Keystone

Latest version: v26.0.0

Vulnerabilities (43)

CVE/PVE	Vulnerability ID	Advisory	Affected versions	Severity	Severity Score
CVE-2021-38155	45246	Keystone versions 16.0.2, 17.0.1, 18.0.1 and 19.0.1 include a fix for…	>=10.0.0.0rc1,<16.0.2 >=17.0.0.0rc1,<17.0.1 >=18.0.0.0rc1,<18.0.1 >=19.0.0.0rc1,<19.0.1	HIGH	7.5
CVE-2018-14432	70607	In the Federation component of OpenStack Keystone before 11.0.4, 12.0…	<11.04 >=12.0.0,<12.0.0 >=13.0.0<13.0.0	MEDIUM	5.3
CVE-2015-3646	70443	OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 201…	<2014.1.5 >=2014.2,<2014.2.4	MEDIUM	4.0
CVE-2013-2059	67997	OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly be…	>=2011.3.1,<2012.2.4 >=2013,<2013.1.1	MEDIUM	6.0
CVE-2014-3621	70603	The catalog url replacement in OpenStack Identity (Keystone) before 2…	>=2010,<2013.2.3 >=2014.1,<2014.1.2.1	MEDIUM	4.0
CVE-2020-12689	38587	An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0…	<15.0.1 >=16.0.0.0rc1,<=16.0.0	HIGH	8.8
CVE-2020-12691	38585	An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0…	<15.0.1 >=16.0.0.0rc1,<=16.0.0	HIGH	8.8
CVE-2020-12690	38583	An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0…	<15.0.1 >=16.0.0.0rc1,<=16.0.0	HIGH	8.8
CVE-2020-12692	38584	An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0…	<15.0.1 >=16.0.0.0rc1,<=16.0.0	MEDIUM	5.4
CVE-2019-19687	37770	OpenStack Keystone 15.0.0 and 16.0.0 are affected by Data Leakage in …	==15.0.0 ==16.0.0	HIGH	8.8
CVE-2016-4911	70597	The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x befo…	<9.0.1	MEDIUM	4.3
CVE-2012-1572	38586	In Keystone versions prior to 8.0.0, It is possible to remotely trigg…	<8.0.0	HIGH	7.5
CVE-2022-2447	50894	Keystone is affected by CVE-2022-2447: A flaw was found in OpenStack.…	<=21.0.0	MEDIUM	6.6
CVE-2013-4477	60958	The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana,…	<=2013.2.1	LOW	3.3
CVE-2013-2255	38589	HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1…	>=2013,<2014	MEDIUM	5.9
CVE-2013-4294	35459	The (1) mamcache and (2) KVS token backends in OpenStack Identity (Ke…	>=2012.2.0,<2013.1.4	MEDIUM	5.0
CVE-2013-6391	68002	The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013…	>=2011.3.1,<2013.2.1	MEDIUM	5.8
CVE-2012-5571	68006	OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not proper…	>=2011.3.1,<=2013.2	LOW	3.5
CVE-2013-0247	67994	OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and ea…	>=2011.3.1,<2013.1.g3	MEDIUM	5.0
CVE-2013-2157	67998	OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when …	>=2011.3.1,<2013.1.3	MEDIUM	4.3
CVE-2013-4222	68010	OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, a…	>=2011.3.1,<2013.1.3	MEDIUM	6.5
CVE-2013-2006	68009	OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode loggi…	>=2011.3.1,<2013.1	LOW	2.1
CVE-2013-2014	67996	OpenStack Identity (Keystone) before 2013.1 allows remote attackers t…	>=2011.3.1,<2013.1	MEDIUM	5.0
CVE-2013-0282	67995	OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier…	>=2011.3.1,<2013.1	MEDIUM	5.0
CVE-2012-5483	67993	tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to A…	>=2011.3.1,<=2012.1.3	LOW	2.1
CVE-2012-4457	68008	OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 d…	>=2011.3.1,<2012.1.2	MEDIUM	4.0
CVE-2012-3426	68007	OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom befor…	>=2011.3.1,<2012.1.1	MEDIUM	4.9
CVE-2014-3476	70448	OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2…	>2010,<2014.2	MEDIUM	6.0
CVE-2014-5252	70445	The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.…	>2010,<2014.2	MEDIUM	4.9
CVE-2014-5253	70444	OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno bef…	>2010,<2014.2	MEDIUM	4.9
CVE-2014-3520	70447	OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2…	>2010,<2014.2	MEDIUM	6.5
CVE-2014-5251	70446	The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x befo…	>2010,<2014.2	MEDIUM	4.9
CVE-2014-2828	70450	The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 an…	>2010,<2014.1	HIGH	7.8
CVE-2014-2237	70451	The memcache token backend in OpenStack Identity (Keystone) 2013.1 th…	>2010,<2013.2.3	MEDIUM	5.0
CVE-2012-5563	35399	OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not prop…	>=2010,<2012.2	MEDIUM	4.0
CVE-2013-1865	35416	OpenStack Keystone Folsom (2012.2) does not properly perform revocati…	>=2010,<2012.2	MEDIUM	6.8
CVE-2012-4413	35373	OpenStack Keystone 2012.1.3 does not invalidate existing tokens when …	>=2010,<2012.1.3	MEDIUM	4.0
CVE-2012-4456	35374	The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone E…	>=2010,<2012.1.2	HIGH	7.5
CVE-2012-3542	35370	OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and…	>=2010,<2012.1	MEDIUM	4.3
CVE-2012-3360	68022	Directory traversal vulnerability in virt/disk/api.py in OpenStack Co…	>=2010.1-rc2,<=2012.2	MEDIUM	5.5
CVE-2017-2673	70606	An authorization-check flaw was discovered in federation configuratio…	<=12.0.3-9¶	HIGH	7.2
CVE-2018-20170	36734	Keystone has a user enumeration vulnerability because invalid usernam…	>0	MEDIUM	5.3
CVE-2021-3563	50789	Keystone is affected by CVE-2021-3563: Only the first 72 characters o…	>0	HIGH	7.4