pkg:PyPI/keystone

All known vulnerabilities

• CRITICAL9.1CVE-2021-3563keystone - security update
  from 0, <= 21.0.0
• HIGH8.8CVE-2020-12691OpenStack Keystone V3 /credentials endpoint policy logic allows to change credentials owner or target project ID
  from 0, < 15.0.1
• HIGH8.8OpenStack Keystone V3 /credentials endpoint policy logic allows to change credentials owner or target project ID
  from 0, < 15.0.1
• HIGH8.8keystone - security update
  from 0, < 15.0.1
• HIGH8.8keystone - security update
  from 0, < 15.0.1
• HIGH8.8OpenStack Keystone Credential Leakage
  >= 15.0.0, < 15.0.1
• HIGH8.8OpenStack Keystone Credential Leakage
  from 0, < 16.0.1
• HIGH8.8Insufficient Session Expiration in OpenStack Keystone
  from 0, < 15.0.1
• HIGH8.8Insufficient Session Expiration in OpenStack Keystone
  from 0, < 15.0.1
• HIGH7.9OpenStack Keystone has an Incorrect Authorization Issue
  >= 13.0.0, <= 29.0.1
• HIGH7.7OpenStack Keystone: LDAP identity backend does not convert enabled attribute to boolean
  from 0, < 28.0.1
• HIGH7.5keystone - security update
  from 0, < 26.0.1
• HIGH7.5OpenStack Keystone allows information disclosure during account locking
  >= 10.0, < 16.0.2
• HIGH7.5OpenStack Keystone Allows Remote User Account Creation
  from 0, < 5438d3b5a219d7c8fa67e66e538d325a61617155, < c13d0ba606f7b2bdc609a7f388334e5efec3f3aa | from 0
• HIGH7.5OpenStack Keystone Allows Remote User Account Creation
  from 0, < 2012.1
• HIGH7.5OpenStack Identity (Keystone) DoS through V3 API authentication chaining
  from 0, < 8.0.0a0
• HIGH7.5OpenStack Identity (Keystone) DoS through V3 API authentication chaining
  from 0, < 8.0.0a0
• HIGH7.5OpenStack Identity Keystone and keystonemiddleware Insufficiently Protected Credentials
  >= 9.0.0.0b1, < 9.0.0.0b2
• HIGH7.2OpenStack Identity service (keystone) Incorrect Authorization
  >= 9.0.0, <= 9.3.0
• HIGH7.2OpenStack Identity service (keystone) Incorrect Authorization
  >= 9.0.0, <= 9.3.0
• MEDIUM6.5OpenStack Identity (Keystone) UUID v2 tokens does not expire with revocation events
  from 0, < 8.0.0a0
• MEDIUM6.5OpenStack Identity (Keystone) UUID v2 tokens does not expire with revocation events
  from 0, < 8.0.0a0
• MEDIUM6.5OpenStack Keystone Domain-scoped tokens don't get revoked
  from 0, < 8.0.0a0
• MEDIUM6.5OpenStack Identity (Keystone) Multiple vulnerabilities in revocation events
  from 0, < 8.0.0a0
• MEDIUM6.5OpenStack Identity (Keystone) Multiple vulnerabilities in revocation events
  from 0, < 8.0.0a0
• MEDIUM6.5OpenStack Keystone Domain-scoped tokens don't get revoked
  from 0, < 8.0.0a0
• MEDIUM6.5OpenStack Identity (Keystone) Trustee token revocations does not work with memcache backend
  from 0, < 8.0.0a0
• MEDIUM6.5OpenStack Identity (Keystone) Trustee token revocations does not work with memcache backend
  from 0, < 8.0.0a0
• MEDIUM6.5OpenStack Keystone Denial of Service vulnerability via a large HTTP request
  from 0, < 8.0.0a0
• MEDIUM5.9OpenStack Keystone Insufficient token expiration
  from 0, < 38c7e46a640a94da4da89a39a5a1ea9c081f1eb5, < f9d4766249a72d8f88d75dcf1575b28dd3496681 | from 0
• MEDIUM5.9OpenStack Keystone Insufficient token expiration
  from 0, < 8.0.0
• MEDIUM5.9OpenStack Keystone and other components vulnerable to Improper Certificate Validation
  from 0, < 8.0.0a0
• MEDIUM5.4OpenStack Keystone does not check signature TTL of the EC2 credential auth method
  from 0, < 15.0.1
• MEDIUM5.4OpenStack Keystone does not check signature TTL of the EC2 credential auth method
  >= 16.0.0.0rc1, < 16.0.0
• MEDIUM5.4OpenStack Keystone intended authorization restrictions bypass
  from 0, < 8.0.0a0
• MEDIUM5.4OpenStack Keystone intended authorization restrictions bypass
  from 0, < 37308dd4f3e33f7bd0f71d83fd51734d1870713b, < 8735009dc5b895db265a1cd573f39f4acfca2a19, < 9d68b40cb9ea818c48152e6c712ff41586ad9653 | from 0
• MEDIUM5.3OpenStack Identity (Keystone) allows remote attackers to bypass intended access restrictions via revoked PKI token
  >= 2012.2.0, < 2013.1.4
• MEDIUM5.3OpenStack Identity (Keystone) allows remote attackers to bypass intended access restrictions via revoked PKI token
  >= 2012.2.0, < 2013.1.4
• MEDIUM5.3OpenStack Keystone Improper Authentication vulnerability
  >= 2012.2, < 2012.2.4
• MEDIUM5.3OpenStack Keystone Improper Authentication vulnerability
  >= 2012.2, < 2012.2.4
• MEDIUM4.3OpenStack Identity Keystone Improper Access Control
  >= 9.0.0, < 9.0.1
• MEDIUM4.3OpenStack Identity Keystone Improper Access Control
  >= 9.0.0, < 9.0.1
• MEDIUM4.3OpenStack Identity (Keystone) improper revoking of the authentication token when deleting a user
  from 0, < 8.0.0a0
• MEDIUM4.3OpenStack Identity (Keystone) improper revoking of the authentication token when deleting a user
  from 0, < 8.0.0a0
• LOW3.5OpenStack Keystone: Restricted application credentials can create EC2 credentials
  >= 14.0.0, < 26.1.1
• LOW3.5OpenStack Keystone: Restricted application credentials can create EC2 credentials
  >= 14.0.0, < 26.1.1
• —OpenStack Keystone token expiration issues
  from 0, < 8.0.0a0
• —OpenStack Keystone token expiration issues
  from 0, < ea03d05ed5de0c015042876100d37a6a14bf56de, < 628149b3dc6b58b91fd08e6ca8d91c728ccb8626, < 375838cfceb88cacc312ff6564e64eb18ee6a355, < d9600434da14976463a0bd03abd8e0309f0db454, < 29e74e73a6e51cffc0371b32354558391826a4aa, < a67b24878a6156eab17b9098fa649f0279256f5d | from 0
• —OpenStack Identity Keystone Privilege Escalation vulnerability
  from 0, < 8.0.0a0
• —OpenStack Keystone Sensitive information disclosure via log files
  from 0, < c5037dd6b82909efaaa8720e8cfa8bdb8b4a0edd | from 0
• —OpenStack Keystone Sensitive information disclosure via log files
  from 0, < 8.0.0a0
• —OpenStack Keystone does not invalidate existing tokens when granting or revoking roles
  from 0, < 2012.1.3
• —OpenStack Keystone Token authorization for a user in a disabled tenant is allowed
  from 0, < 8.0.0a0
• —OpenStack Keystone Improper Authentication vulnerability
  >= 2012.1, < 2012.1.2
• —OpenStack Identity Keystone Improper Privilege Management
  from 0, < 8.0.0a0
• —OpenStack Identity Keystone Exposure of Sensitive Information
  from 0, < 8.0.0a0
• —OpenStack Keystone Logs Passwords
  >= 2011.3, < 2014.1.5
• —OpenStack Identity Keystone is vulnerable to Block delegation escalation of privilege
  from 0, < 8.0.0a0
• —OpenStack Identity (Keystone) Denial of Service
  from 0, < 8.0.0a0
• —OpenStack Keystone allows context-dependent attackers to bypass access restrictions
  from 0, < 8.0.0a0
• —** DISPUTED ** OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses…
  from 0, < 14.1.0