keystone (pypi) security advisories

MEDIUM 5.4

PyPI

CVE-2012-5571

OpenStack Keystone intended authorization restrictions bypass

May 17, 2022

UNKNOWN

PyPI

CVE-2019-19687

Dec 9, 2019

UNKNOWN

PyPI

CVE-2012-3542

Sep 5, 2012

UNKNOWN

PyPI

CVE-2013-2006

May 21, 2013

UNKNOWN

PyPI

CVE-2020-12691

May 7, 2020

UNKNOWN

PyPI

CVE-2020-12689

May 7, 2020

UNKNOWN

PyPI

CVE-2013-1865

Mar 22, 2013

UNKNOWN

PyPI

CVE-2012-3426

Jul 31, 2012

UNKNOWN

PyPI

CVE-2012-5563

Dec 18, 2012

MEDIUM 5.3

PyPI

CVE-2026-33551

Apr 10, 2026

UNKNOWN

PyPI

CVE-2020-12692

May 7, 2020

UNKNOWN

PyPI

CVE-2012-5571

Dec 18, 2012

LOW 3.5

PyPI

CVE-2026-33551

OpenStack Keystone: Restricted application credentials can create EC2 credentials

Apr 10, 2026

HIGH 7.9

PyPI

CVE-2026-43001

OpenStack Keystone has an Incorrect Authorization Issue

May 1, 2026

HIGH 7.7

PyPI

CVE-2026-40683

OpenStack Keystone: LDAP identity backend does not convert enabled attribute to boolean

Apr 14, 2026

HIGH 7.5

PyPI

CVE-2012-3542

OpenStack Keystone Allows Remote User Account Creation

May 17, 2022

UNKNOWN

PyPI

CVE-2012-4413

OpenStack Keystone does not invalidate existing tokens when granting or revoking roles

May 17, 2022

MEDIUM 6.5

PyPI

CVE-2013-0270

OpenStack Keystone Denial of Service vulnerability via a large HTTP request

May 5, 2022

HIGH 7.5

PyPI

CVE-2025-65073

OpenStack Keystone allows /v3/ec2tokens or /v3/s3tokens request with valid AWS Signature to provide Keystone authorization.

Nov 17, 2025

HIGH 7.5

PyPI

CVE-2014-2828

OpenStack Identity (Keystone) DoS through V3 API authentication chaining

May 17, 2022

MEDIUM 6.5

PyPI

CVE-2014-2237

OpenStack Identity (Keystone) Trustee token revocations does not work with memcache backend

May 17, 2022

MEDIUM 5.3

PyPI

CVE-2013-4294

OpenStack Identity (Keystone) allows remote attackers to bypass intended access restrictions via revoked PKI token

May 17, 2022

MEDIUM 5.3

PyPI

CVE-2013-1865

OpenStack Keystone Improper Authentication vulnerability

May 17, 2022

MEDIUM 6.5

PyPI

CVE-2014-5252

OpenStack Identity (Keystone) UUID v2 tokens does not expire with revocation events

May 17, 2022

MEDIUM 6.5

PyPI

CVE-2014-5251

OpenStack Identity (Keystone) Multiple vulnerabilities in revocation events

May 17, 2022

MEDIUM 6.5

PyPI

CVE-2014-5253

OpenStack Keystone Domain-scoped tokens don't get revoked

May 17, 2022

MEDIUM 4.3

PyPI

CVE-2016-4911

OpenStack Identity Keystone Improper Access Control

May 17, 2022

MEDIUM 4.3

PyPI

CVE-2013-2059

OpenStack Identity (Keystone) improper revoking of the authentication token when deleting a user

May 17, 2022

HIGH 7.2

PyPI

CVE-2017-2673

OpenStack Identity service (keystone) Incorrect Authorization

May 13, 2022

MEDIUM 4.3

PyPI

CVE-2016-4911

Jun 13, 2016

UNKNOWN

PyPI

CVE-2014-5251

Aug 25, 2014

UNKNOWN

PyPI

CVE-2014-2828

Apr 15, 2014

UNKNOWN

PyPI

CVE-2014-5252

Aug 25, 2014

UNKNOWN

PyPI

CVE-2013-2059

May 21, 2013

UNKNOWN

PyPI

CVE-2013-4294

Sep 23, 2013

HIGH 7.2

PyPI

CVE-2017-2673

Jul 19, 2018

UNKNOWN

PyPI

CVE-2014-5253

Aug 25, 2014

UNKNOWN

PyPI

CVE-2014-2237

Apr 1, 2014

UNKNOWN

PyPI

CVE-2012-3426

OpenStack Keystone token expiration issues

May 17, 2022

UNKNOWN

PyPI

CVE-2013-2006

OpenStack Keystone Sensitive information disclosure via log files

May 17, 2022

HIGH 8.8

PyPI

CVE-2020-12689

OpenStack Keystone EC2 and/or credential endpoints are not protected from a scoped context

May 24, 2022

MEDIUM 5.4

PyPI

CVE-2020-12692

OpenStack Keystone does not check signature TTL of the EC2 credential auth method

May 24, 2022

HIGH 7.5

PyPI

CVE-2015-7546

OpenStack Identity Keystone and keystonemiddleware Insufficiently Protected Credentials

May 13, 2022

HIGH 8.8

PyPI

CVE-2019-19687

OpenStack Keystone Credential Leakage

May 24, 2022

HIGH 8.8

PyPI

CVE-2020-12690

Insufficient Session Expiration in OpenStack Keystone

Jun 9, 2021

MEDIUM 5.9

PyPI

CVE-2012-5563

OpenStack Keystone Insufficient token expiration

May 17, 2022

HIGH 8.8

PyPI

CVE-2020-12691

OpenStack Keystone V3 /credentials endpoint policy logic allows to change credentials owner or target project ID

May 24, 2022

HIGH 7.5

PyPI

CVE-2021-38155

OpenStack Keystone allows information disclosure during account locking

May 24, 2022

UNKNOWN

PyPI

CVE-2014-3621

OpenStack Identity Keystone Exposure of Sensitive Information

May 13, 2022

UNKNOWN

PyPI

CVE-2014-3476

OpenStack Identity Keystone is vulnerable to Block delegation escalation of privilege

May 13, 2022

UNKNOWN

PyPI

CVE-2014-0204

OpenStack Identity Keystone Improper Privilege Management

May 13, 2022

UNKNOWN

PyPI

CVE-2013-2014

OpenStack Identity (Keystone) Denial of Service

May 13, 2022

UNKNOWN

PyPI

CVE-2013-0282

OpenStack Keystone allows context-dependent attackers to bypass access restrictions

May 5, 2022

MEDIUM 5.9

PyPI

CVE-2013-2255

OpenStack Keystone and other components vulnerable to Improper Certificate Validation

May 5, 2022

UNKNOWN

PyPI

CVE-2013-4477

OpenStack Identity Keystone Privilege Escalation vulnerability

May 17, 2022

CRITICAL 9.1

PyPI

CVE-2021-3563

Openstack Keystone Incorrect Authorization vulnerability

Aug 27, 2022

UNKNOWN

PyPI

CVE-2012-4457

OpenStack Keystone Token authorization for a user in a disabled tenant is allowed

May 14, 2022

UNKNOWN

PyPI

CVE-2015-3646

OpenStack Keystone Logs Passwords

May 13, 2022

UNKNOWN

PyPI

CVE-2020-12690

May 7, 2020

UNKNOWN

PyPI

CVE-2018-20170

Dec 17, 2018

UNKNOWN

PyPI

CVE-2012-4456

OpenStack Keystone Improper Authentication vulnerability

May 14, 2022

UNKNOWN

PyPI

PYSEC-2019-99

Dec 9, 2019

keystone

Vulnerabilities

OpenStack Keystone intended authorization restrictions bypass

CVE-2019-19687

CVE-2012-3542

CVE-2013-2006

CVE-2020-12691

CVE-2020-12689

CVE-2013-1865

CVE-2012-3426

CVE-2012-5563

CVE-2026-33551

CVE-2020-12692

CVE-2012-5571

OpenStack Keystone: Restricted application credentials can create EC2 credentials

OpenStack Keystone has an Incorrect Authorization Issue

OpenStack Keystone: LDAP identity backend does not convert enabled attribute to boolean

OpenStack Keystone Allows Remote User Account Creation

OpenStack Keystone does not invalidate existing tokens when granting or revoking roles

OpenStack Keystone Denial of Service vulnerability via a large HTTP request

OpenStack Keystone allows /v3/ec2tokens or /v3/s3tokens request with valid AWS Signature to provide Keystone authorization.

OpenStack Identity (Keystone) DoS through V3 API authentication chaining

OpenStack Identity (Keystone) Trustee token revocations does not work with memcache backend

OpenStack Identity (Keystone) allows remote attackers to bypass intended access restrictions via revoked PKI token

OpenStack Keystone Improper Authentication vulnerability

OpenStack Identity (Keystone) UUID v2 tokens does not expire with revocation events

OpenStack Identity (Keystone) Multiple vulnerabilities in revocation events

OpenStack Keystone Domain-scoped tokens don't get revoked

OpenStack Identity Keystone Improper Access Control

OpenStack Identity (Keystone) improper revoking of the authentication token when deleting a user

OpenStack Identity service (keystone) Incorrect Authorization

CVE-2016-4911

CVE-2014-5251

CVE-2014-2828

CVE-2014-5252

CVE-2013-2059

CVE-2013-4294

CVE-2017-2673

CVE-2014-5253

CVE-2014-2237

OpenStack Keystone token expiration issues

OpenStack Keystone Sensitive information disclosure via log files

OpenStack Keystone EC2 and/or credential endpoints are not protected from a scoped context

OpenStack Keystone does not check signature TTL of the EC2 credential auth method

OpenStack Identity Keystone and keystonemiddleware Insufficiently Protected Credentials

OpenStack Keystone Credential Leakage

Insufficient Session Expiration in OpenStack Keystone

OpenStack Keystone Insufficient token expiration

OpenStack Keystone V3 /credentials endpoint policy logic allows to change credentials owner or target project ID

OpenStack Keystone allows information disclosure during account locking

OpenStack Identity Keystone Exposure of Sensitive Information

OpenStack Identity Keystone is vulnerable to Block delegation escalation of privilege

OpenStack Identity Keystone Improper Privilege Management

OpenStack Identity (Keystone) Denial of Service

OpenStack Keystone allows context-dependent attackers to bypass access restrictions

OpenStack Keystone and other components vulnerable to Improper Certificate Validation

OpenStack Identity Keystone Privilege Escalation vulnerability

Openstack Keystone Incorrect Authorization vulnerability

OpenStack Keystone Token authorization for a user in a disabled tenant is allowed

OpenStack Keystone Logs Passwords

CVE-2020-12690

CVE-2018-20170

OpenStack Keystone Improper Authentication vulnerability

PYSEC-2019-99

Start Securing