pkg:Debian/keystone

All known vulnerabilities

• CRITICAL9.1CVE-2021-3563keystone - security update
  from 0, < 2:14.2.0-0+deb10u2
• CRITICAL9.1CVE-2021-3563keystone - security update
  from 0
• HIGH8.8CVE-2020-12691OpenStack Keystone V3 /credentials endpoint policy logic allows to change credentials owner or target project ID
  from 0, < 2:17.0.0~rc2-1
• HIGH8.8CVE-2020-12689keystone - security update
  from 0, < 2:17.0.0~rc2-1
• HIGH8.8CVE-2020-12689keystone - security update
  from 0, < 2:14.2.0-0+deb10u1
• HIGH8.8CVE-2019-19687OpenStack Keystone Credential Leakage
  from 0, < 2:16.0.0-5
• HIGH8.8CVE-2020-12690Insufficient Session Expiration in OpenStack Keystone
  from 0, < 2:17.0.0~rc2-1
• HIGH7.9CVE-2026-43001OpenStack Keystone has an Incorrect Authorization Issue
  from 0
• HIGH7.7CVE-2026-40683OpenStack Keystone: LDAP identity backend does not convert enabled attribute to boolean
  from 0
• HIGH7.5CVE-2025-65073keystone - security update
  from 0, < 2:18.1.0-1+deb11u2
• HIGH7.5CVE-2025-65073keystone - security update
  from 0, < 2:22.0.2-0+deb12u1
• HIGH7.5CVE-2025-65073keystone - security update
  from 0, < 2:18.1.0-1+deb11u2
• HIGH7.5CVE-2021-38155OpenStack Keystone allows information disclosure during account locking
  from 0, < 2:18.0.0-3+deb11u1
• HIGH7.5CVE-2012-3542OpenStack Keystone Allows Remote User Account Creation
  from 0, < 2012.1.1-5
• HIGH7.5CVE-2014-2828OpenStack Identity (Keystone) DoS through V3 API authentication chaining
  from 0, < 2014.1-1
• HIGH7.5CVE-2015-7546OpenStack Identity Keystone and keystonemiddleware Insufficiently Protected Credentials
  from 0, < 2:9.0.0~rc2-1
• HIGH7.5CVE-2012-1572OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space
  from 0, < 2012.1~rc2-1
• HIGH7.2CVE-2017-2673OpenStack Identity service (keystone) Incorrect Authorization
  from 0, < 2:10.0.0-9
• MEDIUM6.5CVE-2014-5252OpenStack Identity (Keystone) UUID v2 tokens does not expire with revocation events
  from 0, < 2014.1.2.1-1
• MEDIUM6.5CVE-2014-5251OpenStack Identity (Keystone) Multiple vulnerabilities in revocation events
  from 0, < 2014.1.2.1-1
• MEDIUM6.5CVE-2014-5253OpenStack Keystone Domain-scoped tokens don't get revoked
  from 0, < 2014.1.2.1-1
• MEDIUM6.5CVE-2014-2237OpenStack Identity (Keystone) Trustee token revocations does not work with memcache backend
  from 0, < 2013.2.3-1
• MEDIUM6.5CVE-2013-0270OpenStack Keystone Denial of Service vulnerability via a large HTTP request
  from 0, < 2013.1.1-2
• MEDIUM6.0CVE-2026-44394An issue was discovered in OpenStack Keystone before 29.0.2.
  from 0
• MEDIUM6.0CVE-2026-43000An issue was discovered in OpenStack Keystone before 29.0.2.
  from 0
• MEDIUM6.0CVE-2026-42999An issue was discovered in OpenStack Keystone before 29.0.2.
  from 0
• MEDIUM6.0CVE-2026-42998An issue was discovered in OpenStack Keystone before 29.0.2.
  from 0
• MEDIUM6.0CVE-2014-0105python-keystoneclient vulnerable to context confusion in Keystone auth_token middleware
  from 0, < 2013.1.1-2
• MEDIUM5.9CVE-2013-2255OpenStack Keystone and other components vulnerable to Improper Certificate Validation
  from 0, < 2014.1-1
• MEDIUM5.4CVE-2020-12692OpenStack Keystone does not check signature TTL of the EC2 credential auth method
  from 0, < 2:17.0.0~rc2-1
• MEDIUM5.4CVE-2012-5571OpenStack Keystone intended authorization restrictions bypass
  from 0, < 2012.1.1-11
• MEDIUM5.3CVE-2013-4294OpenStack Identity (Keystone) allows remote attackers to bypass intended access restrictions via revoked PKI token
  from 0, < 2013.1.3-2
• MEDIUM5.3CVE-2018-14432keystone - security update
  from 0, < 2:10.0.0-9+deb9u1
• MEDIUM5.3CVE-2018-14432keystone - security update
  from 0, < 2:13.0.0-7
• MEDIUM4.3CVE-2016-4911OpenStack Identity Keystone Improper Access Control
  from 0, < 2:9.0.0-2
• MEDIUM4.3CVE-2013-2059OpenStack Identity (Keystone) improper revoking of the authentication token when deleting a user
  from 0, < 2013.1.1-2
• LOW3.5CVE-2026-33551OpenStack Keystone: Restricted application credentials can create EC2 credentials
  from 0
• —CVE-2012-3426OpenStack Keystone token expiration issues
  from 0, < 2012.1.1-1
• —CVE-2013-1664XML Entity Expansion (XEE) in Django
  from 0, < 2012.1.1-13
• —CVE-2013-1665XML External Entity (XXE) in Django
  from 0, < 2012.1.1-13
• —CVE-2013-4477OpenStack Identity Keystone Privilege Escalation vulnerability
  from 0, < 2013.2-2
• —CVE-2013-2006OpenStack Keystone Sensitive information disclosure via log files
  from 0, < 2013.1.1-2
• —CVE-2012-4413OpenStack Keystone does not invalidate existing tokens when granting or revoking roles
  from 0, < 2012.1.1-6
• —CVE-2012-4457OpenStack Keystone Token authorization for a user in a disabled tenant is allowed
  from 0, < 2012.1.1-9
• —CVE-2012-4456OpenStack Keystone Improper Authentication vulnerability
  from 0, < 2012.1.1-9
• —CVE-2014-0204OpenStack Identity Keystone Improper Privilege Management
  from 0, < 2014.1-5
• —CVE-2014-3621OpenStack Identity Keystone Exposure of Sensitive Information
  from 0, < 2014.1.3-1
• —CVE-2015-3646OpenStack Keystone Logs Passwords
  from 0, < 2015.1.0-1
• —CVE-2014-3476OpenStack Identity Keystone is vulnerable to Block delegation escalation of privilege
  from 0, < 2014.1.1-2
• —CVE-2013-2014OpenStack Identity (Keystone) Denial of Service
  from 0, < 2013.1.1-2
• —CVE-2013-0282OpenStack Keystone allows context-dependent attackers to bypass access restrictions
  from 0, < 2012.1.1-13
• —CVE-2014-3520OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain…
  from 0, < 2014.1.1-3
• —CVE-2013-6391The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped tok…
  from 0, < 2013.2.1-1
• —CVE-2013-4222OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a…
  from 0, < 2013.1.3-1
• —CVE-2013-2157OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass a…
  from 0, < 2013.1.2-1
• —CVE-2013-0247OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to ca…
  from 0, < 2012.1.1-12