Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openstack keystone 16.0.0 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-12691
An issue exists in OpenStack Keystone prior to 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as an...
Openstack Keystone 16.0.0
Openstack Keystone
Canonical Ubuntu Linux 18.04
8.8
CVSSv3
CVE-2020-12689
An issue exists in OpenStack Keystone prior to 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. Thi...
Openstack Keystone 16.0.0
Openstack Keystone
Canonical Ubuntu Linux 18.04
8.8
CVSSv3
CVE-2020-12690
An issue exists in OpenStack Keystone prior to 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the ...
Openstack Keystone 16.0.0
Openstack Keystone
5.4
CVSSv3
CVE-2020-12692
An issue exists in OpenStack Keystone prior to 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times.
Openstack Keystone 16.0.0
Openstack Keystone
Canonical Ubuntu Linux 18.04
8.8
CVSSv3
CVE-2019-19687
OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforce_scope is false. Users with a role on a project are able to view any other user...
Openstack Keystone 16.0.0
Openstack Keystone 15.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started