Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
keystone vulnerabilities and exploits
(subscribe to this query)
187
VMScore
CVE-2012-5483
tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elastic Compute Cloud (Amazon EC2) is configured, uses world-readable permissions for /etc/keystone/ec2rc, which allows local users to obtain access to EC2 services by reading administrative access and sec...
Openstack Keystone 2012.1.3
668
VMScore
CVE-2022-29354
An arbitrary file upload vulnerability in the file upload module of Keystone v4.2.1 allows malicious users to execute arbitrary code via a crafted file.
Keystonejs Keystone 4.2.1
356
VMScore
CVE-2012-4413
OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.
Openstack Keystone 2012.1.3
312
VMScore
CVE-2021-32624
Keystone 5 is an open source CMS platform to build Node.js applications. This security advisory relates to a newly discovered capability in our query infrastructure to directly or indirectly expose the values of private fields, bypassing the configured access control. This is an ...
Keystonejs Keystone-5
356
VMScore
CVE-2016-4911
The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x prior to 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token.
Keystone Openstack Identity 9.0.0.0
605
VMScore
CVE-2020-36405
Keystone Engine 0.9.2 has a use-after-free in llvm_ks::X86Operand::getToken.
Keystone-engine Keystone Engine 0.9.2
445
VMScore
CVE-2013-2014
OpenStack Identity (Keystone) prior to 2013.1 allows remote malicious users to cause a denial of service (memory consumption and crash) via multiple long requests.
Openstack Keystone
Fedoraproject Fedora 19
356
VMScore
CVE-2015-3646
OpenStack Identity (Keystone) prior to 2014.1.5 and 2014.2.x prior to 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs.
Openstack Keystone
Oracle Solaris 11.2
446
VMScore
CVE-2013-1665
The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote malicious users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, ...
Openstack Folsom -
Openstack Keystone Essex -
534
VMScore
CVE-2015-7546
The identity service in OpenStack Identity (Keystone) prior to 2015.1.3 (Kilo) and 8.0.x prior to 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) prior to 1.5.4 (Kilo) and Liberty prior to 2.3.3 does not properly invalidate authorization tokens when using ...
Openstack Keystonemiddleware
Openstack Keystone
Oracle Solaris 11.3
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »