Vulnerabilities > Openstack > Keystone
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-01 | CVE-2022-2447 | Operation on a Resource after Expiration or Release vulnerability in multiple products A flaw was found in Keystone. | 6.6 |
| 2022-08-26 | CVE-2021-3563 | Incorrect Authorization vulnerability in multiple products A flaw was found in openstack-keystone. | 7.4 |
| 2021-08-06 | CVE-2021-38155 | Improper Restriction of Excessive Authentication Attempts vulnerability in Openstack Keystone OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). | 7.5 |
| 2020-05-07 | CVE-2020-12692 | Authentication Bypass by Capture-replay vulnerability in multiple products An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. | 5.5 |
| 2020-05-07 | CVE-2020-12691 | Incorrect Authorization vulnerability in multiple products An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. | 8.8 |
| 2020-05-07 | CVE-2020-12690 | Insufficient Session Expiration vulnerability in Openstack Keystone An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. | 8.8 |
| 2020-05-07 | CVE-2020-12689 | Improper Privilege Management vulnerability in multiple products An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. | 8.8 |
| 2019-12-09 | CVE-2019-19687 | Insufficiently Protected Credentials vulnerability in Openstack Keystone 15.0.0/16.0.0 OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. | 3.5 |
| 2019-11-12 | CVE-2012-1572 | Resource Exhaustion vulnerability in multiple products OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space | 5.0 |
| 2019-11-01 | CVE-2013-2255 | Improper Certificate Validation vulnerability in multiple products HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. | 4.3 |