Vulnerabilities > Openstack > Keystone > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-09 | CVE-2019-19687 | Insufficiently Protected Credentials vulnerability in Openstack Keystone 15.0.0/16.0.0 OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. | 3.5 |
| 2018-07-31 | CVE-2018-14432 | Information Exposure vulnerability in multiple products In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. | 3.5 |
| 2013-05-21 | CVE-2013-2006 | Information Exposure vulnerability in Openstack Keystone 2013.1.1 OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file. | 2.1 |
| 2012-12-26 | CVE-2012-5483 | Permissions, Privileges, and Access Controls vulnerability in Openstack Keystone 2012.1.3 tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elastic Compute Cloud (Amazon EC2) is configured, uses world-readable permissions for /etc/keystone/ec2rc, which allows local users to obtain access to EC2 services by reading administrative access and secret values from this file. | 2.1 |