VYPR

Keystonemiddleware

by OpenStack

pypi: keystonemiddleware

CVEs (4)

  • CVE-2026-22797CriJan 19, 2026
    risk 0.57cvss 9.9epss 0.00

    An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The external_oauth2_token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0…

  • CVE-2015-7546HigFeb 3, 2016
    risk 0.42cvss 7.5epss 0.02

    The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI…

  • CVE-2015-1852Apr 17, 2015
    risk 0.00cvss epss 0.03

    The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to…

  • CVE-2014-7144Oct 2, 2014
    risk 0.00cvss epss 0.02

    OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct…