Keystone
Products
2- 4 CVEs
- 1 CVE
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-29354 | Cri | 0.64 | 9.8 | 0.02 | May 16, 2022 | An arbitrary file upload vulnerability in the file upload module of Keystone v4.2.1 allows attackers to execute arbitrary code via a crafted file. | ||
| CVE-2012-1572 | Hig | 0.49 | 7.5 | 0.01 | Nov 12, 2019 | OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space | ||
| CVE-2022-2447 | Med | 0.43 | 6.6 | 0.01 | Sep 1, 2022 | A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than… | ||
| CVE-2016-4911 | Med | 0.21 | 4.3 | 0.01 | Jun 13, 2016 | The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token. | ||
| CVE-2006-1578 | 0.00 | — | 0.01 | Apr 2, 2006 | Multiple SQL injection vulnerabilities in Keystone Digital Library Suite (DLS) 1.5.4 and earlier allow remote attackers to execute arbitrary SQL commands via the subject_type_id parameter in (1) the index page and (2) the search module. |
- risk 0.64cvss 9.8epss 0.02
An arbitrary file upload vulnerability in the file upload module of Keystone v4.2.1 allows attackers to execute arbitrary code via a crafted file.
- risk 0.49cvss 7.5epss 0.01
OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space
- risk 0.43cvss 6.6epss 0.01
A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than…
- risk 0.21cvss 4.3epss 0.01
The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token.
- CVE-2006-1578Apr 2, 2006risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in Keystone Digital Library Suite (DLS) 1.5.4 and earlier allow remote attackers to execute arbitrary SQL commands via the subject_type_id parameter in (1) the index page and (2) the search module.