Skip to main content

Keystone

48 CVEs product

Monthly

CVE-2026-42999 PyPI HIGH PATCH This Week

Authorization bypass in OpenStack Keystone before 29.0.2 lets any authenticated user override trusted RBAC policy targets by injecting attributes like user_id or project_id into the JSON request body. The enforce_call routine unconditionally merges the raw request body over database-derived target data, so low-privileged users can perform operations on resources owned by other users or projects. No public exploit is identified at time of analysis and EPSS exploitation probability is very low (0.03%), but the flaw is trivially exploitable by any account and a vendor patch is available.

Python Authentication Bypass Keystone
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-43000 PyPI HIGH PATCH This Week

Privilege escalation in OpenStack Keystone before 29.0.2 lets a user holding only the member role on a project chain unrestricted application credentials with Keystone trusts to obtain admin. Because Keystone validates delegated roles against the victim's actual database role assignments rather than the roles on the requesting token, an attacker who can impersonate a victim's token can mint a trust delegating the victim's admin role to themselves, with all activity logged under the victim's identity. Exploitation is only practical when paired with a separate application-credential impersonation flaw; EPSS is very low (0.03%) and there is no public exploit identified at time of analysis.

Authentication Bypass Keystone
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-43001 PyPI HIGH PATCH GHSA This Week

Cross-project privilege escalation in OpenStack Keystone (releases 13 through 29) lets a holder of an unrestricted application credential for one project mint an EC2-type credential targeting a different project, because POST /v3/credentials never validates that the caller-supplied project_id matches the authenticating app credential's project. Exchanging that EC2 credential at /v3/ec2tokens then yields a Keystone token scoped to the second project while retaining the original app_cred_id, enabling lateral movement across tenants. There is no public exploit identified at time of analysis and EPSS is very low (0.01%), but the authorization flaw (CWE-863) is confirmed and patched by upstream and distributors.

Authentication Bypass Microsoft Keystone
NVD VulDB
CVSS 3.1
8.0
EPSS
0.0%
CVE-2026-33551 PyPI LOW PATCH Monitor

OpenStack Keystone 14 through 29.x allows authenticated users with restricted application credentials to create EC2 credentials that inherit the parent user's full S3 permissions, bypassing role restrictions. This privilege escalation affects only deployments combining restricted application credentials with the EC2/S3 compatibility API (swift3/s3api), and requires valid authentication credentials and moderate attack complexity to exploit.

Authentication Bypass Keystone
NVD VulDB
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-46720 npm LOW PATCH Monitor

Keystone is a content management system for Node.js. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Node.js Keystone
NVD GitHub
CVSS 3.1
3.1
EPSS
0.1%
CVE-2023-40027 npm MEDIUM PATCH This Month

Keystone is an open source headless CMS for Node.js - built with GraphQL and React. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Node.js Authentication Bypass Keystone
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-34247 npm MEDIUM PATCH This Month

Keystone is a content management system for Node.JS. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Node.js Open Redirect Keystone
NVD GitHub
CVSS 3.1
4.1
EPSS
0.4%
CVE-2022-39382 npm CRITICAL POC PATCH Act Now

Keystone is a headless CMS for Node.js - built with GraphQL and React.`@keystone-6/core@3.0.0 || 3.0.1` users that use `NODE_ENV` to trigger security-sensitive functionality in their production. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Node.js Keystone
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-39322 npm CRITICAL POC PATCH Act Now

@keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Node.js Keystone
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-2447 MEDIUM POC This Month

A flaw was found in Keystone. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Keystone Openstack Platform Quay Storage
NVD
CVSS 3.1
6.6
EPSS
0.6%
CVE-2022-29354 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the file upload module of Keystone v4.2.1 allows attackers to execute arbitrary code via a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Keystone
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2021-38155 PyPI HIGH POC PATCH This Week

OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Keystone
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2020-12692 PyPI MEDIUM PATCH This Month

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Keystone Ubuntu Linux
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-12691 PyPI HIGH PATCH This Week

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Keystone Ubuntu Linux
NVD
CVSS 3.1
8.8
EPSS
4.9%
CVE-2020-12690 PyPI HIGH PATCH This Week

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Keystone
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2020-12689 PyPI HIGH PATCH This Week

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Keystone Ubuntu Linux
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2019-19687 PyPI HIGH POC PATCH This Week

OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Keystone
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2018-20170 PyPI MEDIUM POC PATCH This Month

OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Keystone
NVD
CVSS 3.0
5.3
EPSS
1.1%
CVE-2018-14432 MEDIUM PATCH This Month

In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Debian Linux Openstack Keystone
NVD
CVSS 3.0
5.3
EPSS
1.6%
CVE-2017-16570 npm HIGH POC PATCH This Week

KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7_KEYJS_03. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Keystone
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
0.2%
CVE-2017-15881 npm MEDIUM PATCH This Month

Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 allows remote authenticated administrators to inject arbitrary web script or HTML via the "content brief" or "content extended". Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Keystone
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2017-15879 npm HIGH POC PATCH This Week

CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Keystone
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
9.8%
CVE-2017-15878 npm MEDIUM POC PATCH This Month

A cross-site scripting (XSS) vulnerability exists in fields/types/markdown/MarkdownType.js in KeystoneJS before 4.0.0-beta.7 via the Contact Us feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Keystone
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
3.6%
CVE-2015-7546 PyPI HIGH PATCH This Week

The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Python Authentication Bypass Keystonemiddleware Keystone Solaris
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2015-3646 PyPI MEDIUM PATCH This Month

OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Keystone Solaris
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-0204 PyPI MEDIUM POC PATCH This Month

OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Keystone
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2014-3520 MEDIUM POC PATCH This Month

OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Keystone
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2014-3621 PyPI MEDIUM POC PATCH This Month

The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Keystone Ubuntu Linux Openstack
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2014-5253 PyPI MEDIUM PATCH This Month

OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

Authentication Bypass Keystone Ubuntu Linux
NVD
CVSS 2.0
4.9
EPSS
0.3%
CVE-2014-5252 PyPI MEDIUM PATCH This Month

The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

Authentication Bypass Keystone Ubuntu Linux
NVD
CVSS 2.0
4.9
EPSS
0.3%
CVE-2014-5251 PyPI MEDIUM PATCH This Month

The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

Authentication Bypass Keystone Ubuntu Linux
NVD
CVSS 2.0
4.9
EPSS
0.3%
CVE-2014-3476 PyPI MEDIUM POC PATCH This Month

OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available.

Privilege Escalation Keystone Cloud
NVD
CVSS 2.0
6.0
EPSS
0.7%
CVE-2013-2014 PyPI MEDIUM PATCH This Month

OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Keystone Fedora
NVD
CVSS 2.0
5.0
EPSS
2.4%
CVE-2014-2828 PyPI HIGH PATCH This Week

The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Denial Of Service Authentication Bypass Keystone
NVD VulDB
CVSS 2.0
7.8
EPSS
0.9%
CVE-2014-2237 PyPI MEDIUM PATCH This Month

The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Keystone
NVD VulDB
CVSS 2.0
5.0
EPSS
0.2%
CVE-2013-6391 MEDIUM POC This Month

The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Privilege Escalation Keystone Ubuntu Linux Openstack
NVD
CVSS 2.0
5.8
EPSS
0.5%
CVE-2013-4222 MEDIUM This Month

OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Keystone Fedora Ubuntu Linux Openstack
NVD
CVSS 2.0
6.5
EPSS
0.6%
CVE-2013-4294 PyPI MEDIUM PATCH This Month

The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Keystone
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2013-2157 MEDIUM This Month

OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Keystone
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-2059 PyPI MEDIUM POC PATCH This Month

OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API,. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available.

Authentication Bypass Keystone
NVD
CVSS 2.0
6.0
EPSS
0.9%
CVE-2013-2006 PyPI LOW PATCH Monitor

OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Keystone
NVD GitHub
CVSS 2.0
2.1
EPSS
0.0%
CVE-2013-0282 PyPI MEDIUM PATCH This Month

OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Keystone
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2013-0247 MEDIUM PATCH This Month

OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service (disk consumption) via many invalid. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Keystone Ubuntu Linux
NVD
CVSS 2.0
5.0
EPSS
3.0%
CVE-2012-5483 LOW Monitor

tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elastic Compute Cloud (Amazon EC2) is configured, uses world-readable permissions for /etc/keystone/ec2rc, which allows. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Elastic Keystone
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2012-4457 PyPI MEDIUM PATCH This Month

OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Keystone
NVD GitHub
CVSS 2.0
4.0
EPSS
0.6%
CVE-2012-4456 PyPI HIGH PATCH This Week

The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Keystone
NVD GitHub
CVSS 2.0
7.5
EPSS
4.0%
CVE-2012-4413 PyPI MEDIUM PATCH This Month

OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Keystone
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2012-3426 PyPI MEDIUM POC PATCH This Month

OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. Public exploit code available.

Privilege Escalation Essex Horizon Keystone
NVD GitHub
CVSS 2.0
4.9
EPSS
0.6%
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Authorization bypass in OpenStack Keystone before 29.0.2 lets any authenticated user override trusted RBAC policy targets by injecting attributes like user_id or project_id into the JSON request body. The enforce_call routine unconditionally merges the raw request body over database-derived target data, so low-privileged users can perform operations on resources owned by other users or projects. No public exploit is identified at time of analysis and EPSS exploitation probability is very low (0.03%), but the flaw is trivially exploitable by any account and a vendor patch is available.

Python Authentication Bypass Keystone
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Privilege escalation in OpenStack Keystone before 29.0.2 lets a user holding only the member role on a project chain unrestricted application credentials with Keystone trusts to obtain admin. Because Keystone validates delegated roles against the victim's actual database role assignments rather than the roles on the requesting token, an attacker who can impersonate a victim's token can mint a trust delegating the victim's admin role to themselves, with all activity logged under the victim's identity. Exploitation is only practical when paired with a separate application-credential impersonation flaw; EPSS is very low (0.03%) and there is no public exploit identified at time of analysis.

Authentication Bypass Keystone
NVD VulDB
EPSS 0% CVSS 8.0
HIGH PATCH This Week

Cross-project privilege escalation in OpenStack Keystone (releases 13 through 29) lets a holder of an unrestricted application credential for one project mint an EC2-type credential targeting a different project, because POST /v3/credentials never validates that the caller-supplied project_id matches the authenticating app credential's project. Exchanging that EC2 credential at /v3/ec2tokens then yields a Keystone token scoped to the second project while retaining the original app_cred_id, enabling lateral movement across tenants. There is no public exploit identified at time of analysis and EPSS is very low (0.01%), but the authorization flaw (CWE-863) is confirmed and patched by upstream and distributors.

Authentication Bypass Microsoft Keystone
NVD VulDB
EPSS 0% CVSS 3.5
LOW PATCH Monitor

OpenStack Keystone 14 through 29.x allows authenticated users with restricted application credentials to create EC2 credentials that inherit the parent user's full S3 permissions, bypassing role restrictions. This privilege escalation affects only deployments combining restricted application credentials with the EC2/S3 compatibility API (swift3/s3api), and requires valid authentication credentials and moderate attack complexity to exploit.

Authentication Bypass Keystone
NVD VulDB
EPSS 0% CVSS 3.1
LOW PATCH Monitor

Keystone is a content management system for Node.js. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Node.js +1
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Keystone is an open source headless CMS for Node.js - built with GraphQL and React. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Node.js Authentication Bypass Keystone
NVD GitHub
EPSS 0% CVSS 4.1
MEDIUM PATCH This Month

Keystone is a content management system for Node.JS. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Node.js Open Redirect Keystone
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

Keystone is a headless CMS for Node.js - built with GraphQL and React.`@keystone-6/core@3.0.0 || 3.0.1` users that use `NODE_ENV` to trigger security-sensitive functionality in their production. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Node.js Keystone
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

@keystone-6/core is a core package for Keystone 6, a content management system for Node.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Node.js Keystone
NVD GitHub
EPSS 1% CVSS 6.6
MEDIUM POC This Month

A flaw was found in Keystone. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Keystone Openstack Platform +2
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An arbitrary file upload vulnerability in the file upload module of Keystone v4.2.1 allows attackers to execute arbitrary code via a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Keystone
NVD
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Keystone
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Keystone Ubuntu Linux
NVD
EPSS 5% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Keystone Ubuntu Linux
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Keystone
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Keystone Ubuntu Linux
NVD
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Keystone
NVD
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

OpenStack Keystone through 14.0.1 has a user enumeration vulnerability because invalid usernames have much faster responses than valid ones for a POST /v3/auth/tokens request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Keystone
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Debian Linux Openstack +1
NVD
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7_KEYJS_03. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Keystone
NVD GitHub Exploit-DB
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 allows remote authenticated administrators to inject arbitrary web script or HTML via the "content brief" or "content extended". Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Keystone
NVD GitHub
EPSS 10% CVSS 8.8
HIGH POC PATCH This Week

CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Keystone
NVD GitHub Exploit-DB
EPSS 4% CVSS 6.1
MEDIUM POC PATCH This Month

A cross-site scripting (XSS) vulnerability exists in fields/types/markdown/MarkdownType.js in KeystoneJS before 4.0.0-beta.7 via the Contact Us feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Keystone
NVD GitHub Exploit-DB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Python Authentication Bypass Keystonemiddleware +2
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Keystone Solaris
NVD
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Keystone
NVD
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Keystone
NVD
EPSS 0% CVSS 4.0
MEDIUM POC PATCH This Month

The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Keystone Ubuntu Linux +1
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

Authentication Bypass Keystone Ubuntu Linux
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

Authentication Bypass Keystone Ubuntu Linux
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

Authentication Bypass Keystone Ubuntu Linux
NVD
EPSS 1% CVSS 6.0
MEDIUM POC PATCH This Month

OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available.

Privilege Escalation Keystone Cloud
NVD
EPSS 2% CVSS 5.0
MEDIUM PATCH This Month

OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Keystone Fedora
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Denial Of Service Authentication Bypass Keystone
NVD VulDB
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Keystone
NVD VulDB
EPSS 0% CVSS 5.8
MEDIUM POC This Month

The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Privilege Escalation Keystone Ubuntu Linux +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Keystone Fedora +2
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Keystone
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Keystone
NVD
EPSS 1% CVSS 6.0
MEDIUM POC PATCH This Month

OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API,. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Public exploit code available.

Authentication Bypass Keystone
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Keystone
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Keystone
NVD
EPSS 3% CVSS 5.0
MEDIUM PATCH This Month

OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service (disk consumption) via many invalid. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Keystone Ubuntu Linux
NVD
EPSS 0% CVSS 2.1
LOW Monitor

tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elastic Compute Cloud (Amazon EC2) is configured, uses world-readable permissions for /etc/keystone/ec2rc, which allows. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Elastic Keystone
NVD
EPSS 1% CVSS 4.0
MEDIUM PATCH This Month

OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Keystone
NVD GitHub
EPSS 4% CVSS 7.5
HIGH PATCH This Week

The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Keystone
NVD GitHub
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Keystone
NVD
EPSS 1% CVSS 4.9
MEDIUM POC PATCH This Month

OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. Public exploit code available.

Privilege Escalation Essex Horizon +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy