| CVE-2026-43001 |
high |
8.0 |
8.0 |
|
|
|
1mo ago |
An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate that the caller-supplied project_id for an EC2-type credential matched the project of the authentica… |
| CVE-2014-2828 |
high |
— |
7.8 |
|
|
|
4y ago |
The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the sa… |
| CVE-2015-7546 |
high |
7.5 |
7.5 |
|
|
|
11y ago |
The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty b… |
| CVE-2012-4456 |
high |
— |
7.5 |
|
|
|
14y ago |
The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the ro… |
| CVE-2013-4477 |
low |
— |
3.3 |
|
|
|
13y ago |
The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to g… |
| CVE-2013-2006 |
low |
— |
2.1 |
|
|
|
13y ago |
OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by readin… |
