rpm package
opensuse/python-keystonemiddleware&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/python-keystonemiddleware&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-22797 | Cri | 9.9 | < 10.12.0-2.1 | 10.12.0-2.1 | Jan 19, 2026 | An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The external_oauth2_token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. | |
| CVE-2015-1852 | — | < 4.9.0-1.3 | 4.9.0-1.3 | Apr 17, 2015 | The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to co |
- affected < 10.12.0-2.1fixed 10.12.0-2.1
An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The external_oauth2_token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens.
- CVE-2015-1852Apr 17, 2015affected < 4.9.0-1.3fixed 4.9.0-1.3
The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to co