Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 57 results


CVE-2022-2447

Low priority
Vulnerable

A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to...

1 affected packages

keystone

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
keystone Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2021-3563

Low priority
Vulnerable

A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this...

1 affected packages

keystone

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
keystone Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2021-38155

Low priority
Needs evaluation

OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). By guessing the name of an...

1 affected packages

keystone

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
keystone Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2020-12692

Medium priority

Some fixes available 1 of 3

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack...

1 affected packages

keystone

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
keystone Not affected Not affected Not affected Fixed Vulnerable
Show less packages

CVE-2020-12691

Medium priority

Some fixes available 1 of 3

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the...

1 affected packages

keystone

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
keystone Not affected Not affected Not affected Fixed Vulnerable
Show less packages

CVE-2020-12690

Medium priority

Some fixes available 1 of 3

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token...

1 affected packages

keystone

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
keystone Not affected Not affected Not affected Fixed Vulnerable
Show less packages

CVE-2020-12689

Medium priority

Some fixes available 1 of 3

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as...

1 affected packages

keystone

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
keystone Not affected Not affected Not affected Fixed Vulnerable
Show less packages

CVE-2013-2167

Medium priority
Ignored

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass

1 affected packages

python-keystoneclient

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-keystoneclient
Show less packages

CVE-2013-2166

Low priority
Ignored

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass

1 affected packages

python-keystoneclient

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-keystoneclient
Show less packages

CVE-2019-19687

Medium priority

Some fixes available 1 of 2

OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforce_scope is false. Users with a...

1 affected packages

keystone

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
keystone Not affected Not affected
Show less packages