/04/24/1
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/04/24/1
15
reference_url http://www.openwall.com/lists/oss-security/2013/04/24/2
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/04/24/2
16
reference_url http://www.securityfocus.com/bid/59411
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/59411
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=956007
reference_id 956007
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=956007
18
reference_url https://access.redhat.com/errata/RHSA-2013:0806
reference_id RHSA-2013:0806
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0806
fixed_packages
0
url pkg:deb/debian/keystone@2013.1.1-2?distro=trixie
purl pkg:deb/debian/keystone@2013.1.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.1.1-2%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2013-2006, GHSA-rxrm-xvp4-jqvh, PYSEC-2013-40
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ky25-jwae-nffv
32
url VCID-n8wb-7qy9-d3cx
vulnerability_id VCID-n8wb-7qy9-d3cx
summary OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a (1) trust or (2) OAuth token with impersonation enabled to create a new token with additional roles.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00031.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00031.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3476.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3476.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3476
reference_id
reference_type
scores
0
value 0.00721
scoring_system epss
scoring_elements 0.72964
published_at 2026-06-11T12:55:00Z
1
value 0.00721
scoring_system epss
scoring_elements 0.73041
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3476
3
reference_url https://bugs.launchpad.net/keystone/+bug/1324592
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1324592
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3476
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3476
5
reference_url http://secunia.com/advisories/57886
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/57886
6
reference_url http://secunia.com/advisories/59547
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/59547
7
reference_url http://www.openwall.com/lists/oss-security/2014/06/12/3
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/06/12/3
8
reference_url http://www.securityfocus.com/bid/68026
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/68026
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1104524
reference_id 1104524
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1104524
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751454
reference_id 751454
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751454
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3476
reference_id CVE-2014-3476
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3476
12
reference_url https://github.com/advisories/GHSA-274v-r947-v34r
reference_id GHSA-274v-r947-v34r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-274v-r947-v34r
13
reference_url https://access.redhat.com/errata/RHSA-2014:0994
reference_id RHSA-2014:0994
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0994
14
reference_url https://usn.ubuntu.com/2324-1/
reference_id USN-2324-1
reference_type
scores
url https://usn.ubuntu.com/2324-1/
fixed_packages
0
url pkg:deb/debian/keystone@2014.1.1-2?distro=trixie
purl pkg:deb/debian/keystone@2014.1.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.1-2%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2014-3476, GHSA-274v-r947-v34r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n8wb-7qy9-d3cx
33
url VCID-ngkx-25ft-8qhj
vulnerability_id VCID-ngkx-25ft-8qhj
summary An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate that the caller-supplied project_id for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted application credential for project A to create an EC2 credential targeting project B; a subsequent /v3/ec2tokens exchange would then issue a Keystone token scoped to project B while still carrying the original app_cred_id, enabling cross-project lateral movement within the credential owner's role footprint.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43001.json
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43001.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-43001
reference_id
reference_type
scores
0
value 0.00018
scoring_system epss
scoring_elements 0.0474
published_at 2026-06-11T12:55:00Z
1
value 0.00024
scoring_system epss
scoring_elements 0.07093
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-43001
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43001
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43001
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-43001
reference_id
reference_type
scores
0
value 7.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-43001
4
reference_url https://review.opendev.org/c/openstack/keystone
reference_id
reference_type
scores
0
value 7.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://review.opendev.org/c/openstack/keystone
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135645
reference_id 1135645
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135645
6
reference_url https://bugs.launchpad.net/keystone/+bug/2149775
reference_id 2149775
reference_type
scores
0
value 7.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T13:28:01Z/
url https://bugs.launchpad.net/keystone/+bug/2149775
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2464305
reference_id 2464305
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2464305
8
reference_url https://review.opendev.org/c/openstack/keystone/+/985804
reference_id 985804
reference_type
scores
0
value 7.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T13:28:01Z/
url https://review.opendev.org/c/openstack/keystone/+/985804
9
reference_url https://github.com/advisories/GHSA-hhq2-3832-xxcv
reference_id GHSA-hhq2-3832-xxcv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hhq2-3832-xxcv
10
reference_url https://security.openstack.org/ossa/OSSA-2026-015.html
reference_id OSSA-2026-015.html
reference_type
scores
0
value 7.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T13:28:01Z/
url https://security.openstack.org/ossa/OSSA-2026-015.html
fixed_packages
0
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.1.0-1%2Bdeb11u3?distro=trixie
purl pkg:deb/debian/keystone@2:18.1.0-1%2Bdeb11u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.1.0-1%252Bdeb11u3%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u3?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u3%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u4?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u4%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2026-43001, GHSA-hhq2-3832-xxcv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ngkx-25ft-8qhj
34
url VCID-nmb8-wq4u-2ug7
vulnerability_id VCID-nmb8-wq4u-2ug7
summary OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65073.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65073.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-65073
reference_id
reference_type
scores
0
value 0.00031
scoring_system epss
scoring_elements 0.09507
published_at 2026-06-12T12:55:00Z
1
value 0.00031
scoring_system epss
scoring_elements 0.09454
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-65073
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65073
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65073
3
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
4
reference_url http://www.openwall.com/lists/oss-security/2025/11/17/6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/11/17/6
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120053
reference_id 1120053
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120053
6
reference_url https://www.openwall.com/lists/oss-security/2025/11/04/2
reference_id 2
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-17T16:34:17Z/
url https://www.openwall.com/lists/oss-security/2025/11/04/2
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2415344
reference_id 2415344
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2415344
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-65073
reference_id CVE-2025-65073
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-65073
9
reference_url https://github.com/advisories/GHSA-hcqg-5g63-7j9h
reference_id GHSA-hcqg-5g63-7j9h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hcqg-5g63-7j9h
10
reference_url https://access.redhat.com/errata/RHSA-2026:1958
reference_id RHSA-2026:1958
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:1958
11
reference_url https://usn.ubuntu.com/7926-1/
reference_id USN-7926-1
reference_type
scores
url https://usn.ubuntu.com/7926-1/
fixed_packages
0
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.1.0-1%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/keystone@2:18.1.0-1%2Bdeb11u2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.1.0-1%252Bdeb11u2%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:28.0.0-2?distro=trixie
purl pkg:deb/debian/keystone@2:28.0.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:28.0.0-2%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2025-65073, GHSA-hcqg-5g63-7j9h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nmb8-wq4u-2ug7
35
url VCID-nsx2-6bs2-7bcq
vulnerability_id VCID-nsx2-6bs2-7bcq
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12691.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12691.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-12691
reference_id
reference_type
scores
0
value 0.03566
scoring_system epss
scoring_elements 0.88031
published_at 2026-06-12T12:55:00Z
1
value 0.03566
scoring_system epss
scoring_elements 0.8799
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-12691
2
reference_url https://bugs.launchpad.net/keystone/+bug/1872733
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1872733
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/advisories/GHSA-4427-7f3w-mqv6
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-4427-7f3w-mqv6
9
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
10
reference_url https://github.com/openstack/keystone/commit/37e9907a176dad6843819b1bec4946c3aecc4548
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/37e9907a176dad6843819b1bec4946c3aecc4548
11
reference_url https://github.com/openstack/keystone/commit/40cbb7bebd50276412daa1981ff5a7c7b3b899a5
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/40cbb7bebd50276412daa1981ff5a7c7b3b899a5
12
reference_url https://github.com/openstack/keystone/commit/95b2bbeab113d9f04d1c81f7f1b48bf692bce979
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/95b2bbeab113d9f04d1c81f7f1b48bf692bce979
13
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-55.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-55.yaml
14
reference_url https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa@%3Ccommits.druid.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-12691
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-12691
17
reference_url https://security.openstack.org/ossa/OSSA-2020-004.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2020-004.html
18
reference_url https://usn.ubuntu.com/4480-1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4480-1
19
reference_url https://usn.ubuntu.com/4480-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4480-1/
20
reference_url https://www.openwall.com/lists/oss-security/2020/05/06/5
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2020/05/06/5
21
reference_url http://www.openwall.com/lists/oss-security/2020/05/07/2
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/05/07/2
22
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1830384
reference_id 1830384
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1830384
23
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900
reference_id 959900
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900
24
reference_url https://access.redhat.com/errata/RHSA-2020:2732
reference_id RHSA-2020:2732
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2732
25
reference_url https://access.redhat.com/errata/RHSA-2020:3096
reference_id RHSA-2020:3096
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3096
26
reference_url https://access.redhat.com/errata/RHSA-2020:3102
reference_id RHSA-2020:3102
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3102
27
reference_url https://access.redhat.com/errata/RHSA-2020:3105
reference_id RHSA-2020:3105
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3105
fixed_packages
0
url pkg:deb/debian/keystone@2:17.0.0~rc2-1?distro=trixie
purl pkg:deb/debian/keystone@2:17.0.0~rc2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:17.0.0~rc2-1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2020-12691, GHSA-4427-7f3w-mqv6, PYSEC-2020-55
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nsx2-6bs2-7bcq
36
url VCID-pkuc-qvpx-7bbk
vulnerability_id VCID-pkuc-qvpx-7bbk
summary An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforce_call unconditionally merges the raw JSON request body into the policy enforcement dictionary via policy_dict.update(json_input.copy()), overwriting trusted target data that was previously set from database lookups. Because flask.request.get_json is called with force=True, this works regardless of Content-Type or HTTP method. Any authenticated user can inject arbitrary policy target attributes (e.g., user_id, project_id) into the request body to bypass RBAC checks and perform unauthorized operations on resources belonging to other users or projects. This was introduced in commit 5ea59f52 (Rocky/14.0.0).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42999.json
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42999.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-42999
reference_id
reference_type
scores
0
value 0.00041
scoring_system epss
scoring_elements 0.12878
published_at 2026-06-12T12:55:00Z
1
value 0.00041
scoring_system epss
scoring_elements 0.12783
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-42999
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42999
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42999
3
reference_url https://bugs.launchpad.net/keystone/+bug/2148398
reference_id 2148398
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:42:13Z/
url https://bugs.launchpad.net/keystone/+bug/2148398
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2482840
reference_id 2482840
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2482840
5
reference_url https://security.openstack.org/ossa/OSSA-2026-015.html
reference_id OSSA-2026-015.html
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:42:13Z/
url https://security.openstack.org/ossa/OSSA-2026-015.html
fixed_packages
0
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.1.0-1%2Bdeb11u3?distro=trixie
purl pkg:deb/debian/keystone@2:18.1.0-1%2Bdeb11u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.1.0-1%252Bdeb11u3%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u3?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u3%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u4?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u4%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2026-42999
risk_score 3.8
exploitability 0.5
weighted_severity 7.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pkuc-qvpx-7bbk
37
url VCID-qyrx-y8k1-jff8
vulnerability_id VCID-qyrx-y8k1-jff8
summary OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4457.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4457.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-4457
reference_id
reference_type
scores
0
value 0.00561
scoring_system epss
scoring_elements 0.68776
published_at 2026-06-11T12:55:00Z
1
value 0.00561
scoring_system epss
scoring_elements 0.68869
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-4457
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4457
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4457
3
reference_url http://secunia.com/advisories/50665
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/50665
4
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/78947
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/78947
5
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
6
reference_url https://github.com/openstack/keystone/commit/4ebfdfaf23c6da8e3c182bf3ec2cb2b7132ef685
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/4ebfdfaf23c6da8e3c182bf3ec2cb2b7132ef685
7
reference_url https://github.com/openstack/keystone/commit/5373601bbdda10f879c08af1698852142b75f8d5
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/5373601bbdda10f879c08af1698852142b75f8d5
8
reference_url https://lists.launchpad.net/openstack/msg17035.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.launchpad.net/openstack/msg17035.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-4457
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-4457
10
reference_url http://www.openwall.com/lists/oss-security/2012/09/28/6
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/09/28/6
11
reference_url http://www.securityfocus.com/bid/55716
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/55716
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689210
reference_id 689210
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689210
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=861180
reference_id 861180
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=861180
14
reference_url https://github.com/advisories/GHSA-x8h4-xf47-pqc3
reference_id GHSA-x8h4-xf47-pqc3
reference_type
scores
url https://github.com/advisories/GHSA-x8h4-xf47-pqc3
15
reference_url https://access.redhat.com/errata/RHSA-2012:1378
reference_id RHSA-2012:1378
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:1378
fixed_packages
0
url pkg:deb/debian/keystone@2012.1.1-9?distro=trixie
purl pkg:deb/debian/keystone@2012.1.1-9?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1.1-9%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2012-4457, GHSA-x8h4-xf47-pqc3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qyrx-y8k1-jff8
38
url VCID-rc9v-f2xs-akf9
vulnerability_id VCID-rc9v-f2xs-akf9
summary python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires.
references
0
reference_url http://lists.opensuse.org/opensuse-updates/2013-06/msg00198.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-06/msg00198.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2013-0944.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0944.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2104.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2104.json
3
reference_url https://access.redhat.com/security/cve/CVE-2013-2104
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2013-2104
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2104
reference_id
reference_type
scores
0
value 0.0065
scoring_system epss
scoring_elements 0.71321
published_at 2026-06-11T12:55:00Z
1
value 0.0065
scoring_system epss
scoring_elements 0.71409
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2104
5
reference_url https://bugs.launchpad.net/python-keystoneclient/+bug/1179615
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/python-keystoneclient/+bug/1179615
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2104
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2104
7
reference_url https://github.com/advisories/GHSA-4rrr-j7ff-r844
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-4rrr-j7ff-r844
8
reference_url https://github.com/openstack/python-keystoneclient
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/python-keystoneclient
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/python-keystoneclient/PYSEC-2014-69.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/python-keystoneclient/PYSEC-2014-69.yaml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2104
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-2104
11
reference_url http://www.openwall.com/lists/oss-security/2013/05/28/7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/05/28/7
12
reference_url http://www.ubuntu.com/usn/USN-1851-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1851-1
13
reference_url http://www.ubuntu.com/usn/USN-1875-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-1875-1
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=965852
reference_id 965852
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=965852
15
reference_url https://access.redhat.com/errata/RHSA-2013:0944
reference_id RHSA-2013:0944
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2013:0944
16
reference_url https://usn.ubuntu.com/1851-1/
reference_id USN-1851-1
reference_type
scores
url https://usn.ubuntu.com/1851-1/
17
reference_url https://usn.ubuntu.com/1875-1/
reference_id USN-1875-1
reference_type
scores
url https://usn.ubuntu.com/1875-1/
fixed_packages
0
url pkg:deb/debian/keystone@0?distro=trixie
purl pkg:deb/debian/keystone@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@0%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2013-2104, GHSA-4rrr-j7ff-r844, PYSEC-2014-69
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rc9v-f2xs-akf9
39
url VCID-rh3h-queq-n3er
vulnerability_id VCID-rh3h-queq-n3er
summary A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected system.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2013-0708.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2013-0708.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0270.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0270.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-0270
reference_id
reference_type
scores
0
value 0.02681
scoring_system epss
scoring_elements 0.86221
published_at 2026-06-12T12:55:00Z
1
value 0.02681
scoring_system epss
scoring_elements 0.86171
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-0270
3
reference_url https://bugs.launchpad.net/keystone/+bug/1099025
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1099025
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=909012
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=909012
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0270
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0270
6
reference_url https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8
7
reference_url https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276d6fdc
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276d6fdc
8
reference_url https://launchpad.net/keystone/grizzly/2013.1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://launchpad.net/keystone/grizzly/2013.1
9
reference_url https://access.redhat.com/security/cve/CVE-2013-0270
reference_id CVE-2013-0270
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2013-0270
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-0270
reference_id CVE-2013-0270
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-0270
11
reference_url https://github.com/advisories/GHSA-4ppj-4p4v-jf4p
reference_id GHSA-4ppj-4p4v-jf4p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4ppj-4p4v-jf4p
fixed_packages
0
url pkg:deb/debian/keystone@2013.1.1-2?distro=trixie
purl pkg:deb/debian/keystone@2013.1.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.1.1-2%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2013-0270, GHSA-4ppj-4p4v-jf4p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rh3h-queq-n3er
40
url VCID-rv4a-c2w6-rue8
vulnerability_id VCID-rv4a-c2w6-rue8
summary OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service (disk consumption) via many invalid token requests that trigger excessive generation of log entries.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0247.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0247.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-0247
reference_id
reference_type
scores
0
value 0.0296
scoring_system epss
scoring_elements 0.86786
published_at 2026-06-11T12:55:00Z
1
value 0.0296
scoring_system epss
scoring_elements 0.86834
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-0247
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0247
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0247
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699835
reference_id 699835
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699835
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=906171
reference_id 906171
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=906171
5
reference_url https://access.redhat.com/errata/RHSA-2013:0253
reference_id RHSA-2013:0253
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0253
6
reference_url https://usn.ubuntu.com/1715-1/
reference_id USN-1715-1
reference_type
scores
url https://usn.ubuntu.com/1715-1/
fixed_packages
0
url pkg:deb/debian/keystone@2012.1.1-12?distro=trixie
purl pkg:deb/debian/keystone@2012.1.1-12?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1.1-12%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2013-0247
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rv4a-c2w6-rue8
41
url VCID-saua-gpf5-2uhk
vulnerability_id VCID-saua-gpf5-2uhk
summary
references
0
reference_url http://lists.openstack.org/pipermail/openstack-announce/2015-May/000356.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.openstack.org/pipermail/openstack-announce/2015-May/000356.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3646.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3646.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-3646
reference_id
reference_type
scores
0
value 0.00177
scoring_system epss
scoring_elements 0.39153
published_at 2026-06-12T12:55:00Z
1
value 0.00177
scoring_system epss
scoring_elements 0.38981
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-3646
3
reference_url https://bugs.launchpad.net/keystone/+bug/1443598
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1443598
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3646
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3646
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.5
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:S/C:P/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
7
reference_url https://web.archive.org/web/20210122154200/http://www.securityfocus.com/bid/74456
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20210122154200/http://www.securityfocus.com/bid/74456
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1218640
reference_id 1218640
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1218640
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-3646
reference_id CVE-2015-3646
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-3646
10
reference_url https://github.com/advisories/GHSA-jwpw-ppj5-7h4w
reference_id GHSA-jwpw-ppj5-7h4w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jwpw-ppj5-7h4w
fixed_packages
0
url pkg:deb/debian/keystone@2015.1.0-1?distro=trixie
purl pkg:deb/debian/keystone@2015.1.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2015.1.0-1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2015-3646, GHSA-jwpw-ppj5-7h4w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-saua-gpf5-2uhk
42
url VCID-t5kr-4gyk-h3d3
vulnerability_id VCID-t5kr-4gyk-h3d3
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7546.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7546.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-7546
reference_id
reference_type
scores
0
value 0.00105
scoring_system epss
scoring_elements 0.28277
published_at 2026-06-12T12:55:00Z
1
value 0.00105
scoring_system epss
scoring_elements 0.2808
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-7546
2
reference_url https://bugs.launchpad.net/keystone/+bug/1490804
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1490804
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7546
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7546
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv2
scoring_elements AV:A/AC:M/Au:N/C:P/I:P/A:P
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/openstack/keystone/commit/bff03b5726fe5cac93d44a66715eea49b89c8cb0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/bff03b5726fe5cac93d44a66715eea49b89c8cb0
6
reference_url https://github.com/openstack/keystone/commit/d5378f173da14a34ca010271477337879002d6d0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/d5378f173da14a34ca010271477337879002d6d0
7
reference_url https://github.com/openstack/keystonemiddleware/commit/96ab58e6863c92575ada57615b19652e502adfd8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystonemiddleware/commit/96ab58e6863c92575ada57615b19652e502adfd8
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystonemiddleware/PYSEC-2016-20.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystonemiddleware/PYSEC-2016-20.yaml
9
reference_url https://security.openstack.org/ossa/OSSA-2016-005.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2016-005.html
10
reference_url https://web.archive.org/web/20200228002640/http://www.securityfocus.com/bid/80498
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228002640/http://www.securityfocus.com/bid/80498
11
reference_url https://wiki.openstack.org/wiki/OSSN/OSSN-0062
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://wiki.openstack.org/wiki/OSSN/OSSN-0062
12
reference_url http://www.securityfocus.com/bid/80498
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/80498
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1290774
reference_id 1290774
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1290774
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-7546
reference_id CVE-2015-7546
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-7546
15
reference_url https://github.com/advisories/GHSA-8c4w-v65p-jvcv
reference_id GHSA-8c4w-v65p-jvcv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8c4w-v65p-jvcv
fixed_packages
0
url pkg:deb/debian/keystone@2:9.0.0~rc2-1?distro=trixie
purl pkg:deb/debian/keystone@2:9.0.0~rc2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:9.0.0~rc2-1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2015-7546, GHSA-8c4w-v65p-jvcv, PYSEC-2016-20
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t5kr-4gyk-h3d3
43
url VCID-tx96-ec8f-vyat
vulnerability_id VCID-tx96-ec8f-vyat
summary OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.
references
0
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106220.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106220.html
2
reference_url http://lists.opensuse.org/opensuse-updates/2013-06/msg00085.html
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-updates/2013-06/msg00085.html
3
reference_url http://osvdb.org/93134
reference_id
reference_type
scores
url http://osvdb.org/93134
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2059
reference_id
reference_type
scores
0
value 0.00908
scoring_system epss
scoring_elements 0.76231
published_at 2026-06-11T12:55:00Z
1
value 0.00908
scoring_system epss
scoring_elements 0.76301
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2059
5
reference_url https://bugs.launchpad.net/keystone/+bug/1166670
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1166670
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2059
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2059
7
reference_url http://secunia.com/advisories/53326
reference_id
reference_type
scores
url http://secunia.com/advisories/53326
8
reference_url http://secunia.com/advisories/53339
reference_id
reference_type
scores
url http://secunia.com/advisories/53339
9
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/84135
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/84135
10
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
11
reference_url https://github.com/openstack/keystone/commit/33214f311aa36b17f8f5ff06bee2130bf061df8f
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/33214f311aa36b17f8f5ff06bee2130bf061df8f
12
reference_url https://github.com/openstack/keystone/commit/678b06a91f772d6be82eb54ed11f27e20f446b57
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/678b06a91f772d6be82eb54ed11f27e20f446b57
13
reference_url https://github.com/openstack/keystone/commit/992466d1dbf80a940190703dedf800d6d12dede8
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/992466d1dbf80a940190703dedf800d6d12dede8
14
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-41.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-41.yaml
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2059
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-2059
16
reference_url http://www.openwall.com/lists/oss-security/2013/05/09/3
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/05/09/3
17
reference_url http://www.openwall.com/lists/oss-security/2013/05/09/4
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2013/05/09/4
18
reference_url http://www.securityfocus.com/bid/59787
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/59787
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707598
reference_id 707598
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707598
20
reference_url https://usn.ubuntu.com/1830-1/
reference_id USN-1830-1
reference_type
scores
url https://usn.ubuntu.com/1830-1/
fixed_packages
0
url pkg:deb/debian/keystone@2013.1.1-2?distro=trixie
purl pkg:deb/debian/keystone@2013.1.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.1.1-2%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2013-2059, GHSA-hj89-qmx9-8qmh, PYSEC-2013-41
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tx96-ec8f-vyat
44
url VCID-u32t-vqdf-n3cy
vulnerability_id VCID-u32t-vqdf-n3cy
summary The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2014-1121.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1121.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-1122.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1122.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5251.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5251.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-5251
reference_id
reference_type
scores
0
value 0.0031
scoring_system epss
scoring_elements 0.54578
published_at 2026-06-11T12:55:00Z
1
value 0.0031
scoring_system epss
scoring_elements 0.54703
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-5251
4
reference_url https://bugs.launchpad.net/keystone/+bug/1347961
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1347961
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5251
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5251
6
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
7
reference_url https://github.com/openstack/keystone/commit/6cbf835542d62e6e5db4b4aef7141b1731cad9dc
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/6cbf835542d62e6e5db4b4aef7141b1731cad9dc
8
reference_url https://github.com/openstack/keystone/commit/7aee6304f653475a4130dc3e5be602e91481f108
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/7aee6304f653475a4130dc3e5be602e91481f108
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-107.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-107.yaml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-5251
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-5251
11
reference_url http://www.openwall.com/lists/oss-security/2014/08/15/6
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/08/15/6
12
reference_url http://www.ubuntu.com/usn/USN-2324-1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2324-1
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1127259
reference_id 1127259
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1127259
14
reference_url https://access.redhat.com/errata/RHSA-2014:1121
reference_id RHSA-2014:1121
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:1121
15
reference_url https://access.redhat.com/errata/RHSA-2014:1122
reference_id RHSA-2014:1122
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:1122
16
reference_url https://usn.ubuntu.com/2324-1/
reference_id USN-2324-1
reference_type
scores
url https://usn.ubuntu.com/2324-1/
fixed_packages
0
url pkg:deb/debian/keystone@2014.1.2.1-1?distro=trixie
purl pkg:deb/debian/keystone@2014.1.2.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.2.1-1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2014-5251, GHSA-gmvp-5rf9-mxcm, PYSEC-2014-107
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u32t-vqdf-n3cy
45
url VCID-ux7f-aue9-skf6
vulnerability_id VCID-ux7f-aue9-skf6
summary An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to the newly issued token. When a federated user rescopes a token via POST /v3/auth/tokens, the handle_scoped_token() function in the mapped authentication plugin returns response data without an expires_at value. The token provider falls back to issuing a token with a fresh default TTL. By rescoping repeatedly before each token expires, a user can maintain access indefinitely, bypassing operator-configured token lifetime policies. This is a variant of CVE-2012-3426. Only deployments using federated identity (SAML2, OpenID Connect) are affected.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-44394.json
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-44394.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44394
reference_id
reference_type
scores
0
value 0.00052
scoring_system epss
scoring_elements 0.16912
published_at 2026-06-12T12:55:00Z
1
value 0.00052
scoring_system epss
scoring_elements 0.16759
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44394
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44394
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44394
3
reference_url https://bugs.launchpad.net/keystone/+bug/2150379
reference_id 2150379
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:42:48Z/
url https://bugs.launchpad.net/keystone/+bug/2150379
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2482842
reference_id 2482842
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2482842
5
reference_url https://security.openstack.org/ossa/OSSA-2026-015.html
reference_id OSSA-2026-015.html
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-28T19:42:48Z/
url https://security.openstack.org/ossa/OSSA-2026-015.html
fixed_packages
0
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.1.0-1%2Bdeb11u3?distro=trixie
purl pkg:deb/debian/keystone@2:18.1.0-1%2Bdeb11u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.1.0-1%252Bdeb11u3%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u3?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u3%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
5
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u4?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u4%3Fdistro=trixie
6
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2026-44394
risk_score 2.2
exploitability 0.5
weighted_severity 4.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ux7f-aue9-skf6
46
url VCID-v16a-vufq-97g8
vulnerability_id VCID-v16a-vufq-97g8
summary The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the same authentication method in a request, aka "authentication chaining."
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2014-1688.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1688.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2828.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2828.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-2828
reference_id
reference_type
scores
0
value 0.00766
scoring_system epss
scoring_elements 0.73905
published_at 2026-06-11T12:55:00Z
1
value 0.00766
scoring_system epss
scoring_elements 0.73979
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-2828
3
reference_url https://bugs.launchpad.net/keystone/+bug/1300274
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1300274
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2828
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2828
5
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
6
reference_url https://github.com/openstack/keystone/commit/ce6cedb30c5c4b4cf4db9380f09443de22414b39
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/ce6cedb30c5c4b4cf4db9380f09443de22414b39
7
reference_url https://github.com/openstack/keystone/commit/e364ba5b12de8e4c11bd80bcca903f9615dcfc2e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/e364ba5b12de8e4c11bd80bcca903f9615dcfc2e
8
reference_url https://github.com/openstack/keystone/commit/ef868ad92c00e23a4a5e9eb71e3e0bf5ae2fff0c
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/ef868ad92c00e23a4a5e9eb71e3e0bf5ae2fff0c
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-106.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-106.yaml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-2828
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-2828
11
reference_url http://www.openwall.com/lists/oss-security/2014/04/10/20
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/04/10/20
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1086211
reference_id 1086211
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1086211
fixed_packages
0
url pkg:deb/debian/keystone@2014.1-1?distro=trixie
purl pkg:deb/debian/keystone@2014.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1-1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2014-2828, GHSA-6mv3-p2gr-wgqf, PYSEC-2014-106
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v16a-vufq-97g8
47
url VCID-vvma-ye9p-qqch
vulnerability_id VCID-vvma-ye9p-qqch
summary OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-1572
reference_id
reference_type
scores
0
value 0.00416
scoring_system epss
scoring_elements 0.62156
published_at 2026-06-11T12:55:00Z
1
value 0.00416
scoring_system epss
scoring_elements 0.62258
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-1572
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1572
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1572
fixed_packages
0
url pkg:deb/debian/keystone@2012.1~rc2-1?distro=trixie
purl pkg:deb/debian/keystone@2012.1~rc2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1~rc2-1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2012-1572
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vvma-ye9p-qqch
48
url VCID-x5st-9nyw-pqhu
vulnerability_id VCID-x5st-9nyw-pqhu
summary The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2014-1688.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1688.html
1
reference_url http://rhn.redhat.com/errata/RHSA-2014-1789.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1789.html
2
reference_url http://rhn.redhat.com/errata/RHSA-2014-1790.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2014-1790.html
3
reference_url https://access.redhat.com/errata/RHSA-2014:1688
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2014:1688
4
reference_url https://access.redhat.com/errata/RHSA-2014:1789
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2014:1789
5
reference_url https://access.redhat.com/errata/RHSA-2014:1790
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2014:1790
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3621.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3621.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-3621
reference_id
reference_type
scores
0
value 0.00426
scoring_system epss
scoring_elements 0.62816
published_at 2026-06-12T12:55:00Z
1
value 0.00426
scoring_system epss
scoring_elements 0.62713
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-3621
8
reference_url https://bugs.launchpad.net/keystone/+bug/1354208
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1354208
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1139937
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1139937
10
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3621
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3621
11
reference_url https://github.com/openstack/keystone/commit/2989ff257e4fde6a168e25b926805e700406aa80
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/2989ff257e4fde6a168e25b926805e700406aa80
12
reference_url https://github.com/openstack/keystone/commit/52714633c9a4dae5e60279217090859aa6dbcb4f
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/52714633c9a4dae5e60279217090859aa6dbcb4f
13
reference_url http://www.openwall.com/lists/oss-security/2014/09/16/10
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/09/16/10
14
reference_url http://www.ubuntu.com/usn/USN-2406-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.ubuntu.com/usn/USN-2406-1
15
reference_url https://access.redhat.com/security/cve/CVE-2014-3621
reference_id CVE-2014-3621
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2014-3621
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3621
reference_id CVE-2014-3621
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-3621
17
reference_url https://github.com/advisories/GHSA-8v8f-vc72-pmhc
reference_id GHSA-8v8f-vc72-pmhc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8v8f-vc72-pmhc
18
reference_url https://usn.ubuntu.com/2406-1/
reference_id USN-2406-1
reference_type
scores
url https://usn.ubuntu.com/2406-1/
fixed_packages
0
url pkg:deb/debian/keystone@2014.1.3-1?distro=trixie
purl pkg:deb/debian/keystone@2014.1.3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2014-3621, GHSA-8v8f-vc72-pmhc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x5st-9nyw-pqhu
49
url VCID-x7zb-y9a8-tygv
vulnerability_id VCID-x7zb-y9a8-tygv
summary OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforce_scope is false. Users with a role on a project are able to view any other users' credentials, which could (for example) leak sign-on information for Time-based One Time Passwords (TOTP). Deployments with enforce_scope set to false are affected. (There will be a slight performance impact for the list credentials API once this issue is fixed.)
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:4358
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:4358
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19687.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19687.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-19687
reference_id
reference_type
scores
0
value 0.00728
scoring_system epss
scoring_elements 0.7316
published_at 2026-06-12T12:55:00Z
1
value 0.00728
scoring_system epss
scoring_elements 0.73083
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-19687
3
reference_url https://bugs.launchpad.net/keystone/+bug/1855080
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1855080
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19687
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19687
5
reference_url https://github.com/advisories/GHSA-2j23-fwqm-mgwr
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-2j23-fwqm-mgwr
6
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
7
reference_url https://github.com/openstack/keystone/commit/17947516b0095c51da5cff94771247f2e7c44ee6
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/17947516b0095c51da5cff94771247f2e7c44ee6
8
reference_url https://github.com/openstack/keystone/commit/17c337dbdbfb9d548ad531c2ad0483c9bce5b98f
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/17c337dbdbfb9d548ad531c2ad0483c9bce5b98f
9
reference_url https://github.com/openstack/keystone/commit/bd3f63787151183f4daa43578aa491856fefae5b
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/bd3f63787151183f4daa43578aa491856fefae5b
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2019-29.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2019-29.yaml
11
reference_url https://git.openstack.org/cgit/openstack/keystone/commit/?id=17947516b0095c51da5cff94771247f2e7c44ee6
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://git.openstack.org/cgit/openstack/keystone/commit/?id=17947516b0095c51da5cff94771247f2e7c44ee6
12
reference_url https://git.openstack.org/cgit/openstack/keystone/commit/?id=17c337dbdbfb9d548ad531c2ad0483c9bce5b98f
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://git.openstack.org/cgit/openstack/keystone/commit/?id=17c337dbdbfb9d548ad531c2ad0483c9bce5b98f
13
reference_url https://git.openstack.org/cgit/openstack/keystone/commit/?id=bd3f63787151183f4daa43578aa491856fefae5b
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://git.openstack.org/cgit/openstack/keystone/commit/?id=bd3f63787151183f4daa43578aa491856fefae5b
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-19687
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-19687
15
reference_url https://review.opendev.org/#/c/697355
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://review.opendev.org/#/c/697355
16
reference_url https://review.opendev.org/#/c/697355/
reference_id
reference_type
scores
url https://review.opendev.org/#/c/697355/
17
reference_url https://review.opendev.org/#/c/697611
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://review.opendev.org/#/c/697611
18
reference_url https://review.opendev.org/#/c/697611/
reference_id
reference_type
scores
url https://review.opendev.org/#/c/697611/
19
reference_url https://review.opendev.org/#/c/697731
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://review.opendev.org/#/c/697731
20
reference_url https://review.opendev.org/#/c/697731/
reference_id
reference_type
scores
url https://review.opendev.org/#/c/697731/
21
reference_url https://security.openstack.org/ossa/OSSA-2019-006.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2019-006.html
22
reference_url https://usn.ubuntu.com/4262-1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4262-1
23
reference_url https://usn.ubuntu.com/4262-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4262-1/
24
reference_url http://www.openwall.com/lists/oss-security/2019/12/11/8
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/12/11/8
25
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1781470
reference_id 1781470
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1781470
26
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946614
reference_id 946614
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946614
fixed_packages
0
url pkg:deb/debian/keystone@2:16.0.0-5?distro=trixie
purl pkg:deb/debian/keystone@2:16.0.0-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:16.0.0-5%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2019-19687, GHSA-2j23-fwqm-mgwr, PYSEC-2019-29
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x7zb-y9a8-tygv
50
url VCID-xfds-wmnb-qkcj
vulnerability_id VCID-xfds-wmnb-qkcj
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12692.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12692.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-12692
reference_id
reference_type
scores
0
value 0.0014
scoring_system epss
scoring_elements 0.33907
published_at 2026-06-11T12:55:00Z
1
value 0.0014
scoring_system epss
scoring_elements 0.34084
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-12692
2
reference_url https://bugs.launchpad.net/keystone/+bug/1872737
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1872737
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/advisories/GHSA-rqw2-hhrf-7936
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-rqw2-hhrf-7936
9
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-56.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-56.yaml
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-12692
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-12692
12
reference_url https://opendev.org/openstack/keystone/commit/ab89ea749013e7f2c46260f68504f5687763e019
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/keystone/commit/ab89ea749013e7f2c46260f68504f5687763e019
13
reference_url https://security.openstack.org/ossa/OSSA-2020-003.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2020-003.html
14
reference_url https://usn.ubuntu.com/4480-1
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4480-1
15
reference_url https://usn.ubuntu.com/4480-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4480-1/
16
reference_url https://www.openwall.com/lists/oss-security/2020/05/06/4
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2020/05/06/4
17
reference_url http://www.openwall.com/lists/oss-security/2020/05/07/1
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/05/07/1
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1833164
reference_id 1833164
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1833164
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900
reference_id 959900
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900
20
reference_url https://access.redhat.com/errata/RHSA-2020:2732
reference_id RHSA-2020:2732
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2732
21
reference_url https://access.redhat.com/errata/RHSA-2020:3102
reference_id RHSA-2020:3102
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3102
22
reference_url https://access.redhat.com/errata/RHSA-2020:3105
reference_id RHSA-2020:3105
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3105
fixed_packages
0
url pkg:deb/debian/keystone@2:17.0.0~rc2-1?distro=trixie
purl pkg:deb/debian/keystone@2:17.0.0~rc2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:17.0.0~rc2-1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2020-12692, GHSA-rqw2-hhrf-7936, PYSEC-2020-56
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xfds-wmnb-qkcj
51
url VCID-xh6y-4c9c-mbf6
vulnerability_id VCID-xh6y-4c9c-mbf6
summary The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being invalidated by bulk token revocation and allows the trustee to bypass intended access restrictions.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2014-0580.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2014-0580.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2237.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2237.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-2237
reference_id
reference_type
scores
0
value 0.00188
scoring_system epss
scoring_elements 0.40544
published_at 2026-06-11T12:55:00Z
1
value 0.00188
scoring_system epss
scoring_elements 0.40712
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-2237
3
reference_url https://bugs.launchpad.net/keystone/+bug/1260080
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1260080
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2237
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2237
5
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
6
reference_url https://github.com/openstack/keystone/commit/813d1254eb4f7a7d40009b23bbadbc4c5cc5daac
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/813d1254eb4f7a7d40009b23bbadbc4c5cc5daac
7
reference_url https://github.com/openstack/keystone/commit/a411c944af78c36f2fdb87d305ba452dc52d7ed3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/a411c944af78c36f2fdb87d305ba452dc52d7ed3
8
reference_url https://github.com/openstack/keystone/commit/b6f0e26da0e2ab0892a5658da281a065e668637b
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/b6f0e26da0e2ab0892a5658da281a065e668637b
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-105.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-105.yaml
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-2237
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-2237
11
reference_url https://rhn.redhat.com/errata/RHSA-2014-0580.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://rhn.redhat.com/errata/RHSA-2014-0580.html
12
reference_url http://www.openwall.com/lists/oss-security/2014/03/04/16
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/03/04/16
13
reference_url http://www.securityfocus.com/bid/65895
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/65895
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1071434
reference_id 1071434
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1071434
15
reference_url https://access.redhat.com/errata/RHSA-2014:0368
reference_id RHSA-2014:0368
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0368
16
reference_url https://access.redhat.com/errata/RHSA-2014:0580
reference_id RHSA-2014:0580
reference_type
scores
url https://access.redhat.com/errata/RHSA-2014:0580
fixed_packages
0
url pkg:deb/debian/keystone@2013.2.3-1?distro=trixie
purl pkg:deb/debian/keystone@2013.2.3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.2.3-1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2014-2237, GHSA-23x9-8hxr-978c, PYSEC-2014-105
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xh6y-4c9c-mbf6
52
url VCID-xr4p-a78v-9bb6
vulnerability_id VCID-xr4p-a78v-9bb6
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12690.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12690.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-12690
reference_id
reference_type
scores
0
value 0.00817
scoring_system epss
scoring_elements 0.74775
published_at 2026-06-11T12:55:00Z
1
value 0.00817
scoring_system epss
scoring_elements 0.74846
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-12690
2
reference_url https://bugs.launchpad.net/keystone/+bug/1873290
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1873290
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/advisories/GHSA-6m8p-x4qw-gh5j
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-6m8p-x4qw-gh5j
9
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
10
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-54.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-54.yaml
11
reference_url https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-12690
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-12690
13
reference_url https://security.openstack.org/ossa/OSSA-2020-005.html
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2020-005.html
14
reference_url https://usn.ubuntu.com/4480-1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4480-1
15
reference_url https://usn.ubuntu.com/4480-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/4480-1/
16
reference_url https://www.openwall.com/lists/oss-security/2020/05/06/6
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2020/05/06/6
17
reference_url http://www.openwall.com/lists/oss-security/2020/05/07/3
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/05/07/3
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1830395
reference_id 1830395
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1830395
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900
reference_id 959900
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900
20
reference_url https://access.redhat.com/errata/RHSA-2020:3102
reference_id RHSA-2020:3102
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3102
21
reference_url https://access.redhat.com/errata/RHSA-2020:3105
reference_id RHSA-2020:3105
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3105
fixed_packages
0
url pkg:deb/debian/keystone@2:17.0.0~rc2-1?distro=trixie
purl pkg:deb/debian/keystone@2:17.0.0~rc2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:17.0.0~rc2-1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2020-12690, GHSA-6m8p-x4qw-gh5j, PYSEC-2020-54
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xr4p-a78v-9bb6
53
url VCID-zxpg-k7mx-a3bc
vulnerability_id VCID-zxpg-k7mx-a3bc
summary OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2157.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2157.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-2157
reference_id
reference_type
scores
0
value 0.00212
scoring_system epss
scoring_elements 0.43785
published_at 2026-06-11T12:55:00Z
1
value 0.00212
scoring_system epss
scoring_elements 0.4394
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-2157
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2157
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2157
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712160
reference_id 712160
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712160
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=971884
reference_id 971884
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=971884
5
reference_url https://access.redhat.com/errata/RHSA-2013:0994
reference_id RHSA-2013:0994
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:0994
6
reference_url https://access.redhat.com/errata/RHSA-2013:1083
reference_id RHSA-2013:1083
reference_type
scores
url https://access.redhat.com/errata/RHSA-2013:1083
7
reference_url https://usn.ubuntu.com/1875-1/
reference_id USN-1875-1
reference_type
scores
url https://usn.ubuntu.com/1875-1/
fixed_packages
0
url pkg:deb/debian/keystone@2013.1.2-1?distro=trixie
purl pkg:deb/debian/keystone@2013.1.2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.1.2-1%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2013-2157
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zxpg-k7mx-a3bc
54
url VCID-zztx-mnd6-3qgp
vulnerability_id VCID-zztx-mnd6-3qgp
summary The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the roles for an arbitrary user or get, create, or delete arbitrary services.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4456.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4456.json
1
reference_url https://access.redhat.com/security/cve/CVE-2012-4456
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2012-4456
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-4456
reference_id
reference_type
scores
0
value 0.0395
scoring_system epss
scoring_elements 0.88658
published_at 2026-06-12T12:55:00Z
1
value 0.0395
scoring_system epss
scoring_elements 0.88619
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-4456
3
reference_url https://bugs.launchpad.net/keystone/+bug/1006815
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1006815
4
reference_url https://bugs.launchpad.net/keystone/+bug/1006822
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/keystone/+bug/1006822
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4456
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4456
6
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/78944
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/78944
7
reference_url https://github.com/openstack/keystone
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone
8
reference_url https://github.com/openstack/keystone/commit/14b136aed9d988f5a8f3e699bd4577c9b874d6c1
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/14b136aed9d988f5a8f3e699bd4577c9b874d6c1
9
reference_url https://github.com/openstack/keystone/commit/1d146f5c32e58a73a677d308370f147a3271c2cb
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/1d146f5c32e58a73a677d308370f147a3271c2cb
10
reference_url https://github.com/openstack/keystone/commit/24df3adb3f50cbb5ada411bc67aba8a781e6a431
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/24df3adb3f50cbb5ada411bc67aba8a781e6a431
11
reference_url https://github.com/openstack/keystone/commit/868054992faa45d6f42d822bf1588cb88d7c9ccb
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/keystone/commit/868054992faa45d6f42d822bf1588cb88d7c9ccb
12
reference_url https://lists.launchpad.net/openstack/msg17034.html
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.launchpad.net/openstack/msg17034.html
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-4456
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2012-4456
14
reference_url https://web.archive.org/web/20121114024512/http://www.securityfocus.com/bid/55716
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20121114024512/http://www.securityfocus.com/bid/55716
15
reference_url http://www.openwall.com/lists/oss-security/2012/09/28/5
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2012/09/28/5
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689210
reference_id 689210
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689210
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=861179
reference_id 861179
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=861179
18
reference_url https://github.com/advisories/GHSA-mf98-r2gf-2x3w
reference_id GHSA-mf98-r2gf-2x3w
reference_type
scores
url https://github.com/advisories/GHSA-mf98-r2gf-2x3w
19
reference_url https://access.redhat.com/errata/RHSA-2012:1378
reference_id RHSA-2012:1378
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2012:1378
fixed_packages
0
url pkg:deb/debian/keystone@2012.1.1-9?distro=trixie
purl pkg:deb/debian/keystone@2012.1.1-9?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1.1-9%3Fdistro=trixie
1
url pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-kzaw-9ex3-s3d5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
purl pkg:deb/debian/keystone@2:29.0.1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-2%3Fdistro=trixie
aliases CVE-2012-4456, GHSA-mf98-r2gf-2x3w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zztx-mnd6-3qgp
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie