Vulnerabilities > Openstack > Keystone

DATE CVE VULNERABILITY TITLE RISK
2022-09-01 CVE-2022-2447 Operation on a Resource after Expiration or Release vulnerability in multiple products
A flaw was found in Keystone.
network
high complexity
openstack redhat CWE-672
6.6
6.6
2022-08-26 CVE-2021-3563 Incorrect Authorization vulnerability in multiple products
A flaw was found in openstack-keystone.
network
high complexity
openstack debian redhat CWE-863
7.4
7.4
2021-08-06 CVE-2021-38155 Improper Restriction of Excessive Authentication Attempts vulnerability in Openstack Keystone
OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features).
network
low complexity
openstack CWE-307
7.5
7.5
2020-05-07 CVE-2020-12692 Authentication Bypass by Capture-replay vulnerability in multiple products
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0.
network
low complexity
openstack canonical CWE-294
5.4
5.4
2020-05-07 CVE-2020-12691 Incorrect Authorization vulnerability in multiple products
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0.
network
low complexity
openstack canonical CWE-863
8.8
8.8
2020-05-07 CVE-2020-12690 Insufficient Session Expiration vulnerability in Openstack Keystone
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0.
network
low complexity
openstack CWE-613
8.8
8.8
2020-05-07 CVE-2020-12689 Improper Privilege Management vulnerability in multiple products
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0.
network
low complexity
openstack canonical CWE-269
8.8
8.8
2019-12-09 CVE-2019-19687 Insufficiently Protected Credentials vulnerability in Openstack Keystone 15.0.0/16.0.0
OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API.
network
low complexity
openstack CWE-522
8.8
8.8
2019-11-12 CVE-2012-1572 Resource Exhaustion vulnerability in multiple products
OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space
network
low complexity
openstack debian CWE-400
7.5
7.5
2019-11-01 CVE-2013-2255 Improper Certificate Validation vulnerability in multiple products
HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.
network
high complexity
redhat openstack debian CWE-295
5.9
5.9