Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
keystone vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-5483
tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elastic Compute Cloud (Amazon EC2) is configured, uses world-readable permissions for /etc/keystone/ec2rc, which allows local users to obtain access to EC2 services by reading administrative access and sec...
Openstack Keystone 2012.1.3
5.3
CVSSv3
CVE-2021-32624
Keystone 5 is an open source CMS platform to build Node.js applications. This security advisory relates to a newly discovered capability in our query infrastructure to directly or indirectly expose the values of private fields, bypassing the configured access control. This is an ...
Keystonejs Keystone-5
9.8
CVSSv3
CVE-2022-29354
An arbitrary file upload vulnerability in the file upload module of Keystone v4.2.1 allows malicious users to execute arbitrary code via a crafted file.
Keystonejs Keystone 4.2.1
NA
CVE-2012-4413
OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.
Openstack Keystone 2012.1.3
7.8
CVSSv3
CVE-2020-36405
Keystone Engine 0.9.2 has a use-after-free in llvm_ks::X86Operand::getToken.
Keystone-engine Keystone Engine 0.9.2
4.3
CVSSv3
CVE-2016-4911
The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x prior to 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token.
Keystone Openstack Identity 9.0.0.0
NA
CVE-2015-3646
OpenStack Identity (Keystone) prior to 2014.1.5 and 2014.2.x prior to 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs.
Openstack Keystone
Oracle Solaris 11.2
NA
CVE-2013-2014
OpenStack Identity (Keystone) prior to 2013.1 allows remote malicious users to cause a denial of service (memory consumption and crash) via multiple long requests.
Openstack Keystone
Fedoraproject Fedora 19
NA
CVE-2013-1665
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote malicious users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, ...
Openstack Folsom -
Openstack Keystone Essex -
7.5
CVSSv3
CVE-2015-7546
The identity service in OpenStack Identity (Keystone) prior to 2015.1.3 (Kilo) and 8.0.x prior to 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) prior to 1.5.4 (Kilo) and Liberty prior to 2.3.3 does not properly invalidate authorization tokens when using ...
Openstack Keystonemiddleware
Openstack Keystone
Oracle Solaris 11.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »