{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","type":"deb","namespace":"debian","name":"keystone","version":"2:27.0.0-3+deb13u1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2:28.0.0-2","latest_non_vulnerable_version":"2:29.0.1-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/350528?format=json","vulnerability_id":"VCID-6wj2-abbb-xqf6","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33551.json","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33551.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33551","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05493","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05486","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05506","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06308","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06282","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06264","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06112","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06101","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.0632","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33551"},{"reference_url":"https://bugs.launchpad.net/keystone/+bug/2142138","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T13:50:09Z/"}],"url":"https://bugs.launchpad.net/keystone/+bug/2142138"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33551","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33551"},{"reference_url":"https://github.com/openstack/keystone","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33551","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33551"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2026-005.html","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T13:50:09Z/"}],"url":"https://security.openstack.org/ossa/OSSA-2026-005.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/07/12","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/07/12"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133118","reference_id":"1133118","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133118"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451037","reference_id":"2451037","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451037"},{"reference_url":"https://github.com/advisories/GHSA-4phw-6824-6cfp","reference_id":"GHSA-4phw-6824-6cfp","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4phw-6824-6cfp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2026-33551","GHSA-4phw-6824-6cfp"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6wj2-abbb-xqf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/352083?format=json","vulnerability_id":"VCID-z3vj-se4e-hbgw","summary":"OpenStack Keystone: LDAP identity backend does not convert enabled attribute to boolean","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40683.json","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40683.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40683","reference_id":"","reference_type":"","scores":[{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03205","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00015","scoring_system":"epss","scoring_elements":"0.03195","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04242","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04307","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04273","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04254","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40683"},{"reference_url":"https://bugs.launchpad.net/keystone/+bug/2121152","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T20:14:37Z/"}],"url":"https://bugs.launchpad.net/keystone/+bug/2121152"},{"reference_url":"https://bugs.launchpad.net/keystone/+bug/2141713","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T20:14:37Z/"}],"url":"https://bugs.launchpad.net/keystone/+bug/2141713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40683","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40683"},{"reference_url":"https://github.com/openstack/keystone","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone"},{"reference_url":"https://review.opendev.org/958205","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T20:14:37Z/"}],"url":"https://review.opendev.org/958205"},{"reference_url":"https://www.openwall.com/lists/oss-security/2026/04/14/9","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T20:14:37Z/"}],"url":"https://www.openwall.com/lists/oss-security/2026/04/14/9"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133884","reference_id":"1133884","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133884"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458472","reference_id":"2458472","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458472"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40683","reference_id":"CVE-2026-40683","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40683"},{"reference_url":"https://github.com/advisories/GHSA-pfx2-9x9m-7ghx","reference_id":"GHSA-pfx2-9x9m-7ghx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pfx2-9x9m-7ghx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1081527?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0~rc1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0~rc1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2026-40683","GHSA-pfx2-9x9m-7ghx"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z3vj-se4e-hbgw"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5292?format=json","vulnerability_id":"VCID-2ggr-pe4y-y3cn","summary":"OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API.  NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3542.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3542.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3542","reference_id":"","reference_type":"","scores":[{"value":"0.01949","scoring_system":"epss","scoring_elements":"0.83393","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01949","scoring_system":"epss","scoring_elements":"0.83527","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01949","scoring_system":"epss","scoring_elements":"0.83524","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01949","scoring_system":"epss","scoring_elements":"0.83518","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01949","scoring_system":"epss","scoring_elements":"0.83495","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01949","scoring_system":"epss","scoring_elements":"0.83494","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01949","scoring_system":"epss","scoring_elements":"0.83492","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01949","scoring_system":"epss","scoring_elements":"0.83457","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01949","scoring_system":"epss","scoring_elements":"0.83461","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01949","scoring_system":"epss","scoring_elements":"0.83467","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01949","scoring_system":"epss","scoring_elements":"0.83453","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01949","scoring_system":"epss","scoring_elements":"0.83443","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01949","scoring_system":"epss","scoring_elements":"0.83419","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01949","scoring_system":"epss","scoring_elements":"0.8342","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01949","scoring_system":"epss","scoring_elements":"0.83406","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3542"},{"reference_url":"https://bugs.launchpad.net/keystone/+bug/1040626","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/keystone/+bug/1040626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3542","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3542"},{"reference_url":"http://secunia.com/advisories/50467","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/50467"},{"reference_url":"http://secunia.com/advisories/50494","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/50494"},{"reference_url":"https://github.com/openstack/keystone","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone"},{"reference_url":"https://github.com/openstack/keystone/commit/5438d3b5a219d7c8fa67e66e538d325a61617155","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/5438d3b5a219d7c8fa67e66e538d325a61617155"},{"reference_url":"https://github.com/openstack/keystone/commit/c13d0ba606f7b2bdc609a7f388334e5efec3f3aa","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/c13d0ba606f7b2bdc609a7f388334e5efec3f3aa"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2012-19.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2012-19.yaml"},{"reference_url":"https://lists.launchpad.net/openstack/msg16282.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.launchpad.net/openstack/msg16282.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3542","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3542"},{"reference_url":"https://web.archive.org/web/20121114023909/http://www.securityfocus.com/bid/55326","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20121114023909/http://www.securityfocus.com/bid/55326"},{"reference_url":"https://web.archive.org/web/20140802052724/http://secunia.com/advisories/50467","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140802052724/http://secunia.com/advisories/50467"},{"reference_url":"https://web.archive.org/web/20140804204333/http://secunia.com/advisories/50494","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140804204333/http://secunia.com/advisories/50494"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/08/30/6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/08/30/6"},{"reference_url":"http://www.securityfocus.com/bid/55326","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/55326"},{"reference_url":"http://www.ubuntu.com/usn/USN-1552-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1552-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=852510","reference_id":"852510","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=852510"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:folsom-3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:horizon:folsom-3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:horizon:folsom-3:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-gf2q-j2qq-pjf2","reference_id":"GHSA-gf2q-j2qq-pjf2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gf2q-j2qq-pjf2"},{"reference_url":"https://usn.ubuntu.com/1552-1/","reference_id":"USN-1552-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1552-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926224?format=json","purl":"pkg:deb/debian/keystone@2012.1.1-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1.1-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2012-3542","GHSA-gf2q-j2qq-pjf2","PYSEC-2012-19"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2ggr-pe4y-y3cn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5378?format=json","vulnerability_id":"VCID-44u3-6h7t-dbah","summary":"The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, related to an \"interaction between eventlet and python-memcached.\"","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0382.html","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0382.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0409.html","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0409.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0105.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0105.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0105","reference_id":"","reference_type":"","scores":[{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58937","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58819","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58894","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58916","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58883","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58935","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.5894","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58959","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58941","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58922","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58957","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.5896","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58939","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58921","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0105"},{"reference_url":"https://bugs.launchpad.net/python-keystoneclient/+bug/1282865","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/python-keystoneclient/+bug/1282865"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0105","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0105"},{"reference_url":"https://github.com/openstack/python-keystoneclient","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/python-keystoneclient"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/python-keystoneclient/PYSEC-2014-70.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/python-keystoneclient/PYSEC-2014-70.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0105","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0105"},{"reference_url":"https://review.opendev.org/c/openstack/python-keystoneclient/+/81078","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.opendev.org/c/openstack/python-keystoneclient/+/81078"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/03/27/4","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2014/03/27/4"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1082165","reference_id":"1082165","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1082165"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742898","reference_id":"742898","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742898"},{"reference_url":"https://github.com/advisories/GHSA-gwvq-rgqf-993f","reference_id":"GHSA-gwvq-rgqf-993f","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gwvq-rgqf-993f"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0382","reference_id":"RHSA-2014:0382","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0382"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0409","reference_id":"RHSA-2014:0409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0442","reference_id":"RHSA-2014:0442","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0442"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926230?format=json","purl":"pkg:deb/debian/keystone@2013.1.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.1.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2014-0105","GHSA-gwvq-rgqf-993f","PYSEC-2014-70"],"risk_score":2.7,"exploitability":"0.5","weighted_severity":"5.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-44u3-6h7t-dbah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/86595?format=json","vulnerability_id":"VCID-5atx-veu5-kud6","summary":"OpenStack: Keystone disabling a tenant does not disable a user token","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4222.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4222.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4222","reference_id":"","reference_type":"","scores":[{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68814","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68833","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68853","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68834","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68884","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68903","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68925","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68911","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68882","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68923","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68933","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68961","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68967","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0058","scoring_system":"epss","scoring_elements":"0.68973","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4222"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4222","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4222"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719290","reference_id":"719290","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719290"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=995598","reference_id":"995598","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=995598"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1524","reference_id":"RHSA-2013:1524","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1524"},{"reference_url":"https://usn.ubuntu.com/2002-1/","reference_id":"USN-2002-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2002-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926234?format=json","purl":"pkg:deb/debian/keystone@2013.1.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.1.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2013-4222"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5atx-veu5-kud6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/86436?format=json","vulnerability_id":"VCID-655y-mj8k-dbb2","summary":"Keystone: trust circumvention through EC2-style tokens","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6391.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-6391.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6391","reference_id":"","reference_type":"","scores":[{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65778","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65827","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65857","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65823","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65875","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65887","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65906","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65893","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65863","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65899","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65913","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65902","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65912","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65923","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00498","scoring_system":"epss","scoring_elements":"0.65921","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-6391"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6391","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6391"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1039164","reference_id":"1039164","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1039164"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731981","reference_id":"731981","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0089","reference_id":"RHSA-2014:0089","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0089"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0368","reference_id":"RHSA-2014:0368","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0368"},{"reference_url":"https://usn.ubuntu.com/2061-1/","reference_id":"USN-2061-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2061-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926237?format=json","purl":"pkg:deb/debian/keystone@2013.2.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.2.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2013-6391"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-655y-mj8k-dbb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14998?format=json","vulnerability_id":"VCID-6cy4-grme-mka1","summary":"OpenStack Identity Keystone Improper Privilege Management\nOpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0204.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0204.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0204","reference_id":"","reference_type":"","scores":[{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57628","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57636","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.5769","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57693","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57708","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57687","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57667","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57697","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57671","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57629","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57649","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57554","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57638","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.5766","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0204"},{"reference_url":"https://bugs.launchpad.net/keystone/+bug/1309228","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/keystone/+bug/1309228"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0204","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0204"},{"reference_url":"https://github.com/openstack/keystone/commit/729dcad7384ba66ee7494154969cdd7ae90d86ee","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/729dcad7384ba66ee7494154969cdd7ae90d86ee"},{"reference_url":"https://github.com/openstack/keystone/commit/786af9829c5329a982e3451f77afebbfb21850bd","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/786af9829c5329a982e3451f77afebbfb21850bd"},{"reference_url":"https://github.com/openstack/keystone/commit/97dfd55ad1b40365754dcbfce856f7ffae280a44","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/97dfd55ad1b40365754dcbfce856f7ffae280a44"},{"reference_url":"https://github.com/openstack/keystone/commit/f0eee2f3b48dd0cffb9f75e396da2d914925cba5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/f0eee2f3b48dd0cffb9f75e396da2d914925cba5"},{"reference_url":"https://review.openstack.org/#/c/94396","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.openstack.org/#/c/94396"},{"reference_url":"https://review.openstack.org/#/c/94396/","reference_id":"","reference_type":"","scores":[],"url":"https://review.openstack.org/#/c/94396/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/05/21/3","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2014/05/21/3"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1095981","reference_id":"1095981","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1095981"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749026","reference_id":"749026","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749026"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0204","reference_id":"CVE-2014-0204","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0204"},{"reference_url":"https://github.com/advisories/GHSA-c4p9-87h3-7vr4","reference_id":"GHSA-c4p9-87h3-7vr4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c4p9-87h3-7vr4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926238?format=json","purl":"pkg:deb/debian/keystone@2014.1-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2014-0204","GHSA-c4p9-87h3-7vr4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6cy4-grme-mka1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/86919?format=json","vulnerability_id":"VCID-6fhd-mggs-j3c9","summary":"OpenStack: Keystone /etc/keystone/ec2rc secret key exposure","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2012-1556.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2012-1556.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5483.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5483.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5483","reference_id":"","reference_type":"","scores":[{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29087","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.2949","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29559","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29607","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29428","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29491","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.2953","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29534","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29489","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29437","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29458","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29429","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29383","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29267","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29154","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5483"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/80612","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/80612"},{"reference_url":"http://www.securityfocus.com/bid/56888","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/56888"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=873447","reference_id":"873447","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=873447"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2012.1.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:keystone:2012.1.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2012.1.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5483","reference_id":"CVE-2012-5483","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5483"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1556","reference_id":"RHSA-2012:1556","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1556"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926227?format=json","purl":"pkg:deb/debian/keystone@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2012-5483"],"risk_score":0.9,"exploitability":"0.5","weighted_severity":"1.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6fhd-mggs-j3c9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14356?format=json","vulnerability_id":"VCID-6ku1-bgjj-2yg6","summary":"OpenStack Keystone allows context-dependent attackers to bypass access restrictions\nOpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0282.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0282.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0282","reference_id":"","reference_type":"","scores":[{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64493","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64397","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64426","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64386","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64435","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.6445","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64463","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64451","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64422","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64457","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64469","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64461","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64482","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64494","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00467","scoring_system":"epss","scoring_elements":"0.64343","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0282"},{"reference_url":"https://bugs.launchpad.net/keystone/+bug/1121494","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/keystone/+bug/1121494"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0282","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0282"},{"reference_url":"https://github.com/openstack/keystone/commit/7402f5ef994599653bdbb3ed5ff1a2b8c3e72b9f","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/7402f5ef994599653bdbb3ed5ff1a2b8c3e72b9f"},{"reference_url":"https://github.com/openstack/keystone/commit/9572bfc393f66f5ce3b44c0a77a9e29cc0374c6f","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/9572bfc393f66f5ce3b44c0a77a9e29cc0374c6f"},{"reference_url":"https://github.com/openstack/keystone/commit/f0b4d300db5cc61d4f079f8bce9da8e8bea1081a","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/f0b4d300db5cc61d4f079f8bce9da8e8bea1081a"},{"reference_url":"https://launchpad.net/keystone/grizzly/2013.1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.net/keystone/grizzly/2013.1"},{"reference_url":"https://launchpad.net/keystone/+milestone/2012.2.4","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.net/keystone/+milestone/2012.2.4"},{"reference_url":"https://review.openstack.org/#/c/22319","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.openstack.org/#/c/22319"},{"reference_url":"https://review.openstack.org/#/c/22319/","reference_id":"","reference_type":"","scores":[],"url":"https://review.openstack.org/#/c/22319/"},{"reference_url":"https://review.openstack.org/#/c/22320","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.openstack.org/#/c/22320"},{"reference_url":"https://review.openstack.org/#/c/22320/","reference_id":"","reference_type":"","scores":[],"url":"https://review.openstack.org/#/c/22320/"},{"reference_url":"https://review.openstack.org/#/c/22321","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.openstack.org/#/c/22321"},{"reference_url":"https://review.openstack.org/#/c/22321/","reference_id":"","reference_type":"","scores":[],"url":"https://review.openstack.org/#/c/22321/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/02/19/3","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/02/19/3"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700947","reference_id":"700947","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700947"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=910928","reference_id":"910928","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=910928"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:keystone:2013.1:milestone1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:keystone:2013.1:milestone2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:keystone:2013.1:milestone3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0282","reference_id":"CVE-2013-0282","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0282"},{"reference_url":"https://github.com/advisories/GHSA-8833-qrvm-wc3h","reference_id":"GHSA-8833-qrvm-wc3h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8833-qrvm-wc3h"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0596","reference_id":"RHSA-2013:0596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0596"},{"reference_url":"https://usn.ubuntu.com/1730-1/","reference_id":"USN-1730-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1730-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926231?format=json","purl":"pkg:deb/debian/keystone@2012.1.1-13?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1.1-13%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2013-0282","GHSA-8833-qrvm-wc3h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6ku1-bgjj-2yg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/86705?format=json","vulnerability_id":"VCID-7rg3-te3d-3qa9","summary":"openstack-keystone: Insecure management of LDAP and admin_token configuration file values","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1977.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1977.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1977","reference_id":"","reference_type":"","scores":[{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29716","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30111","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30148","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30196","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30009","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30069","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30105","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30109","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30066","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30016","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30031","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.30011","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29967","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.29895","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00114","scoring_system":"epss","scoring_elements":"0.2978","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1977"},{"reference_url":"https://bugs.launchpad.net/devstack/+bug/1168252","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.launchpad.net/devstack/+bug/1168252"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/04/19/2","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2013/04/19/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/04/23/7","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2013/04/23/7"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=953910","reference_id":"953910","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=953910"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:devstack:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:devstack:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:devstack:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1977","reference_id":"CVE-2013-1977","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1977"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926227?format=json","purl":"pkg:deb/debian/keystone@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2013-1977"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7rg3-te3d-3qa9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5496?format=json","vulnerability_id":"VCID-844e-r6mn-bqh5","summary":"The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers, which allows remote authenticated users to bypass intended access restrictions and gain access to cloud resources by manipulating byte fields within a revoked token.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7546.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7546.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7546","reference_id":"","reference_type":"","scores":[{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28586","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28207","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28286","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28398","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28612","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28695","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28743","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28551","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28616","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28656","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28658","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28614","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28512","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28561","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28566","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7546"},{"reference_url":"https://bugs.launchpad.net/keystone/+bug/1490804","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/keystone/+bug/1490804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7546","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7546"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv2","scoring_elements":"AV:A/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/openstack/keystone/commit/bff03b5726fe5cac93d44a66715eea49b89c8cb0","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/bff03b5726fe5cac93d44a66715eea49b89c8cb0"},{"reference_url":"https://github.com/openstack/keystone/commit/d5378f173da14a34ca010271477337879002d6d0","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/d5378f173da14a34ca010271477337879002d6d0"},{"reference_url":"https://github.com/openstack/keystonemiddleware/commit/96ab58e6863c92575ada57615b19652e502adfd8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystonemiddleware/commit/96ab58e6863c92575ada57615b19652e502adfd8"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystonemiddleware/PYSEC-2016-20.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystonemiddleware/PYSEC-2016-20.yaml"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2016-005.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2016-005.html"},{"reference_url":"https://web.archive.org/web/20200228002640/http://www.securityfocus.com/bid/80498","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228002640/http://www.securityfocus.com/bid/80498"},{"reference_url":"https://wiki.openstack.org/wiki/OSSN/OSSN-0062","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://wiki.openstack.org/wiki/OSSN/OSSN-0062"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"},{"reference_url":"http://www.securityfocus.com/bid/80498","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/80498"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1290774","reference_id":"1290774","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1290774"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystonemiddleware:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:keystonemiddleware:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystonemiddleware:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7546","reference_id":"CVE-2015-7546","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:P/A:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7546"},{"reference_url":"https://github.com/advisories/GHSA-8c4w-v65p-jvcv","reference_id":"GHSA-8c4w-v65p-jvcv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8c4w-v65p-jvcv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926245?format=json","purl":"pkg:deb/debian/keystone@2:9.0.0~rc2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:9.0.0~rc2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2015-7546","GHSA-8c4w-v65p-jvcv","PYSEC-2016-20"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-844e-r6mn-bqh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55185?format=json","vulnerability_id":"VCID-89vf-n61h-k3b2","summary":"OpenStack Keystone does not invalidate existing tokens when granting or revoking roles\nOpenStack Keystone before 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.","references":[{"reference_url":"http://github.com/openstack/keystone/commit/58ac6691a21675be9e2ffb0f84a05fc3cd4d2e2e","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://github.com/openstack/keystone/commit/58ac6691a21675be9e2ffb0f84a05fc3cd4d2e2e"},{"reference_url":"http://osvdb.org/85484","reference_id":"","reference_type":"","scores":[],"url":"http://osvdb.org/85484"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1378","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2012:1378"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4413.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4413.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2012-4413","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2012-4413"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4413","reference_id":"","reference_type":"","scores":[{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.6251","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62435","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62402","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.6245","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62467","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62486","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62475","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62453","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62497","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62503","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62496","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62513","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62346","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62404","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4413"},{"reference_url":"https://bugs.launchpad.net/keystone/+bug/1041396","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/keystone/+bug/1041396"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=855491","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=855491"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4413","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4413"},{"reference_url":"http://secunia.com/advisories/50531","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/50531"},{"reference_url":"http://secunia.com/advisories/50590","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/50590"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/78478","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/78478"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-4413","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:P/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-4413"},{"reference_url":"https://opendev.org/openstack/keystone","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/keystone"},{"reference_url":"https://review.opendev.org/c/openstack/keystone/+/12870","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.opendev.org/c/openstack/keystone/+/12870"},{"reference_url":"https://review.opendev.org/c/openstack/keystone/+/12870/","reference_id":"","reference_type":"","scores":[],"url":"https://review.opendev.org/c/openstack/keystone/+/12870/"},{"reference_url":"https://web.archive.org/web/20121114023848/http://www.securityfocus.com/bid/55524","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20121114023848/http://www.securityfocus.com/bid/55524"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/09/12/7","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/09/12/7"},{"reference_url":"http://www.securityfocus.com/bid/55524","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/55524"},{"reference_url":"http://www.ubuntu.com/usn/USN-1564-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1564-1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687428","reference_id":"687428","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687428"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2012.1.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:keystone:2012.1.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2012.1.3:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-mrxv-65rv-6hxq","reference_id":"GHSA-mrxv-65rv-6hxq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mrxv-65rv-6hxq"},{"reference_url":"https://usn.ubuntu.com/1564-1/","reference_id":"USN-1564-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1564-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926225?format=json","purl":"pkg:deb/debian/keystone@2012.1.1-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1.1-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2012-4413","GHSA-mrxv-65rv-6hxq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-89vf-n61h-k3b2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14483?format=json","vulnerability_id":"VCID-8bat-qwmh-fyer","summary":"OpenStack Identity (Keystone) Denial of Service\nOpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-July/111914.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-July/111914.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2014","reference_id":"","reference_type":"","scores":[{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.85013","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.84968","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.84966","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.84962","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.84983","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.84984","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.84981","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.85007","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.85014","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.84884","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.849","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.84918","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.84923","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.84946","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02372","scoring_system":"epss","scoring_elements":"0.84952","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2014"},{"reference_url":"https://bugs.launchpad.net/keystone/+bug/1098177","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/keystone/+bug/1098177"},{"reference_url":"https://bugs.launchpad.net/keystone/+bug/1099025","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/keystone/+bug/1099025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2014","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2014"},{"reference_url":"http://secunia.com/advisories/53397","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/53397"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/84347","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/84347"},{"reference_url":"https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8"},{"reference_url":"http://www.securityfocus.com/bid/59936","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/59936"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708515","reference_id":"708515","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708515"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2014","reference_id":"CVE-2013-2014","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2014"},{"reference_url":"https://github.com/advisories/GHSA-7332-36h8-8jh8","reference_id":"GHSA-7332-36h8-8jh8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7332-36h8-8jh8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926230?format=json","purl":"pkg:deb/debian/keystone@2013.1.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.1.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2013-2014","GHSA-7332-36h8-8jh8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8bat-qwmh-fyer"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5373?format=json","vulnerability_id":"VCID-8tkd-pcuy-d7ax","summary":"The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being invalidated by bulk token revocation and allows the trustee to bypass intended access restrictions.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0580.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2014-0580.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2237.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2237.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2237","reference_id":"","reference_type":"","scores":[{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40699","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40415","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40498","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40511","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40671","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.4069","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40724","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40707","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40701","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40651","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40728","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40614","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40611","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40687","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00188","scoring_system":"epss","scoring_elements":"0.40716","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2237"},{"reference_url":"https://bugs.launchpad.net/keystone/+bug/1260080","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/keystone/+bug/1260080"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2237","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2237"},{"reference_url":"https://github.com/openstack/keystone","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone"},{"reference_url":"https://github.com/openstack/keystone/commit/813d1254eb4f7a7d40009b23bbadbc4c5cc5daac","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/813d1254eb4f7a7d40009b23bbadbc4c5cc5daac"},{"reference_url":"https://github.com/openstack/keystone/commit/a411c944af78c36f2fdb87d305ba452dc52d7ed3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/a411c944af78c36f2fdb87d305ba452dc52d7ed3"},{"reference_url":"https://github.com/openstack/keystone/commit/b6f0e26da0e2ab0892a5658da281a065e668637b","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/b6f0e26da0e2ab0892a5658da281a065e668637b"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-105.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-105.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2237","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2237"},{"reference_url":"https://rhn.redhat.com/errata/RHSA-2014-0580.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rhn.redhat.com/errata/RHSA-2014-0580.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/03/04/16","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2014/03/04/16"},{"reference_url":"http://www.securityfocus.com/bid/65895","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/65895"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1071434","reference_id":"1071434","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1071434"},{"reference_url":"https://github.com/advisories/GHSA-23x9-8hxr-978c","reference_id":"GHSA-23x9-8hxr-978c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-23x9-8hxr-978c"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0368","reference_id":"RHSA-2014:0368","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0368"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0580","reference_id":"RHSA-2014:0580","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0580"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926239?format=json","purl":"pkg:deb/debian/keystone@2013.2.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.2.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2014-2237","GHSA-23x9-8hxr-978c","PYSEC-2014-105"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8tkd-pcuy-d7ax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55154?format=json","vulnerability_id":"VCID-8yfq-hpqh-zqcp","summary":"XML External Entity (XXE) in Django\nThe XML libraries for Python as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.","references":[{"reference_url":"http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html"},{"reference_url":"http://bugs.python.org/issue17239","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://bugs.python.org/issue17239"},{"reference_url":"http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0657.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0657.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0658.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0658.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0670.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0670.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1665.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1665.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1665","reference_id":"","reference_type":"","scores":[{"value":"0.02995","scoring_system":"epss","scoring_elements":"0.86595","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02995","scoring_system":"epss","scoring_elements":"0.86543","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02995","scoring_system":"epss","scoring_elements":"0.86553","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02995","scoring_system":"epss","scoring_elements":"0.86567","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02995","scoring_system":"epss","scoring_elements":"0.86564","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02995","scoring_system":"epss","scoring_elements":"0.86557","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02995","scoring_system":"epss","scoring_elements":"0.86572","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02995","scoring_system":"epss","scoring_elements":"0.86576","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02995","scoring_system":"epss","scoring_elements":"0.86569","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02995","scoring_system":"epss","scoring_elements":"0.86587","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02995","scoring_system":"epss","scoring_elements":"0.86596","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02995","scoring_system":"epss","scoring_elements":"0.86495","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02995","scoring_system":"epss","scoring_elements":"0.86505","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02995","scoring_system":"epss","scoring_elements":"0.86524","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02995","scoring_system":"epss","scoring_elements":"0.86523","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1665"},{"reference_url":"https://bugs.launchpad.net/keystone/+bug/1100279","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/keystone/+bug/1100279"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1665","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1665"},{"reference_url":"https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40"},{"reference_url":"https://github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1665","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1665"},{"reference_url":"http://ubuntu.com/usn/usn-1757-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://ubuntu.com/usn/usn-1757-1"},{"reference_url":"http://www.debian.org/security/2013/dsa-2634","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2013/dsa-2634"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/02/19/2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/02/19/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/02/19/4","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/02/19/4"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700948","reference_id":"700948","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700948"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=912982","reference_id":"912982","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=912982"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone_essex:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:keystone_essex:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone_essex:-:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-x64m-686f-fmm3","reference_id":"GHSA-x64m-686f-fmm3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x64m-686f-fmm3"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0596","reference_id":"RHSA-2013:0596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0657","reference_id":"RHSA-2013:0657","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0657"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0658","reference_id":"RHSA-2013:0658","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0658"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0670","reference_id":"RHSA-2013:0670","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0670"},{"reference_url":"https://usn.ubuntu.com/1730-1/","reference_id":"USN-1730-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1730-1/"},{"reference_url":"https://usn.ubuntu.com/1757-1/","reference_id":"USN-1757-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1757-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926231?format=json","purl":"pkg:deb/debian/keystone@2012.1.1-13?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1.1-13%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2013-1665","GHSA-x64m-686f-fmm3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8yfq-hpqh-zqcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/86649?format=json","vulnerability_id":"VCID-91k2-z5s1-gbbx","summary":"openstack-keystone: Authentication bypass when using LDAP backend","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2157.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2157.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2157","reference_id":"","reference_type":"","scores":[{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.5217","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52213","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.5224","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52204","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52258","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52253","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52304","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52288","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52273","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52311","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52315","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52297","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52245","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52217","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2157"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2157","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2157"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712160","reference_id":"712160","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712160"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=971884","reference_id":"971884","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=971884"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0994","reference_id":"RHSA-2013:0994","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0994"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1083","reference_id":"RHSA-2013:1083","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1083"},{"reference_url":"https://usn.ubuntu.com/1875-1/","reference_id":"USN-1875-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1875-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926232?format=json","purl":"pkg:deb/debian/keystone@2013.1.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.1.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2013-2157"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-91k2-z5s1-gbbx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53288?format=json","vulnerability_id":"VCID-93vc-hgec-nfe6","summary":"Openstack Keystone Incorrect Authorization vulnerability\nA flaw was found in openstack-keystone, only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity. A [patch](https://opendev.org/openstack/keystone/commit/7859ed26003858ebfd9a5e866b43f1a6a9e83dca) is available.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3563.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3563.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2021-3563","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2021-3563"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3563","reference_id":"","reference_type":"","scores":[{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17812","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17448","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17638","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17689","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17735","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17717","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17656","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17566","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17866","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.1765","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17516","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17539","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17628","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17593","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17584","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3563"},{"reference_url":"https://bugs.launchpad.net/ossa/+bug/1901891","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/ossa/+bug/1901891"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1962908","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1962908"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3563","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3563"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00007.html","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00007.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3563","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3563"},{"reference_url":"https://opendev.org/openstack/keystone","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/keystone"},{"reference_url":"https://opendev.org/openstack/keystone/commit/7859ed26003858ebfd9a5e866b43f1a6a9e83dca","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/keystone/commit/7859ed26003858ebfd9a5e866b43f1a6a9e83dca"},{"reference_url":"https://review.opendev.org/c/openstack/keystone/+/803641","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.opendev.org/c/openstack/keystone/+/803641"},{"reference_url":"https://review.opendev.org/c/openstack/keystone/+/828595","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.opendev.org/c/openstack/keystone/+/828595"},{"reference_url":"https://review.opendev.org/c/openstack/keystone/+/856489","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.opendev.org/c/openstack/keystone/+/856489"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2021-3563","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security-tracker.debian.org/tracker/CVE-2021-3563"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989998","reference_id":"989998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989998"},{"reference_url":"https://security.archlinux.org/AVG-1979","reference_id":"AVG-1979","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1979"},{"reference_url":"https://github.com/advisories/GHSA-cc99-whm5-mmq3","reference_id":"GHSA-cc99-whm5-mmq3","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cc99-whm5-mmq3"},{"reference_url":"https://usn.ubuntu.com/7926-1/","reference_id":"USN-7926-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7926-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926251?format=json","purl":"pkg:deb/debian/keystone@2:23.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:23.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2021-3563","GHSA-cc99-whm5-mmq3"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-93vc-hgec-nfe6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5756?format=json","vulnerability_id":"VCID-96bg-ytf8-9fhd","summary":"An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1461","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1461"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1597","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2017:1597"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2673.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2673.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2673","reference_id":"","reference_type":"","scores":[{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.68596","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.68619","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.68601","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.68583","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.6874","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.68734","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.68729","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.6868","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.687","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.68676","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.68689","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.68665","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.68647","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2673"},{"reference_url":"https://bugs.launchpad.net/keystone/+bug/1677723","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/keystone/+bug/1677723"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1439586","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1439586"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2673","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2673"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2673","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2673"},{"reference_url":"http://seclists.org/oss-sec/2017/q2/125","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/oss-sec/2017/q2/125"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:S/C:C/I:C/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/openstack/keystone","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone"},{"reference_url":"https://github.com/openstack/keystone/commit/05a129e54573b6cbda1ec095f4526f2b9ba90a90","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/05a129e54573b6cbda1ec095f4526f2b9ba90a90"},{"reference_url":"https://github.com/openstack/keystone/commit/2139639eeabc8f6941f4461fc87d609cde3118c2","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/2139639eeabc8f6941f4461fc87d609cde3118c2"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2018-152.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2018-152.yaml"},{"reference_url":"http://www.securityfocus.com/bid/98032","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/98032"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861189","reference_id":"861189","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861189"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2017-2673","reference_id":"CVE-2017-2673","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2017-2673"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2673","reference_id":"CVE-2017-2673","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P"},{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"7.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2673"},{"reference_url":"https://github.com/advisories/GHSA-j36m-hv43-7w7m","reference_id":"GHSA-j36m-hv43-7w7m","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j36m-hv43-7w7m"},{"reference_url":"https://usn.ubuntu.com/3448-1/","reference_id":"USN-3448-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3448-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926247?format=json","purl":"pkg:deb/debian/keystone@2:10.0.0-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:10.0.0-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2017-2673","GHSA-j36m-hv43-7w7m","PYSEC-2018-152"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-96bg-ytf8-9fhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14506?format=json","vulnerability_id":"VCID-9dhg-r711-yfg6","summary":"Exposure of Sensitive Information to an Unauthorized Actor\nOpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs.","references":[{"reference_url":"http://lists.openstack.org/pipermail/openstack-announce/2015-May/000356.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.openstack.org/pipermail/openstack-announce/2015-May/000356.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3646.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3646.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3646","reference_id":"","reference_type":"","scores":[{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.38811","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39238","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39201","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39182","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39207","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39118","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.38909","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.38891","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39029","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39214","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39236","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39156","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.3921","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00177","scoring_system":"epss","scoring_elements":"0.39226","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-3646"},{"reference_url":"https://bugs.launchpad.net/keystone/+bug/1443598","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/keystone/+bug/1443598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3646","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3646"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/openstack/keystone","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone"},{"reference_url":"https://web.archive.org/web/20210122154200/http://www.securityfocus.com/bid/74456","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210122154200/http://www.securityfocus.com/bid/74456"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1218640","reference_id":"1218640","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1218640"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3646","reference_id":"CVE-2015-3646","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-3646"},{"reference_url":"https://github.com/advisories/GHSA-jwpw-ppj5-7h4w","reference_id":"GHSA-jwpw-ppj5-7h4w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jwpw-ppj5-7h4w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926244?format=json","purl":"pkg:deb/debian/keystone@2015.1.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2015.1.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2015-3646","GHSA-jwpw-ppj5-7h4w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9dhg-r711-yfg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/86221?format=json","vulnerability_id":"VCID-am2m-2fgu-xkfk","summary":"openstack-keystone: Keystone V2 trusts privilege escalation through user supplied project id","references":[{"reference_url":"http://lists.openstack.org/pipermail/openstack-announce/2014-July/000248.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.openstack.org/pipermail/openstack-announce/2014-July/000248.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3520.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3520.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3520","reference_id":"","reference_type":"","scores":[{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.6249","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62327","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62385","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62416","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62381","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62429","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62447","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62466","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62456","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62433","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62477","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62484","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62476","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00428","scoring_system":"epss","scoring_elements":"0.62493","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3520"},{"reference_url":"https://bugs.launchpad.net/keystone/+bug/1331912","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.launchpad.net/keystone/+bug/1331912"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3520","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3520"},{"reference_url":"http://secunia.com/advisories/59426","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59426"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1112668","reference_id":"1112668","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1112668"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753511","reference_id":"753511","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753511"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3520","reference_id":"CVE-2014-3520","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3520"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0994","reference_id":"RHSA-2014:0994","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0994"},{"reference_url":"https://usn.ubuntu.com/2324-1/","reference_id":"USN-2324-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2324-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926241?format=json","purl":"pkg:deb/debian/keystone@2014.1.1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.1-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2014-3520"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-am2m-2fgu-xkfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5316?format=json","vulnerability_id":"VCID-cg74-2jr1-2fhp","summary":"OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106220.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106220.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-06/msg00085.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-06/msg00085.html"},{"reference_url":"http://osvdb.org/93134","reference_id":"","reference_type":"","scores":[],"url":"http://osvdb.org/93134"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2059","reference_id":"","reference_type":"","scores":[{"value":"0.00908","scoring_system":"epss","scoring_elements":"0.75707","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00908","scoring_system":"epss","scoring_elements":"0.75851","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00908","scoring_system":"epss","scoring_elements":"0.7584","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00908","scoring_system":"epss","scoring_elements":"0.7583","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00908","scoring_system":"epss","scoring_elements":"0.75791","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00908","scoring_system":"epss","scoring_elements":"0.75806","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00908","scoring_system":"epss","scoring_elements":"0.75802","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00908","scoring_system":"epss","scoring_elements":"0.7577","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00908","scoring_system":"epss","scoring_elements":"0.75789","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00908","scoring_system":"epss","scoring_elements":"0.75764","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00908","scoring_system":"epss","scoring_elements":"0.75753","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00908","scoring_system":"epss","scoring_elements":"0.75719","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00908","scoring_system":"epss","scoring_elements":"0.7574","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00908","scoring_system":"epss","scoring_elements":"0.75709","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2059"},{"reference_url":"https://bugs.launchpad.net/keystone/+bug/1166670","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/keystone/+bug/1166670"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2059","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2059"},{"reference_url":"http://secunia.com/advisories/53326","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/53326"},{"reference_url":"http://secunia.com/advisories/53339","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/53339"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/84135","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/84135"},{"reference_url":"https://github.com/openstack/keystone","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone"},{"reference_url":"https://github.com/openstack/keystone/commit/33214f311aa36b17f8f5ff06bee2130bf061df8f","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/33214f311aa36b17f8f5ff06bee2130bf061df8f"},{"reference_url":"https://github.com/openstack/keystone/commit/678b06a91f772d6be82eb54ed11f27e20f446b57","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/678b06a91f772d6be82eb54ed11f27e20f446b57"},{"reference_url":"https://github.com/openstack/keystone/commit/992466d1dbf80a940190703dedf800d6d12dede8","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/992466d1dbf80a940190703dedf800d6d12dede8"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-41.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-41.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2059","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:P/A:P"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2059"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/05/09/3","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/05/09/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/05/09/4","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/05/09/4"},{"reference_url":"http://www.securityfocus.com/bid/59787","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/59787"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707598","reference_id":"707598","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707598"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2012.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:keystone:2012.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2012.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:keystone:2013.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-hj89-qmx9-8qmh","reference_id":"GHSA-hj89-qmx9-8qmh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hj89-qmx9-8qmh"},{"reference_url":"https://usn.ubuntu.com/1830-1/","reference_id":"USN-1830-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1830-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926230?format=json","purl":"pkg:deb/debian/keystone@2013.1.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.1.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2013-2059","GHSA-hj89-qmx9-8qmh","PYSEC-2013-41"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cg74-2jr1-2fhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/86791?format=json","vulnerability_id":"VCID-cm7y-v3wx-ekf2","summary":"Keystone: denial of service through invalid token requests","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098906.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-February/098906.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0253.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2013-0253.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0247.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0247.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0247","reference_id":"","reference_type":"","scores":[{"value":"0.0296","scoring_system":"epss","scoring_elements":"0.86522","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0296","scoring_system":"epss","scoring_elements":"0.86416","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0296","scoring_system":"epss","scoring_elements":"0.86427","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0296","scoring_system":"epss","scoring_elements":"0.86446","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0296","scoring_system":"epss","scoring_elements":"0.86447","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0296","scoring_system":"epss","scoring_elements":"0.86465","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0296","scoring_system":"epss","scoring_elements":"0.86475","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0296","scoring_system":"epss","scoring_elements":"0.86491","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0296","scoring_system":"epss","scoring_elements":"0.86488","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0296","scoring_system":"epss","scoring_elements":"0.86482","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0296","scoring_system":"epss","scoring_elements":"0.86497","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0296","scoring_system":"epss","scoring_elements":"0.86502","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0296","scoring_system":"epss","scoring_elements":"0.86495","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0296","scoring_system":"epss","scoring_elements":"0.86514","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0296","scoring_system":"epss","scoring_elements":"0.86524","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0247"},{"reference_url":"https://bugs.launchpad.net/keystone/+bug/1098307","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.launchpad.net/keystone/+bug/1098307"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0247","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0247"},{"reference_url":"http://www.securityfocus.com/bid/57747","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/57747"},{"reference_url":"http://www.ubuntu.com/usn/USN-1715-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-1715-1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699835","reference_id":"699835","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699835"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=906171","reference_id":"906171","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=906171"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0247","reference_id":"CVE-2013-0247","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0247"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0253","reference_id":"RHSA-2013:0253","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0253"},{"reference_url":"https://usn.ubuntu.com/1715-1/","reference_id":"USN-1715-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1715-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926229?format=json","purl":"pkg:deb/debian/keystone@2012.1.1-12?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1.1-12%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2013-0247"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cm7y-v3wx-ekf2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15752?format=json","vulnerability_id":"VCID-enq4-sb38-6kfz","summary":"Improper Authentication\nOpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4457.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4457.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4457","reference_id":"","reference_type":"","scores":[{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68325","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68393","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68388","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68383","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68259","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68309","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68351","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68337","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68356","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68345","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68242","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68305","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68263","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68338","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68283","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4457"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=861180","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=861180"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4457","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4457"},{"reference_url":"http://secunia.com/advisories/50665","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/50665"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/78947","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/78947"},{"reference_url":"https://github.com/openstack/keystone","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone"},{"reference_url":"https://github.com/openstack/keystone/commit/4ebfdfaf23c6da8e3c182bf3ec2cb2b7132ef685","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/4ebfdfaf23c6da8e3c182bf3ec2cb2b7132ef685"},{"reference_url":"https://github.com/openstack/keystone/commit/5373601bbdda10f879c08af1698852142b75f8d5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/5373601bbdda10f879c08af1698852142b75f8d5"},{"reference_url":"https://lists.launchpad.net/openstack/msg17035.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.launchpad.net/openstack/msg17035.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/09/28/6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/09/28/6"},{"reference_url":"http://www.securityfocus.com/bid/55716","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/55716"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689210","reference_id":"689210","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689210"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2012.2:milestone1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:keystone:2012.2:milestone1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2012.2:milestone1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2012.2:milestone2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:keystone:2012.2:milestone2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2012.2:milestone2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-4457","reference_id":"CVE-2012-4457","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-4457"},{"reference_url":"https://github.com/advisories/GHSA-x8h4-xf47-pqc3","reference_id":"GHSA-x8h4-xf47-pqc3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x8h4-xf47-pqc3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926226?format=json","purl":"pkg:deb/debian/keystone@2012.1.1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1.1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2012-4457","GHSA-x8h4-xf47-pqc3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-enq4-sb38-6kfz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5978?format=json","vulnerability_id":"VCID-gdk6-a746-6fac","summary":"OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforce_scope is false. Users with a role on a project are able to view any other users' credentials, which could (for example) leak sign-on information for Time-based One Time Passwords (TOTP). Deployments with enforce_scope set to false are affected. (There will be a slight performance impact for the list credentials API once this issue is fixed.)","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4358","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:4358"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19687.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19687.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19687","reference_id":"","reference_type":"","scores":[{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72565","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72702","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72706","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72697","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72566","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72589","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72573","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72655","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72664","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72654","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72612","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72622","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72639","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72616","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.72604","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19687"},{"reference_url":"https://bugs.launchpad.net/keystone/+bug/1855080","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/keystone/+bug/1855080"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1781470","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1781470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19687","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19687"},{"reference_url":"https://github.com/openstack/keystone","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone"},{"reference_url":"https://github.com/openstack/keystone/commit/17947516b0095c51da5cff94771247f2e7c44ee6","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/17947516b0095c51da5cff94771247f2e7c44ee6"},{"reference_url":"https://github.com/openstack/keystone/commit/17c337dbdbfb9d548ad531c2ad0483c9bce5b98f","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/17c337dbdbfb9d548ad531c2ad0483c9bce5b98f"},{"reference_url":"https://github.com/openstack/keystone/commit/bd3f63787151183f4daa43578aa491856fefae5b","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/bd3f63787151183f4daa43578aa491856fefae5b"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2019-29.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2019-29.yaml"},{"reference_url":"https://git.openstack.org/cgit/openstack/keystone/commit/?id=17947516b0095c51da5cff94771247f2e7c44ee6","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://git.openstack.org/cgit/openstack/keystone/commit/?id=17947516b0095c51da5cff94771247f2e7c44ee6"},{"reference_url":"https://git.openstack.org/cgit/openstack/keystone/commit/?id=17c337dbdbfb9d548ad531c2ad0483c9bce5b98f","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://git.openstack.org/cgit/openstack/keystone/commit/?id=17c337dbdbfb9d548ad531c2ad0483c9bce5b98f"},{"reference_url":"https://git.openstack.org/cgit/openstack/keystone/commit/?id=bd3f63787151183f4daa43578aa491856fefae5b","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://git.openstack.org/cgit/openstack/keystone/commit/?id=bd3f63787151183f4daa43578aa491856fefae5b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19687","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19687"},{"reference_url":"https://review.opendev.org/#/c/697355","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.opendev.org/#/c/697355"},{"reference_url":"https://review.opendev.org/#/c/697355/","reference_id":"","reference_type":"","scores":[],"url":"https://review.opendev.org/#/c/697355/"},{"reference_url":"https://review.opendev.org/#/c/697611","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.opendev.org/#/c/697611"},{"reference_url":"https://review.opendev.org/#/c/697611/","reference_id":"","reference_type":"","scores":[],"url":"https://review.opendev.org/#/c/697611/"},{"reference_url":"https://review.opendev.org/#/c/697731","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.opendev.org/#/c/697731"},{"reference_url":"https://review.opendev.org/#/c/697731/","reference_id":"","reference_type":"","scores":[],"url":"https://review.opendev.org/#/c/697731/"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2019-006.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2019-006.html"},{"reference_url":"https://usn.ubuntu.com/4262-1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4262-1"},{"reference_url":"https://usn.ubuntu.com/4262-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4262-1/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/12/11/8","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2019/12/11/8"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946614","reference_id":"946614","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946614"},{"reference_url":"https://github.com/advisories/GHSA-2j23-fwqm-mgwr","reference_id":"GHSA-2j23-fwqm-mgwr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2j23-fwqm-mgwr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926249?format=json","purl":"pkg:deb/debian/keystone@2:16.0.0-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:16.0.0-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2019-19687","GHSA-2j23-fwqm-mgwr","PYSEC-2019-29"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gdk6-a746-6fac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92316?format=json","vulnerability_id":"VCID-ggce-w4cy-wfc3","summary":"OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1572","reference_id":"","reference_type":"","scores":[{"value":"0.00416","scoring_system":"epss","scoring_elements":"0.61759","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00416","scoring_system":"epss","scoring_elements":"0.61743","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00416","scoring_system":"epss","scoring_elements":"0.61591","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00416","scoring_system":"epss","scoring_elements":"0.61665","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00416","scoring_system":"epss","scoring_elements":"0.61696","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00416","scoring_system":"epss","scoring_elements":"0.61666","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00416","scoring_system":"epss","scoring_elements":"0.61715","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00416","scoring_system":"epss","scoring_elements":"0.6173","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00416","scoring_system":"epss","scoring_elements":"0.61752","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00416","scoring_system":"epss","scoring_elements":"0.61739","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00416","scoring_system":"epss","scoring_elements":"0.6172","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00416","scoring_system":"epss","scoring_elements":"0.6176","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00416","scoring_system":"epss","scoring_elements":"0.61766","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00416","scoring_system":"epss","scoring_elements":"0.61749","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1572"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1572","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1572"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1572","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1572"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2012-1572","reference_id":"","reference_type":"","scores":[],"url":"https://security-tracker.debian.org/tracker/CVE-2012-1572"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:keystone:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1572","reference_id":"CVE-2012-1572","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1572"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926219?format=json","purl":"pkg:deb/debian/keystone@2012.1~rc2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1~rc2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2012-1572"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ggce-w4cy-wfc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5409?format=json","vulnerability_id":"VCID-h1xa-f7tm-tudx","summary":"OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1121.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1121.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1122.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1122.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5253.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5253.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5253","reference_id":"","reference_type":"","scores":[{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54206","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54168","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54189","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54207","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54157","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54159","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54108","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54133","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54103","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54086","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54148","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54158","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54191","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.5421","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54172","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5253"},{"reference_url":"https://bugs.launchpad.net/keystone/+bug/1349597","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/keystone/+bug/1349597"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5253","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5253"},{"reference_url":"https://github.com/openstack/keystone","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone"},{"reference_url":"https://github.com/openstack/keystone/commit/317f9d34b4da20c21edd5b851889298b67c843e1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/317f9d34b4da20c21edd5b851889298b67c843e1"},{"reference_url":"https://github.com/openstack/keystone/commit/3e035ebb726167aef43c4a865c7e7f7d3b0978fb","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/3e035ebb726167aef43c4a865c7e7f7d3b0978fb"},{"reference_url":"https://github.com/openstack/keystone/commit/c4447f16da036fe878382ce4e1b05b84bdcc4d4e","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/c4447f16da036fe878382ce4e1b05b84bdcc4d4e"},{"reference_url":"https://github.com/openstack/keystone/commit/cccc3f3239c68479de0f6a41bd64badf2a9ec9e7","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/cccc3f3239c68479de0f6a41bd64badf2a9ec9e7"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-109.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-109.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-5253","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:P/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-5253"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/08/15/6","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2014/08/15/6"},{"reference_url":"http://www.ubuntu.com/usn/USN-2324-1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2324-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1127253","reference_id":"1127253","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1127253"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:keystone:juno-1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:keystone:juno-2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-77w8-qv8m-386h","reference_id":"GHSA-77w8-qv8m-386h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-77w8-qv8m-386h"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1121","reference_id":"RHSA-2014:1121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1121"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1122","reference_id":"RHSA-2014:1122","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1122"},{"reference_url":"https://usn.ubuntu.com/2324-1/","reference_id":"USN-2324-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2324-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926243?format=json","purl":"pkg:deb/debian/keystone@2014.1.2.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.2.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2014-5253","GHSA-77w8-qv8m-386h","PYSEC-2014-109"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h1xa-f7tm-tudx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5408?format=json","vulnerability_id":"VCID-hjrj-k1wk-jbha","summary":"The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1121.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1121.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1122.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1122.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5251.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5251.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5251","reference_id":"","reference_type":"","scores":[{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54086","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54207","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54157","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54159","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54108","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54133","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54103","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54148","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54172","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54158","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54191","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.5421","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54206","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54168","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54189","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5251"},{"reference_url":"https://bugs.launchpad.net/keystone/+bug/1347961","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/keystone/+bug/1347961"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5251","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5251"},{"reference_url":"https://github.com/openstack/keystone","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone"},{"reference_url":"https://github.com/openstack/keystone/commit/6cbf835542d62e6e5db4b4aef7141b1731cad9dc","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/6cbf835542d62e6e5db4b4aef7141b1731cad9dc"},{"reference_url":"https://github.com/openstack/keystone/commit/7aee6304f653475a4130dc3e5be602e91481f108","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/7aee6304f653475a4130dc3e5be602e91481f108"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-107.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-107.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-5251","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:P/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-5251"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/08/15/6","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2014/08/15/6"},{"reference_url":"http://www.ubuntu.com/usn/USN-2324-1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2324-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1127259","reference_id":"1127259","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1127259"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:keystone:juno-1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:keystone:juno-2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-gmvp-5rf9-mxcm","reference_id":"GHSA-gmvp-5rf9-mxcm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gmvp-5rf9-mxcm"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1121","reference_id":"RHSA-2014:1121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1121"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1122","reference_id":"RHSA-2014:1122","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1122"},{"reference_url":"https://usn.ubuntu.com/2324-1/","reference_id":"USN-2324-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2324-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926243?format=json","purl":"pkg:deb/debian/keystone@2014.1.2.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.2.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2014-5251","GHSA-gmvp-5rf9-mxcm","PYSEC-2014-107"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hjrj-k1wk-jbha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5377?format=json","vulnerability_id":"VCID-ksj4-14rq-uyb7","summary":"The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the same authentication method in a request, aka \"authentication chaining.\"","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1688.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1688.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2828.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2828.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2828","reference_id":"","reference_type":"","scores":[{"value":"0.00864","scoring_system":"epss","scoring_elements":"0.75165","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00864","scoring_system":"epss","scoring_elements":"0.75126","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00864","scoring_system":"epss","scoring_elements":"0.75136","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00864","scoring_system":"epss","scoring_elements":"0.7513","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00864","scoring_system":"epss","scoring_elements":"0.75092","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00864","scoring_system":"epss","scoring_elements":"0.75102","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00864","scoring_system":"epss","scoring_elements":"0.75123","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00864","scoring_system":"epss","scoring_elements":"0.75101","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00864","scoring_system":"epss","scoring_elements":"0.75089","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00864","scoring_system":"epss","scoring_elements":"0.75056","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00864","scoring_system":"epss","scoring_elements":"0.75172","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00864","scoring_system":"epss","scoring_elements":"0.75079","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00864","scoring_system":"epss","scoring_elements":"0.7505","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00864","scoring_system":"epss","scoring_elements":"0.75047","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00864","scoring_system":"epss","scoring_elements":"0.75168","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2828"},{"reference_url":"https://bugs.launchpad.net/keystone/+bug/1300274","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/keystone/+bug/1300274"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2828"},{"reference_url":"https://github.com/openstack/keystone","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone"},{"reference_url":"https://github.com/openstack/keystone/commit/ce6cedb30c5c4b4cf4db9380f09443de22414b39","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/ce6cedb30c5c4b4cf4db9380f09443de22414b39"},{"reference_url":"https://github.com/openstack/keystone/commit/e364ba5b12de8e4c11bd80bcca903f9615dcfc2e","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/e364ba5b12de8e4c11bd80bcca903f9615dcfc2e"},{"reference_url":"https://github.com/openstack/keystone/commit/ef868ad92c00e23a4a5e9eb71e3e0bf5ae2fff0c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/ef868ad92c00e23a4a5e9eb71e3e0bf5ae2fff0c"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-106.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-106.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2828","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-2828"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/04/10/20","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2014/04/10/20"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1086211","reference_id":"1086211","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1086211"},{"reference_url":"https://github.com/advisories/GHSA-6mv3-p2gr-wgqf","reference_id":"GHSA-6mv3-p2gr-wgqf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6mv3-p2gr-wgqf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926233?format=json","purl":"pkg:deb/debian/keystone@2014.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2014-2828","GHSA-6mv3-p2gr-wgqf","PYSEC-2014-106"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ksj4-14rq-uyb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14731?format=json","vulnerability_id":"VCID-my7j-6x5y-97a1","summary":"OpenStack Identity Keystone Exposure of Sensitive Information\nThe catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by \"$(admin_token)\" in the publicurl endpoint field.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1688.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1688.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1789.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1789.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1790.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1790.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1688","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2014:1688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1789","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2014:1789"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1790","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2014:1790"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3621.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3621.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3621","reference_id":"","reference_type":"","scores":[{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62332","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.6227","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62288","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62306","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62296","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62275","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62321","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62328","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62313","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62338","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62167","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62224","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62253","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.6222","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3621"},{"reference_url":"https://bugs.launchpad.net/keystone/+bug/1354208","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/keystone/+bug/1354208"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1139937","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1139937"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3621","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3621"},{"reference_url":"https://github.com/openstack/keystone/commit/2989ff257e4fde6a168e25b926805e700406aa80","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/2989ff257e4fde6a168e25b926805e700406aa80"},{"reference_url":"https://github.com/openstack/keystone/commit/52714633c9a4dae5e60279217090859aa6dbcb4f","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/52714633c9a4dae5e60279217090859aa6dbcb4f"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/09/16/10","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2014/09/16/10"},{"reference_url":"http://www.ubuntu.com/usn/USN-2406-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2406-1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2014-3621","reference_id":"CVE-2014-3621","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2014-3621"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3621","reference_id":"CVE-2014-3621","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3621"},{"reference_url":"https://github.com/advisories/GHSA-8v8f-vc72-pmhc","reference_id":"GHSA-8v8f-vc72-pmhc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8v8f-vc72-pmhc"},{"reference_url":"https://usn.ubuntu.com/2406-1/","reference_id":"USN-2406-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2406-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926242?format=json","purl":"pkg:deb/debian/keystone@2014.1.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2014-3621","GHSA-8v8f-vc72-pmhc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-my7j-6x5y-97a1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54457?format=json","vulnerability_id":"VCID-p5un-b12x-tuh5","summary":"OpenStack Keystone allows information disclosure during account locking\nOpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). By guessing the name of an account and failing to authenticate multiple times, any unauthenticated actor could both confirm the account exists and obtain that account's corresponding UUID, which might be leveraged for other unrelated attacks. All deployments enabling security_compliance.lockout_failure_attempts are affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38155","reference_id":"","reference_type":"","scores":[{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.72775","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.72922","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.72925","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.72915","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.72874","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.72882","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.72872","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.72838","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.72855","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.72779","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.72802","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.72781","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.7283","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00737","scoring_system":"epss","scoring_elements":"0.72817","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38155"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38155","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38155"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/openstack/keystone","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone"},{"reference_url":"https://github.com/openstack/keystone/commit/1b573ae7d1c20e0ebfbde79bbe7538a09589c75d","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/1b573ae7d1c20e0ebfbde79bbe7538a09589c75d"},{"reference_url":"https://github.com/openstack/keystone/commit/8ab4eb27be4c13c9bab2b3ea700f00a190521bf8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/8ab4eb27be4c13c9bab2b3ea700f00a190521bf8"},{"reference_url":"https://github.com/openstack/keystone/commit/ac2631ae33445877094cdae796fbcdce8833a626","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/ac2631ae33445877094cdae796fbcdce8833a626"},{"reference_url":"https://launchpad.net/bugs/1688137","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.net/bugs/1688137"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00007.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00007.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-38155","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-38155"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2021-003.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2021-003.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/08/10/5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/08/10/5"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992070","reference_id":"992070","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992070"},{"reference_url":"https://github.com/advisories/GHSA-4225-97pr-rr52","reference_id":"GHSA-4225-97pr-rr52","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4225-97pr-rr52"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926252?format=json","purl":"pkg:deb/debian/keystone@2:19.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:19.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2021-38155","GHSA-4225-97pr-rr52"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p5un-b12x-tuh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5350?format=json","vulnerability_id":"VCID-p776-3n3m-wkhz","summary":"python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-06/msg00198.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-06/msg00198.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0944.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0944.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0944","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2013:0944"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2104.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2104.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2013-2104","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2013-2104"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2104","reference_id":"","reference_type":"","scores":[{"value":"0.00769","scoring_system":"epss","scoring_elements":"0.73453","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00769","scoring_system":"epss","scoring_elements":"0.73584","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00769","scoring_system":"epss","scoring_elements":"0.73585","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00769","scoring_system":"epss","scoring_elements":"0.73574","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00769","scoring_system":"epss","scoring_elements":"0.73541","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00769","scoring_system":"epss","scoring_elements":"0.73548","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00769","scoring_system":"epss","scoring_elements":"0.73538","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00769","scoring_system":"epss","scoring_elements":"0.73495","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00769","scoring_system":"epss","scoring_elements":"0.73502","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00769","scoring_system":"epss","scoring_elements":"0.73522","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00769","scoring_system":"epss","scoring_elements":"0.73498","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00769","scoring_system":"epss","scoring_elements":"0.73485","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00769","scoring_system":"epss","scoring_elements":"0.73448","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00769","scoring_system":"epss","scoring_elements":"0.73476","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00769","scoring_system":"epss","scoring_elements":"0.73445","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2104"},{"reference_url":"https://bugs.launchpad.net/python-keystoneclient/+bug/1179615","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/python-keystoneclient/+bug/1179615"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=965852","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=965852"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2104","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2104"},{"reference_url":"https://github.com/openstack/python-keystoneclient","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/python-keystoneclient"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/python-keystoneclient/PYSEC-2014-69.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/python-keystoneclient/PYSEC-2014-69.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2104","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2104"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/05/28/7","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/05/28/7"},{"reference_url":"http://www.ubuntu.com/usn/USN-1851-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1851-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-1875-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1875-1"},{"reference_url":"https://github.com/advisories/GHSA-4rrr-j7ff-r844","reference_id":"GHSA-4rrr-j7ff-r844","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4rrr-j7ff-r844"},{"reference_url":"https://usn.ubuntu.com/1851-1/","reference_id":"USN-1851-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1851-1/"},{"reference_url":"https://usn.ubuntu.com/1875-1/","reference_id":"USN-1875-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1875-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926227?format=json","purl":"pkg:deb/debian/keystone@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2013-2104","GHSA-4rrr-j7ff-r844","PYSEC-2014-69"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p776-3n3m-wkhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6868?format=json","vulnerability_id":"VCID-qdd1-jvk8-73hd","summary":"Permission Issues\nThe LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges.","references":[{"reference_url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4477","reference_id":"","reference_type":"","scores":[],"url":"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4477"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0113.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0113.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4477.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4477.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4477","reference_id":"","reference_type":"","scores":[{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35388","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35824","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35784","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35761","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35801","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.3579","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.3574","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35508","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35477","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35685","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35882","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35912","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35743","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35793","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35816","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4477"},{"reference_url":"https://bugs.launchpad.net/keystone/+bug/1242855","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/keystone/+bug/1242855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4477","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4477"},{"reference_url":"https://github.com/openstack/keystone","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone"},{"reference_url":"https://github.com/openstack/keystone/commit/b17e7bec768bd53d3977352486378698a3db3cfa","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/b17e7bec768bd53d3977352486378698a3db3cfa"},{"reference_url":"https://github.com/openstack/keystone/commit/c6800c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openstack/keystone/commit/c6800c"},{"reference_url":"https://github.com/openstack/keystone/commit/c6800ca1ac984c879e75826df6694d6199444ea0","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/c6800ca1ac984c879e75826df6694d6199444ea0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4477","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4477"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/10/30/6","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/10/30/6"},{"reference_url":"http://www.ubuntu.com/usn/USN-2034-1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2034-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1024401","reference_id":"1024401","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1024401"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728233","reference_id":"728233","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728233"},{"reference_url":"https://github.com/advisories/GHSA-f889-wfwm-6p7m","reference_id":"GHSA-f889-wfwm-6p7m","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f889-wfwm-6p7m"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0113","reference_id":"RHSA-2014:0113","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0113"},{"reference_url":"https://usn.ubuntu.com/2034-1/","reference_id":"USN-2034-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2034-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926236?format=json","purl":"pkg:deb/debian/keystone@2013.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2013-4477","GHSA-f889-wfwm-6p7m"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qdd1-jvk8-73hd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14333?format=json","vulnerability_id":"VCID-qmyj-ffvg-tbe8","summary":"OpenStack Keystone Denial of Service vulnerability via a large HTTP request\nOpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a large HTTP request, as demonstrated by a long tenant_name when requesting a token.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0708.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0708.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0270.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0270.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0270","reference_id":"","reference_type":"","scores":[{"value":"0.01809","scoring_system":"epss","scoring_elements":"0.82778","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01809","scoring_system":"epss","scoring_elements":"0.82792","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01809","scoring_system":"epss","scoring_elements":"0.82762","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02681","scoring_system":"epss","scoring_elements":"0.85892","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02681","scoring_system":"epss","scoring_elements":"0.85808","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02681","scoring_system":"epss","scoring_elements":"0.85826","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02681","scoring_system":"epss","scoring_elements":"0.85836","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02681","scoring_system":"epss","scoring_elements":"0.85851","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02681","scoring_system":"epss","scoring_elements":"0.85848","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02681","scoring_system":"epss","scoring_elements":"0.85844","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02681","scoring_system":"epss","scoring_elements":"0.85862","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02681","scoring_system":"epss","scoring_elements":"0.85867","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02681","scoring_system":"epss","scoring_elements":"0.85859","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02681","scoring_system":"epss","scoring_elements":"0.85882","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02681","scoring_system":"epss","scoring_elements":"0.8589","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0270"},{"reference_url":"https://bugs.launchpad.net/keystone/+bug/1099025","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/keystone/+bug/1099025"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=909012","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=909012"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0270","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0270"},{"reference_url":"https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8"},{"reference_url":"https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276d6fdc","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276d6fdc"},{"reference_url":"https://launchpad.net/keystone/grizzly/2013.1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.net/keystone/grizzly/2013.1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:keystone:2013.1:milestone1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:keystone:2013.1:milestone2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:keystone:2013.1:milestone3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1:milestone3:*:*:*:*:*:*"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2013-0270","reference_id":"CVE-2013-0270","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2013-0270"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0270","reference_id":"CVE-2013-0270","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0270"},{"reference_url":"https://github.com/advisories/GHSA-4ppj-4p4v-jf4p","reference_id":"GHSA-4ppj-4p4v-jf4p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4ppj-4p4v-jf4p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926230?format=json","purl":"pkg:deb/debian/keystone@2013.1.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.1.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2013-0270","GHSA-4ppj-4p4v-jf4p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qmyj-ffvg-tbe8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5301?format=json","vulnerability_id":"VCID-qtvd-85ab-tygr","summary":"OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining.  NOTE: this issue exists because of a CVE-2012-3426 regression.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2012-1557.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2012-1557.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5563.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5563.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5563","reference_id":"","reference_type":"","scores":[{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60196","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60225","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60237","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.6023","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.6019","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60208","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60221","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60212","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.602","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60186","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60136","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60166","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60141","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60064","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60198","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5563"},{"reference_url":"https://bugs.launchpad.net/keystone/+bug/1079216","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/keystone/+bug/1079216"},{"reference_url":"http://secunia.com/advisories/51423","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/51423"},{"reference_url":"http://secunia.com/advisories/51436","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/51436"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/80370","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/80370"},{"reference_url":"https://github.com/openstack/keystone","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone"},{"reference_url":"https://github.com/openstack/keystone/commit/38c7e46a640a94da4da89a39a5a1ea9c081f1eb5","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/38c7e46a640a94da4da89a39a5a1ea9c081f1eb5"},{"reference_url":"https://github.com/openstack/keystone/commit/f9d4766249a72d8f88d75dcf1575b28dd3496681","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/f9d4766249a72d8f88d75dcf1575b28dd3496681"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2012-20.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2012-20.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5563","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:P/A:N"},{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5563"},{"reference_url":"https://web.archive.org/web/20121201003009/http://secunia.com/advisories/51423","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20121201003009/http://secunia.com/advisories/51423"},{"reference_url":"https://web.archive.org/web/20140802122732/http://secunia.com/advisories/51436","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140802122732/http://secunia.com/advisories/51436"},{"reference_url":"https://web.archive.org/web/20200228144943/http://www.securityfocus.com/bid/56727","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228144943/http://www.securityfocus.com/bid/56727"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/11/28/5","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/11/28/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/11/28/6","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/11/28/6"},{"reference_url":"http://www.securityfocus.com/bid/56727","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/56727"},{"reference_url":"http://www.ubuntu.com/usn/USN-1641-1","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1641-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=879402","reference_id":"879402","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=879402"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-w66p-78g4-mr7g","reference_id":"GHSA-w66p-78g4-mr7g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w66p-78g4-mr7g"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1557","reference_id":"RHSA-2012:1557","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1557"},{"reference_url":"https://usn.ubuntu.com/1641-1/","reference_id":"USN-1641-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1641-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926227?format=json","purl":"pkg:deb/debian/keystone@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2012-5563","GHSA-w66p-78g4-mr7g","PYSEC-2012-20"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qtvd-85ab-tygr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6078?format=json","vulnerability_id":"VCID-qyjh-md45-hyhh","summary":"An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12691.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12691.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12691","reference_id":"","reference_type":"","scores":[{"value":"0.03566","scoring_system":"epss","scoring_elements":"0.87665","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03566","scoring_system":"epss","scoring_elements":"0.87722","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03566","scoring_system":"epss","scoring_elements":"0.87728","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03566","scoring_system":"epss","scoring_elements":"0.87717","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03566","scoring_system":"epss","scoring_elements":"0.8771","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03566","scoring_system":"epss","scoring_elements":"0.87689","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03566","scoring_system":"epss","scoring_elements":"0.87688","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03566","scoring_system":"epss","scoring_elements":"0.87675","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03566","scoring_system":"epss","scoring_elements":"0.87753","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03566","scoring_system":"epss","scoring_elements":"0.87755","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03566","scoring_system":"epss","scoring_elements":"0.87748","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03566","scoring_system":"epss","scoring_elements":"0.8773","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03566","scoring_system":"epss","scoring_elements":"0.87733","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03566","scoring_system":"epss","scoring_elements":"0.87734","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03566","scoring_system":"epss","scoring_elements":"0.87719","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12691"},{"reference_url":"https://bugs.launchpad.net/keystone/+bug/1872733","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/keystone/+bug/1872733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/openstack/keystone","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone"},{"reference_url":"https://github.com/openstack/keystone/commit/37e9907a176dad6843819b1bec4946c3aecc4548","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/37e9907a176dad6843819b1bec4946c3aecc4548"},{"reference_url":"https://github.com/openstack/keystone/commit/40cbb7bebd50276412daa1981ff5a7c7b3b899a5","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/40cbb7bebd50276412daa1981ff5a7c7b3b899a5"},{"reference_url":"https://github.com/openstack/keystone/commit/95b2bbeab113d9f04d1c81f7f1b48bf692bce979","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/95b2bbeab113d9f04d1c81f7f1b48bf692bce979"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-55.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-55.yaml"},{"reference_url":"https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa@%3Ccommits.druid.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa@%3Ccommits.druid.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12691","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12691"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2020-004.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2020-004.html"},{"reference_url":"https://usn.ubuntu.com/4480-1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4480-1"},{"reference_url":"https://usn.ubuntu.com/4480-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4480-1/"},{"reference_url":"https://www.openwall.com/lists/oss-security/2020/05/06/5","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2020/05/06/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/05/07/2","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/05/07/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1830384","reference_id":"1830384","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1830384"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900","reference_id":"959900","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900"},{"reference_url":"https://github.com/advisories/GHSA-4427-7f3w-mqv6","reference_id":"GHSA-4427-7f3w-mqv6","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4427-7f3w-mqv6"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2732","reference_id":"RHSA-2020:2732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3096","reference_id":"RHSA-2020:3096","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3096"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3102","reference_id":"RHSA-2020:3102","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3102"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3105","reference_id":"RHSA-2020:3105","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3105"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926250?format=json","purl":"pkg:deb/debian/keystone@2:17.0.0~rc2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:17.0.0~rc2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-12691","GHSA-4427-7f3w-mqv6","PYSEC-2020-55"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qyjh-md45-hyhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/22337?format=json","vulnerability_id":"VCID-r25g-be38-b3be","summary":"OpenStack Keystone allows /v3/ec2tokens or /v3/s3tokens request with valid AWS Signature to provide Keystone authorization.\nOpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65073.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-65073.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-65073","reference_id":"","reference_type":"","scores":[{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07294","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07287","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07208","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07329","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07203","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08884","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15193","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15126","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.14999","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15087","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15139","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15105","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15067","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00049","scoring_system":"epss","scoring_elements":"0.15006","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-65073"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65073","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65073"},{"reference_url":"https://github.com/openstack/keystone","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone"},{"reference_url":"https://www.openwall.com/lists/oss-security/2025/11/04/2","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-17T16:34:17Z/"}],"url":"https://www.openwall.com/lists/oss-security/2025/11/04/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/11/17/6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/11/17/6"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120053","reference_id":"1120053","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120053"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2415344","reference_id":"2415344","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2415344"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-65073","reference_id":"CVE-2025-65073","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-65073"},{"reference_url":"https://github.com/advisories/GHSA-hcqg-5g63-7j9h","reference_id":"GHSA-hcqg-5g63-7j9h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hcqg-5g63-7j9h"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1958","reference_id":"RHSA-2026:1958","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1958"},{"reference_url":"https://usn.ubuntu.com/7926-1/","reference_id":"USN-7926-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7926-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926253?format=json","purl":"pkg:deb/debian/keystone@2:18.1.0-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.1.0-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926254?format=json","purl":"pkg:deb/debian/keystone@2:28.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:28.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2025-65073","GHSA-hcqg-5g63-7j9h"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r25g-be38-b3be"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6076?format=json","vulnerability_id":"VCID-rgkw-6ews-rked","summary":"An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12689.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12689.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12689","reference_id":"","reference_type":"","scores":[{"value":"0.01066","scoring_system":"epss","scoring_elements":"0.77637","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01066","scoring_system":"epss","scoring_elements":"0.77695","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01066","scoring_system":"epss","scoring_elements":"0.77696","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01066","scoring_system":"epss","scoring_elements":"0.77713","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01066","scoring_system":"epss","scoring_elements":"0.77686","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01066","scoring_system":"epss","scoring_elements":"0.77681","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01066","scoring_system":"epss","scoring_elements":"0.77653","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01066","scoring_system":"epss","scoring_elements":"0.77671","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01066","scoring_system":"epss","scoring_elements":"0.77644","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01066","scoring_system":"epss","scoring_elements":"0.77781","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01066","scoring_system":"epss","scoring_elements":"0.77765","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01066","scoring_system":"epss","scoring_elements":"0.77756","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01066","scoring_system":"epss","scoring_elements":"0.77725","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01066","scoring_system":"epss","scoring_elements":"0.77731","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01066","scoring_system":"epss","scoring_elements":"0.77732","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12689"},{"reference_url":"https://bugs.launchpad.net/keystone/+bug/1872735","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/keystone/+bug/1872735"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/openstack/keystone","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone"},{"reference_url":"https://github.com/openstack/keystone/commit/37e9907a176dad6843819b1bec4946c3aecc4548","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/37e9907a176dad6843819b1bec4946c3aecc4548"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-53.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-53.yaml"},{"reference_url":"https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12689","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12689"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2020-004.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2020-004.html"},{"reference_url":"https://usn.ubuntu.com/4480-1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4480-1"},{"reference_url":"https://usn.ubuntu.com/4480-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4480-1/"},{"reference_url":"https://www.openwall.com/lists/oss-security/2020/05/06/5","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2020/05/06/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/05/07/2","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/05/07/2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1830396","reference_id":"1830396","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1830396"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900","reference_id":"959900","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900"},{"reference_url":"https://github.com/advisories/GHSA-chgw-36xv-47cw","reference_id":"GHSA-chgw-36xv-47cw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-chgw-36xv-47cw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2732","reference_id":"RHSA-2020:2732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3096","reference_id":"RHSA-2020:3096","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3096"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3102","reference_id":"RHSA-2020:3102","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3102"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3105","reference_id":"RHSA-2020:3105","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3105"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926250?format=json","purl":"pkg:deb/debian/keystone@2:17.0.0~rc2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:17.0.0~rc2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-12689","GHSA-chgw-36xv-47cw","PYSEC-2020-53"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rgkw-6ews-rked"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5411?format=json","vulnerability_id":"VCID-s3gc-cxxf-63ed","summary":"The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification (1) GET or (2) HEAD request to v3/auth/tokens/.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1121.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1121.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1122.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-1122.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5252.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5252.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5252","reference_id":"","reference_type":"","scores":[{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.5224","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52237","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52198","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52212","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52229","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52178","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52182","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52165","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.5213","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52095","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52138","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52142","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52172","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00287","scoring_system":"epss","scoring_elements":"0.52222","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5252"},{"reference_url":"https://bugs.launchpad.net/keystone/+bug/1348820","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/keystone/+bug/1348820"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5252","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5252"},{"reference_url":"https://github.com/openstack/keystone","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone"},{"reference_url":"https://github.com/openstack/keystone/commit/556fb860311675fc437585651e4602b2908451eb","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/556fb860311675fc437585651e4602b2908451eb"},{"reference_url":"https://github.com/openstack/keystone/commit/a4c73e4382cb062aa9f30fe1960d5014d3c49cc2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/a4c73e4382cb062aa9f30fe1960d5014d3c49cc2"},{"reference_url":"https://github.com/openstack/keystone/commit/bdb88c662ac2035f9b0d8a229a5db5f60f5f16ae","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/bdb88c662ac2035f9b0d8a229a5db5f60f5f16ae"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-108.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-108.yaml"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/08/15/6","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2014/08/15/6"},{"reference_url":"http://www.ubuntu.com/usn/USN-2324-1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2324-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1127250","reference_id":"1127250","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1127250"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:keystone:juno-1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:keystone:juno-2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:juno-2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-5252","reference_id":"CVE-2014-5252","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:P/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-5252"},{"reference_url":"https://github.com/advisories/GHSA-v8fq-gq9j-3v7h","reference_id":"GHSA-v8fq-gq9j-3v7h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v8fq-gq9j-3v7h"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1121","reference_id":"RHSA-2014:1121","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1121"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1122","reference_id":"RHSA-2014:1122","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1122"},{"reference_url":"https://usn.ubuntu.com/2324-1/","reference_id":"USN-2324-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2324-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926243?format=json","purl":"pkg:deb/debian/keystone@2014.1.2.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.2.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2014-5252","GHSA-v8fq-gq9j-3v7h","PYSEC-2014-108"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s3gc-cxxf-63ed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14515?format=json","vulnerability_id":"VCID-s5ab-apmg-dqd9","summary":"OpenStack Identity Keystone is vulnerable to Block delegation escalation of privilege\nOpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a (1) trust or (2) OAuth token with impersonation enabled to create a new token with additional roles.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00031.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00031.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3476.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3476.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3476","reference_id":"","reference_type":"","scores":[{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72584","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72522","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72504","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72494","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72536","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72546","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72535","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72577","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72586","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72449","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72454","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72472","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72448","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72486","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00721","scoring_system":"epss","scoring_elements":"0.72499","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3476"},{"reference_url":"https://bugs.launchpad.net/keystone/+bug/1324592","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/keystone/+bug/1324592"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3476","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3476"},{"reference_url":"http://secunia.com/advisories/57886","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/57886"},{"reference_url":"http://secunia.com/advisories/59547","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/59547"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/06/12/3","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2014/06/12/3"},{"reference_url":"http://www.securityfocus.com/bid/68026","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/68026"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1104524","reference_id":"1104524","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1104524"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751454","reference_id":"751454","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751454"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:cloud:3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:suse:cloud:3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:suse:cloud:3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3476","reference_id":"CVE-2014-3476","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:P/A:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3476"},{"reference_url":"https://github.com/advisories/GHSA-274v-r947-v34r","reference_id":"GHSA-274v-r947-v34r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-274v-r947-v34r"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0994","reference_id":"RHSA-2014:0994","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0994"},{"reference_url":"https://usn.ubuntu.com/2324-1/","reference_id":"USN-2324-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2324-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926240?format=json","purl":"pkg:deb/debian/keystone@2014.1.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2014-3476","GHSA-274v-r947-v34r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s5ab-apmg-dqd9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5312?format=json","vulnerability_id":"VCID-s62y-6nw4-j7gt","summary":"OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token.","references":[{"reference_url":"http://github.com/openstack/keystone/commit/255b1d43500f5d98ec73a0056525b492b14fec05","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://github.com/openstack/keystone/commit/255b1d43500f5d98ec73a0056525b492b14fec05"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101719.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101719.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00000.html"},{"reference_url":"http://osvdb.org/91532","reference_id":"","reference_type":"","scores":[],"url":"http://osvdb.org/91532"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0708.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0708.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0708","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2013:0708"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1865.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1865.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1865","reference_id":"","reference_type":"","scores":[{"value":"0.01162","scoring_system":"epss","scoring_elements":"0.78681","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01162","scoring_system":"epss","scoring_elements":"0.78553","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01162","scoring_system":"epss","scoring_elements":"0.78559","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01162","scoring_system":"epss","scoring_elements":"0.78591","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01162","scoring_system":"epss","scoring_elements":"0.78572","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01162","scoring_system":"epss","scoring_elements":"0.78598","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01162","scoring_system":"epss","scoring_elements":"0.78604","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01162","scoring_system":"epss","scoring_elements":"0.78628","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01162","scoring_system":"epss","scoring_elements":"0.7861","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01162","scoring_system":"epss","scoring_elements":"0.78602","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01162","scoring_system":"epss","scoring_elements":"0.78631","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01162","scoring_system":"epss","scoring_elements":"0.78629","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01162","scoring_system":"epss","scoring_elements":"0.78625","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01162","scoring_system":"epss","scoring_elements":"0.78657","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01162","scoring_system":"epss","scoring_elements":"0.78665","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1865"},{"reference_url":"https://bugs.launchpad.net/keystone/+bug/1129713","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/keystone/+bug/1129713"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=922230","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=922230"},{"reference_url":"http://secunia.com/advisories/52657","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/52657"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-39.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-39.yaml"},{"reference_url":"https://opendev.org/openstack/keystone","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/keystone"},{"reference_url":"https://review.openstack.org/24906","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.openstack.org/24906"},{"reference_url":"https://review.openstack.org/#/c/24906","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.openstack.org/#/c/24906"},{"reference_url":"https://review.openstack.org/#/c/24906/","reference_id":"","reference_type":"","scores":[],"url":"https://review.openstack.org/#/c/24906/"},{"reference_url":"https://web.archive.org/web/20170715155558/http://www.securityfocus.com/bid/58616","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20170715155558/http://www.securityfocus.com/bid/58616"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/03/20/13","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/03/20/13"},{"reference_url":"http://www.securityfocus.com/bid/58616","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/58616"},{"reference_url":"http://www.ubuntu.com/usn/USN-1772-1","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1772-1"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2013-1865","reference_id":"CVE-2013-1865","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2013-1865"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1865","reference_id":"CVE-2013-1865","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1865"},{"reference_url":"https://github.com/advisories/GHSA-22q6-wwq7-2jj9","reference_id":"GHSA-22q6-wwq7-2jj9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-22q6-wwq7-2jj9"},{"reference_url":"https://usn.ubuntu.com/1772-1/","reference_id":"USN-1772-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1772-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926227?format=json","purl":"pkg:deb/debian/keystone@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2013-1865","GHSA-22q6-wwq7-2jj9","PYSEC-2013-39"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s62y-6nw4-j7gt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15613?format=json","vulnerability_id":"VCID-s84r-551v-u7b6","summary":"Improper Authentication\nCVE-2012-4456 Openstack Keystone 2012.1.1: fails to validate tokens in Admin API","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1378","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2012:1378"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4456.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4456.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4456","reference_id":"","reference_type":"","scores":[{"value":"0.0395","scoring_system":"epss","scoring_elements":"0.88386","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0395","scoring_system":"epss","scoring_elements":"0.88297","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0395","scoring_system":"epss","scoring_elements":"0.88305","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0395","scoring_system":"epss","scoring_elements":"0.8832","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0395","scoring_system":"epss","scoring_elements":"0.88325","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0395","scoring_system":"epss","scoring_elements":"0.88344","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0395","scoring_system":"epss","scoring_elements":"0.8835","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0395","scoring_system":"epss","scoring_elements":"0.88361","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0395","scoring_system":"epss","scoring_elements":"0.88353","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0395","scoring_system":"epss","scoring_elements":"0.88368","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0395","scoring_system":"epss","scoring_elements":"0.88364","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0395","scoring_system":"epss","scoring_elements":"0.88381","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0395","scoring_system":"epss","scoring_elements":"0.88385","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4456"},{"reference_url":"https://bugs.launchpad.net/keystone/+bug/1006815","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/keystone/+bug/1006815"},{"reference_url":"https://bugs.launchpad.net/keystone/+bug/1006822","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/keystone/+bug/1006822"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=861179","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=861179"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4456","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4456"},{"reference_url":"http://secunia.com/advisories/50665","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/50665"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/78944","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/78944"},{"reference_url":"https://github.com/openstack/keystone","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone"},{"reference_url":"https://github.com/openstack/keystone/commit/14b136aed9d988f5a8f3e699bd4577c9b874d6c1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/14b136aed9d988f5a8f3e699bd4577c9b874d6c1"},{"reference_url":"https://github.com/openstack/keystone/commit/1d146f5c32e58a73a677d308370f147a3271c2cb","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/1d146f5c32e58a73a677d308370f147a3271c2cb"},{"reference_url":"https://github.com/openstack/keystone/commit/24df3adb3f50cbb5ada411bc67aba8a781e6a431","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/24df3adb3f50cbb5ada411bc67aba8a781e6a431"},{"reference_url":"https://github.com/openstack/keystone/commit/868054992faa45d6f42d822bf1588cb88d7c9ccb","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/868054992faa45d6f42d822bf1588cb88d7c9ccb"},{"reference_url":"https://lists.launchpad.net/openstack/msg17034.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.launchpad.net/openstack/msg17034.html"},{"reference_url":"https://web.archive.org/web/20121114024512/http://www.securityfocus.com/bid/55716","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20121114024512/http://www.securityfocus.com/bid/55716"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/09/28/5","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/09/28/5"},{"reference_url":"http://www.securityfocus.com/bid/55716","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/55716"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689210","reference_id":"689210","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689210"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2012.2:milestone1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:keystone:2012.2:milestone1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2012.2:milestone1:*:*:*:*:*:*"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2012-4456","reference_id":"CVE-2012-4456","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2012-4456"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-4456","reference_id":"CVE-2012-4456","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-4456"},{"reference_url":"https://github.com/advisories/GHSA-mf98-r2gf-2x3w","reference_id":"GHSA-mf98-r2gf-2x3w","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mf98-r2gf-2x3w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926226?format=json","purl":"pkg:deb/debian/keystone@2012.1.1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1.1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2012-4456","GHSA-mf98-r2gf-2x3w"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s84r-551v-u7b6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5315?format=json","vulnerability_id":"VCID-snpz-wwd6-dkb6","summary":"OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106220.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106220.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0806.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0806.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2006.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2006.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2006","reference_id":"","reference_type":"","scores":[{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11788","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11922","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11707","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11791","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11843","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11854","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11815","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11653","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11624","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11702","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11742","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11758","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11773","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11876","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2006"},{"reference_url":"https://bugs.launchpad.net/keystone/+bug/1172195","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/keystone/+bug/1172195"},{"reference_url":"https://bugs.launchpad.net/ossn/+bug/1168252","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/ossn/+bug/1168252"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2006","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2006"},{"reference_url":"https://github.com/openstack/keystone","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone"},{"reference_url":"https://github.com/openstack/keystone/commit/c5037dd6b82909efaaa8720e8cfa8bdb8b4a0edd","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/c5037dd6b82909efaaa8720e8cfa8bdb8b4a0edd"},{"reference_url":"https://github.com/openstack/keystone/commit/d43e2a51a1ed7adbed3c5ddf001d46bc4a824ae8","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/d43e2a51a1ed7adbed3c5ddf001d46bc4a824ae8"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-40.yaml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-40.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2006","reference_id":"","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2006"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/04/24/1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/04/24/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/04/24/2","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/04/24/2"},{"reference_url":"http://www.securityfocus.com/bid/59411","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/59411"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=956007","reference_id":"956007","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=956007"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:keystone:2013.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-rxrm-xvp4-jqvh","reference_id":"GHSA-rxrm-xvp4-jqvh","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rxrm-xvp4-jqvh"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0806","reference_id":"RHSA-2013:0806","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0806"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926230?format=json","purl":"pkg:deb/debian/keystone@2013.1.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.1.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2013-2006","GHSA-rxrm-xvp4-jqvh","PYSEC-2013-40"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-snpz-wwd6-dkb6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5284?format=json","vulnerability_id":"VCID-swvg-7jxy-p3cg","summary":"OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.","references":[{"reference_url":"http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa"},{"reference_url":"http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355"},{"reference_url":"http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626"},{"reference_url":"http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d"},{"reference_url":"http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454"},{"reference_url":"http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3426","reference_id":"","reference_type":"","scores":[{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68349","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68328","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68395","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.6839","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68386","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68339","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.6836","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68285","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68261","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68312","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68354","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68309","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68342","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68244","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00561","scoring_system":"epss","scoring_elements":"0.68265","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3426"},{"reference_url":"https://bugs.launchpad.net/keystone/+bug/996595","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/keystone/+bug/996595"},{"reference_url":"https://bugs.launchpad.net/keystone/+bug/997194","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/keystone/+bug/997194"},{"reference_url":"https://bugs.launchpad.net/keystone/+bug/998185","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/keystone/+bug/998185"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3426","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3426"},{"reference_url":"http://secunia.com/advisories/50045","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/50045"},{"reference_url":"http://secunia.com/advisories/50494","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/50494"},{"reference_url":"https://github.com/openstack/keystone","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone"},{"reference_url":"https://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355"},{"reference_url":"https://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626"},{"reference_url":"https://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2012-34.yaml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2012-34.yaml"},{"reference_url":"https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3426","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3426"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/07/27/4","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/07/27/4"},{"reference_url":"http://www.ubuntu.com/usn/USN-1552-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1552-1"},{"reference_url":"https://github.com/advisories/GHSA-xp97-6w7r-4cjc","reference_id":"GHSA-xp97-6w7r-4cjc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xp97-6w7r-4cjc"},{"reference_url":"https://usn.ubuntu.com/1552-1/","reference_id":"USN-1552-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1552-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926223?format=json","purl":"pkg:deb/debian/keystone@2012.1.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2012-3426","GHSA-xp97-6w7r-4cjc","PYSEC-2012-34"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-swvg-7jxy-p3cg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5514?format=json","vulnerability_id":"VCID-t2ap-zxfa-fkhe","summary":"The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4911.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4911.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4911","reference_id":"","reference_type":"","scores":[{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53592","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.5364","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53675","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.537","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53714","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53676","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53693","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.5371","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53661","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53663","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53611","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53644","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53616","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00304","scoring_system":"epss","scoring_elements":"0.53718","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4911"},{"reference_url":"https://bugs.launchpad.net/keystone/+bug/1577558","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/keystone/+bug/1577558"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4911"},{"reference_url":"https://github.com/openstack/keystone","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone"},{"reference_url":"https://github.com/openstack/keystone/commit/0d376025bae61bf5ee19d992c7f336b99ac69240","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/0d376025bae61bf5ee19d992c7f336b99ac69240"},{"reference_url":"https://github.com/openstack/keystone/commit/ee1dc941042d1f71699971c5c30566af1b348572","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/ee1dc941042d1f71699971c5c30566af1b348572"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2016-38.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2016-38.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4911","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:P/A:N"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4911"},{"reference_url":"https://review.openstack.org/#/c/311886","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://review.openstack.org/#/c/311886"},{"reference_url":"https://review.openstack.org/#/c/311886/","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://review.openstack.org/#/c/311886/"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2016-008.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2016-008.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/05/17/10","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/05/17/10"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/05/17/11","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/05/17/11"},{"reference_url":"http://www.securityfocus.com/bid/90728","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"http://www.securityfocus.com/bid/90728"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1337079","reference_id":"1337079","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1337079"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824683","reference_id":"824683","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824683"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:keystone:openstack_identity:9.0.0.0:rc3:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-f82m-w3p3-cgp3","reference_id":"GHSA-f82m-w3p3-cgp3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f82m-w3p3-cgp3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926246?format=json","purl":"pkg:deb/debian/keystone@2:9.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:9.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2016-4911","GHSA-f82m-w3p3-cgp3","PYSEC-2016-38"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t2ap-zxfa-fkhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42674?format=json","vulnerability_id":"VCID-t88t-p8tx-cfcu","summary":"Multiple vulnerabilities have been found in libxml2, allowing\n    remote attackers to execute arbitrary code or cause Denial of Service.","references":[{"reference_url":"http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html"},{"reference_url":"http://bugs.python.org/issue17239","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://bugs.python.org/issue17239"},{"reference_url":"http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.openstack.org/pipermail/openstack-announce/2013-February/000078.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0657.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0657.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0658.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0658.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0670.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-0670.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1664.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1664.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1664","reference_id":"","reference_type":"","scores":[{"value":"0.03938","scoring_system":"epss","scoring_elements":"0.88372","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03938","scoring_system":"epss","scoring_elements":"0.88308","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03938","scoring_system":"epss","scoring_elements":"0.88312","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03938","scoring_system":"epss","scoring_elements":"0.88332","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03938","scoring_system":"epss","scoring_elements":"0.88338","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03938","scoring_system":"epss","scoring_elements":"0.88348","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03938","scoring_system":"epss","scoring_elements":"0.8834","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03938","scoring_system":"epss","scoring_elements":"0.88353","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03938","scoring_system":"epss","scoring_elements":"0.88349","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03938","scoring_system":"epss","scoring_elements":"0.88366","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03938","scoring_system":"epss","scoring_elements":"0.8837","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03938","scoring_system":"epss","scoring_elements":"0.88285","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03938","scoring_system":"epss","scoring_elements":"0.88293","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1664"},{"reference_url":"https://bugs.launchpad.net/nova/+bug/1100282","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/nova/+bug/1100282"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1664"},{"reference_url":"https://github.com/django/django","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django"},{"reference_url":"https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/1c60d07ba23e0350351c278ad28d0bd5aa410b40"},{"reference_url":"https://github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/django/django/commit/d19a27066b2247102e65412aa66917aff0091112"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1664","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1664"},{"reference_url":"http://ubuntu.com/usn/usn-1757-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://ubuntu.com/usn/usn-1757-1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/02/19/2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/02/19/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/02/19/4","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/02/19/4"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700948","reference_id":"700948","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700948"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700949","reference_id":"700949","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700949"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700950","reference_id":"700950","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700950"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=913808","reference_id":"913808","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=913808"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:cinder_folsom:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:cinder_folsom:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:cinder_folsom:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:compute_\\(nova\\)_essex:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:compute_\\(nova\\)_essex:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:compute_\\(nova\\)_essex:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:compute_\\(nova\\)_folsom:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:compute_\\(nova\\)_folsom:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:compute_\\(nova\\)_folsom:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:grizzly:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:grizzly:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:grizzly:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone_essex:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:keystone_essex:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone_essex:-:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-qrh7-x6fp-c2mp","reference_id":"GHSA-qrh7-x6fp-c2mp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qrh7-x6fp-c2mp"},{"reference_url":"https://security.gentoo.org/glsa/201311-06","reference_id":"GLSA-201311-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201311-06"},{"reference_url":"https://security.gentoo.org/glsa/201412-11","reference_id":"GLSA-201412-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0596","reference_id":"RHSA-2013:0596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0657","reference_id":"RHSA-2013:0657","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0657"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0658","reference_id":"RHSA-2013:0658","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0658"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0670","reference_id":"RHSA-2013:0670","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0670"},{"reference_url":"https://usn.ubuntu.com/1730-1/","reference_id":"USN-1730-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1730-1/"},{"reference_url":"https://usn.ubuntu.com/1731-1/","reference_id":"USN-1731-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1731-1/"},{"reference_url":"https://usn.ubuntu.com/1734-1/","reference_id":"USN-1734-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1734-1/"},{"reference_url":"https://usn.ubuntu.com/1757-1/","reference_id":"USN-1757-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1757-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926231?format=json","purl":"pkg:deb/debian/keystone@2012.1.1-13?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1.1-13%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2013-1664","GHSA-qrh7-x6fp-c2mp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t88t-p8tx-cfcu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14350?format=json","vulnerability_id":"VCID-uexc-7rt7-hbgx","summary":"OpenStack Keystone and other components vulnerable to Improper Certificate Validation\nHTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2255.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2255.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2255","reference_id":"","reference_type":"","scores":[{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61614","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61648","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61654","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61638","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61661","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61656","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61487","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61562","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.6159","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61561","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61609","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61624","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61645","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00414","scoring_system":"epss","scoring_elements":"0.61634","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2255"},{"reference_url":"https://bugs.launchpad.net/ossn/+bug/1188189","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/ossn/+bug/1188189"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2255","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2255"},{"reference_url":"https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-2255","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-2255"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2255","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2255"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/85562","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/85562"},{"reference_url":"https://github.com/openstack/cinder/commit/0f9652d92e175a1f7dc3c2a37ab444b8f189375a","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/cinder/commit/0f9652d92e175a1f7dc3c2a37ab444b8f189375a"},{"reference_url":"https://github.com/openstack/keystone/commit/5bd4c2984d329625a2a8442b316fa235dbb88a3d","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/5bd4c2984d329625a2a8442b316fa235dbb88a3d"},{"reference_url":"https://github.com/openstack/neutron/commit/7255e056092f034daaeb4246a812900645d46911","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/neutron/commit/7255e056092f034daaeb4246a812900645d46911"},{"reference_url":"https://github.com/openstack/python-keystoneclient/commit/20e166fd8a943ee3f91ba362a47e9c14c7cc5f4c","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/python-keystoneclient/commit/20e166fd8a943ee3f91ba362a47e9c14c7cc5f4c"},{"reference_url":"https://web.archive.org/web/20200229073508/https://www.securityfocus.com/bid/61118","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200229073508/https://www.securityfocus.com/bid/61118"},{"reference_url":"https://www.securityfocus.com/bid/61118","reference_id":"","reference_type":"","scores":[],"url":"https://www.securityfocus.com/bid/61118"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=924514","reference_id":"924514","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=924514"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:compute:2013.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:compute:2013.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:compute:2013.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:keystone:2013:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:keystone:2013:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://access.redhat.com/security/cve/cve-2013-2255","reference_id":"CVE-2013-2255","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/cve-2013-2255"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2255","reference_id":"CVE-2013-2255","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2255"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2013-2255","reference_id":"CVE-2013-2255","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security-tracker.debian.org/tracker/CVE-2013-2255"},{"reference_url":"https://github.com/advisories/GHSA-qh2x-hpf9-cf2g","reference_id":"GHSA-qh2x-hpf9-cf2g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qh2x-hpf9-cf2g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926233?format=json","purl":"pkg:deb/debian/keystone@2014.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2014.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2013-2255","GHSA-qh2x-hpf9-cf2g"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uexc-7rt7-hbgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5302?format=json","vulnerability_id":"VCID-vr8z-xkg6-kuhy","summary":"OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2012-1556.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2012-1556.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2012-1557.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2012-1557.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5571.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5571.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5571","reference_id":"","reference_type":"","scores":[{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.3553","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35885","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35935","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35959","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35965","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35926","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35902","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35942","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35928","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35878","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35651","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35619","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38753","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38622","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38775","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-5571"},{"reference_url":"https://bugs.launchpad.net/keystone/+bug/1064914","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/keystone/+bug/1064914"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5571","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5571"},{"reference_url":"http://secunia.com/advisories/51423","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/51423"},{"reference_url":"http://secunia.com/advisories/51436","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/51436"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/80333","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/80333"},{"reference_url":"https://github.com/openstack/keystone","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone"},{"reference_url":"https://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713b","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713b"},{"reference_url":"https://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19"},{"reference_url":"https://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2012-35.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2012-35.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5571","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:N/I:P/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5571"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/11/28/5","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/11/28/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/11/28/6","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/11/28/6"},{"reference_url":"http://www.securityfocus.com/bid/56726","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/56726"},{"reference_url":"http://www.ubuntu.com/usn/USN-1641-1","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1641-1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694433","reference_id":"694433","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694433"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2012-5571","reference_id":"CVE-2012-5571","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2012-5571"},{"reference_url":"https://github.com/advisories/GHSA-qvpr-qm6w-6rcc","reference_id":"GHSA-qvpr-qm6w-6rcc","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qvpr-qm6w-6rcc"},{"reference_url":"https://usn.ubuntu.com/1641-1/","reference_id":"USN-1641-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1641-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926228?format=json","purl":"pkg:deb/debian/keystone@2012.1.1-11?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2012.1.1-11%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2012-5571","GHSA-qvpr-qm6w-6rcc","PYSEC-2012-35"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vr8z-xkg6-kuhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6079?format=json","vulnerability_id":"VCID-w6e4-zd31-g7hu","summary":"An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. This results in the provided keystone token having more role assignments than the creator intended, possibly giving unintended escalated access.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12690.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12690.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12690","reference_id":"","reference_type":"","scores":[{"value":"0.00817","scoring_system":"epss","scoring_elements":"0.74414","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00817","scoring_system":"epss","scoring_elements":"0.74415","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00817","scoring_system":"epss","scoring_elements":"0.74407","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00817","scoring_system":"epss","scoring_elements":"0.74288","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00817","scoring_system":"epss","scoring_elements":"0.7438","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00817","scoring_system":"epss","scoring_elements":"0.74372","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00817","scoring_system":"epss","scoring_elements":"0.74335","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00817","scoring_system":"epss","scoring_elements":"0.74343","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00817","scoring_system":"epss","scoring_elements":"0.74363","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00817","scoring_system":"epss","scoring_elements":"0.74342","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00817","scoring_system":"epss","scoring_elements":"0.74327","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00817","scoring_system":"epss","scoring_elements":"0.74294","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00817","scoring_system":"epss","scoring_elements":"0.74321","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00817","scoring_system":"epss","scoring_elements":"0.74293","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00817","scoring_system":"epss","scoring_elements":"0.74373","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12690"},{"reference_url":"https://bugs.launchpad.net/keystone/+bug/1873290","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/keystone/+bug/1873290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/advisories/GHSA-6m8p-x4qw-gh5j","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6m8p-x4qw-gh5j"},{"reference_url":"https://github.com/openstack/keystone","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-54.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-54.yaml"},{"reference_url":"https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12690","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12690"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2020-005.html","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2020-005.html"},{"reference_url":"https://usn.ubuntu.com/4480-1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4480-1"},{"reference_url":"https://usn.ubuntu.com/4480-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4480-1/"},{"reference_url":"https://www.openwall.com/lists/oss-security/2020/05/06/6","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2020/05/06/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/05/07/3","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/05/07/3"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1830395","reference_id":"1830395","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1830395"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900","reference_id":"959900","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3102","reference_id":"RHSA-2020:3102","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3102"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3105","reference_id":"RHSA-2020:3105","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3105"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926250?format=json","purl":"pkg:deb/debian/keystone@2:17.0.0~rc2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:17.0.0~rc2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-12690","GHSA-6m8p-x4qw-gh5j","PYSEC-2020-54"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w6e4-zd31-g7hu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6077?format=json","vulnerability_id":"VCID-wc5s-25xb-rqaa","summary":"An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12692.json","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12692.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12692","reference_id":"","reference_type":"","scores":[{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33675","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33762","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33785","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33931","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34174","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34197","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34238","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34209","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34166","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34303","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.3427","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34158","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34194","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34207","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12692"},{"reference_url":"https://bugs.launchpad.net/keystone/+bug/1872737","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/keystone/+bug/1872737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12689"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12692"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/openstack/keystone","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/openstack/keystone"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-56.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-56.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12692","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12692"},{"reference_url":"https://opendev.org/openstack/keystone/commit/ab89ea749013e7f2c46260f68504f5687763e019","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/keystone/commit/ab89ea749013e7f2c46260f68504f5687763e019"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2020-003.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.openstack.org/ossa/OSSA-2020-003.html"},{"reference_url":"https://usn.ubuntu.com/4480-1","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4480-1"},{"reference_url":"https://usn.ubuntu.com/4480-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4480-1/"},{"reference_url":"https://www.openwall.com/lists/oss-security/2020/05/06/4","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2020/05/06/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/05/07/1","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/05/07/1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1833164","reference_id":"1833164","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1833164"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900","reference_id":"959900","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959900"},{"reference_url":"https://github.com/advisories/GHSA-rqw2-hhrf-7936","reference_id":"GHSA-rqw2-hhrf-7936","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rqw2-hhrf-7936"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2732","reference_id":"RHSA-2020:2732","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2732"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3102","reference_id":"RHSA-2020:3102","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3102"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3105","reference_id":"RHSA-2020:3105","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3105"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926250?format=json","purl":"pkg:deb/debian/keystone@2:17.0.0~rc2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:17.0.0~rc2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2020-12692","GHSA-rqw2-hhrf-7936","PYSEC-2020-56"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wc5s-25xb-rqaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5328?format=json","vulnerability_id":"VCID-wm8s-rmkk-mugb","summary":"The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.","references":[{"reference_url":"http://osvdb.org/97237","reference_id":"","reference_type":"","scores":[],"url":"http://osvdb.org/97237"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1285.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1285.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1285","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2013:1285"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4294.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4294.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2013-4294","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2013-4294"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4294","reference_id":"","reference_type":"","scores":[{"value":"0.008","scoring_system":"epss","scoring_elements":"0.7399","published_at":"2026-04-01T12:55:00Z"},{"value":"0.008","scoring_system":"epss","scoring_elements":"0.7412","published_at":"2026-04-29T12:55:00Z"},{"value":"0.008","scoring_system":"epss","scoring_elements":"0.74112","published_at":"2026-04-24T12:55:00Z"},{"value":"0.008","scoring_system":"epss","scoring_elements":"0.74086","published_at":"2026-04-18T12:55:00Z"},{"value":"0.008","scoring_system":"epss","scoring_elements":"0.74077","published_at":"2026-04-21T12:55:00Z"},{"value":"0.008","scoring_system":"epss","scoring_elements":"0.74038","published_at":"2026-04-13T12:55:00Z"},{"value":"0.008","scoring_system":"epss","scoring_elements":"0.74042","published_at":"2026-04-09T12:55:00Z"},{"value":"0.008","scoring_system":"epss","scoring_elements":"0.74027","published_at":"2026-04-08T12:55:00Z"},{"value":"0.008","scoring_system":"epss","scoring_elements":"0.73994","published_at":"2026-04-07T12:55:00Z"},{"value":"0.008","scoring_system":"epss","scoring_elements":"0.74023","published_at":"2026-04-04T12:55:00Z"},{"value":"0.008","scoring_system":"epss","scoring_elements":"0.73997","published_at":"2026-04-02T12:55:00Z"},{"value":"0.008","scoring_system":"epss","scoring_elements":"0.74045","published_at":"2026-04-12T12:55:00Z"},{"value":"0.008","scoring_system":"epss","scoring_elements":"0.74064","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4294"},{"reference_url":"https://bugs.launchpad.net/keystone/+bug/1202952","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.launchpad.net/keystone/+bug/1202952"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1004452","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1004452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4294","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4294"},{"reference_url":"http://seclists.org/oss-sec/2013/q3/586","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/oss-sec/2013/q3/586"},{"reference_url":"http://secunia.com/advisories/54706","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/54706"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-42.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-42.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4294","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4294"},{"reference_url":"https://opendev.org/openstack/keystone","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opendev.org/openstack/keystone"},{"reference_url":"http://www.ubuntu.com/usn/USN-2002-1","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-2002-1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722505","reference_id":"722505","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722505"},{"reference_url":"https://github.com/advisories/GHSA-5qpp-v56f-mqfm","reference_id":"GHSA-5qpp-v56f-mqfm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5qpp-v56f-mqfm"},{"reference_url":"https://usn.ubuntu.com/2002-1/","reference_id":"USN-2002-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2002-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926235?format=json","purl":"pkg:deb/debian/keystone@2013.1.3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2013.1.3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2013-4294","GHSA-5qpp-v56f-mqfm","PYSEC-2013-42"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wm8s-rmkk-mugb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/73837?format=json","vulnerability_id":"VCID-ztee-sxym-zffv","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14432.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14432.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14432","reference_id":"","reference_type":"","scores":[{"value":"0.01139","scoring_system":"epss","scoring_elements":"0.78351","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01139","scoring_system":"epss","scoring_elements":"0.78357","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01139","scoring_system":"epss","scoring_elements":"0.78388","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01139","scoring_system":"epss","scoring_elements":"0.78372","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01139","scoring_system":"epss","scoring_elements":"0.78398","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01139","scoring_system":"epss","scoring_elements":"0.78404","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01139","scoring_system":"epss","scoring_elements":"0.7843","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01139","scoring_system":"epss","scoring_elements":"0.78412","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01139","scoring_system":"epss","scoring_elements":"0.78405","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01139","scoring_system":"epss","scoring_elements":"0.78434","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01139","scoring_system":"epss","scoring_elements":"0.78432","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01139","scoring_system":"epss","scoring_elements":"0.78428","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01139","scoring_system":"epss","scoring_elements":"0.78461","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01139","scoring_system":"epss","scoring_elements":"0.78469","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01139","scoring_system":"epss","scoring_elements":"0.78484","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14432"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1606868","reference_id":"1606868","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1606868"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904616","reference_id":"904616","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904616"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2523","reference_id":"RHSA-2018:2523","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2523"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2533","reference_id":"RHSA-2018:2533","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2533"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2543","reference_id":"RHSA-2018:2543","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2543"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/926248?format=json","purl":"pkg:deb/debian/keystone@2:13.0.0-7?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:13.0.0-7%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926220?format=json","purl":"pkg:deb/debian/keystone@2:18.0.0-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:18.0.0-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926218?format=json","purl":"pkg:deb/debian/keystone@2:22.0.2-0%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-93vc-hgec-nfe6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:22.0.2-0%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926222?format=json","purl":"pkg:deb/debian/keystone@2:27.0.0-3%2Bdeb13u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6wj2-abbb-xqf6"},{"vulnerability":"VCID-z3vj-se4e-hbgw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/926221?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1062481?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1066830?format=json","purl":"pkg:deb/debian/keystone@2:29.0.0-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.0-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1067557?format=json","purl":"pkg:deb/debian/keystone@2:29.0.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:29.0.1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-14432"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ztee-sxym-zffv"}],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/keystone@2:27.0.0-3%252Bdeb13u1%3Fdistro=trixie"}