Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
keystone vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-4457
OpenStack Keystone Essex prior to 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant.
Openstack Keystone
Openstack Keystone 2012.2
NA
CVE-2013-2059
OpenStack Identity (Keystone) Folsom 2012.2.4 and previous versions, Grizzly prior to 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token...
Openstack Keystone 2012.1
Openstack Keystone 2013.1
8.8
CVSSv3
CVE-2019-19687
OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforce_scope is false. Users with a role on a project are able to view any other user...
Openstack Keystone 15.0.0
Openstack Keystone 16.0.0
9.8
CVSSv3
CVE-2022-39382
Keystone is a headless CMS for Node.js — built with GraphQL and React.`@keystone-6/core@3.0.0 || 3.0.1` users that use `NODE_ENV` to trigger security-sensitive functionality in their production builds are vulnerable to `NODE_ENV` being inlined to `"development"` f...
Keystonejs Keystone 3.0.0
Keystonejs Keystone 3.0.1
5.4
CVSSv3
CVE-2020-12692
An issue exists in OpenStack Keystone prior to 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times.
Openstack Keystone 16.0.0
Openstack Keystone
Canonical Ubuntu Linux 18.04
8.8
CVSSv3
CVE-2020-12689
An issue exists in OpenStack Keystone prior to 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. Thi...
Openstack Keystone 16.0.0
Openstack Keystone
Canonical Ubuntu Linux 18.04
8.8
CVSSv3
CVE-2020-12691
An issue exists in OpenStack Keystone prior to 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as an...
Openstack Keystone 16.0.0
Openstack Keystone
Canonical Ubuntu Linux 18.04
NA
CVE-2012-3426
OpenStack Keystone prior to 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chai...
Openstack Essex
Openstack Keystone 2012.1.1
Openstack Keystone 2012.1
Openstack Horizon Folsom-1
8.8
CVSSv3
CVE-2017-16570
KeystoneJS prior to 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7_KEYJS_03. In other words, it fails to reject requests that lack an x-csrf-token header.
Keystonejs Keystone
1 EDB exploit
7.5
CVSSv3
CVE-2021-38155
OpenStack Keystone 10.x up to and including 16.x prior to 16.0.2, 17.x prior to 17.0.1, 18.x prior to 18.0.1, and 19.x prior to 19.0.1 allows information disclosure during account locking (related to PCI DSS features). By guessing the name of an account and failing to authenticat...
Openstack Keystone
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »