Information on source package keystone

Available versions

ReleaseVersion
buster2:14.2.0-0+deb10u1
bullseye2:18.0.0-3+deb11u1
bookworm2:22.0.0-1.1
sid2:22.0.0-1.1

Open issues

BugbusterbullseyebookwormsidDescription
CVE-2021-38155vulnerable (no DSA)fixedfixedfixedOpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1 ...
CVE-2021-3563vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableA flaw was found in openstack-keystone. Only the first 72 characters o ...

Resolved issues

BugDescription
CVE-2020-12692An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0. ...
CVE-2020-12691An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0. ...
CVE-2020-12690An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0. ...
CVE-2020-12689An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0. ...
CVE-2019-19687OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in th ...
CVE-2018-14432In the Federation component of OpenStack Keystone before 11.0.4, 12.0. ...
CVE-2017-2673An authorization-check flaw was discovered in federation configuration ...
CVE-2016-4911The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x befor ...
CVE-2015-7546The identity service in OpenStack Identity (Keystone) before 2015.1.3 ...
CVE-2015-3646OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014 ...
CVE-2014-5253OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno befo ...
CVE-2014-5252The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 ...
CVE-2014-5251The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x befor ...
CVE-2014-3621A flaw was found in the keystone catalog URL replacement. A user with ...
CVE-2014-3520A flaw was found in the way keystone handled trusts. A trustee could u ...
CVE-2014-3476A flaw was found in keystone's chained delegation. A trustee able to c ...
CVE-2014-2828The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and ...
CVE-2014-2237The memcache token backend in OpenStack Identity (Keystone) 2013.1 thr ...
CVE-2014-0204OpenStack Identity (Keystone) before 2014.1.1 does not properly handle ...
CVE-2014-0105The auth_token middleware in the OpenStack Python client library for K ...
CVE-2013-6391CVE-2013-6391 OpenStack Keystone: trust circumvention through EC2-styl ...
CVE-2013-4477CVE-2013-4477 openstack-keystone: unintentional role granting with Key ...
CVE-2013-4294CVE-2013-4294 OpenStack: Keystone Token revocation failure using Keyst ...
CVE-2013-4222CVE-2013-4222 OpenStack: Keystone disabling a tenant does not disable ...
CVE-2013-2255HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, ...
CVE-2013-2157CVE-2013-2157 openstack-keystone: Authentication bypass when using LDA ...
CVE-2013-2104CVE-2013-2104 OpenStack Keystone: Missing expiration check in Keystone ...
CVE-2013-2059OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly bef ...
CVE-2013-2014OpenStack Identity (Keystone) before 2013.1 allows remote attackers to ...
CVE-2013-2006CVE-2013-2006 OpenStack keystone: DEBUG level LDAP password disclosure ...
CVE-2013-1977OpenStack devstack uses world-readable permissions for keystone.conf, ...
CVE-2013-1865CVE-2013-1865 OpenStack keystone: online validation of Keystone PKI to ...
CVE-2013-1665The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used ...
CVE-2013-1664The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used ...
CVE-2013-0282CVE-2013-0282 OpenStack Keystone: EC2-style authentication accepts dis ...
CVE-2013-0270CVE-2013-0270 OpenStack Keystone: Large HTTP request DoS ...
CVE-2013-0247CVE-2013-0247 OpenStack Keystone: denial of service through invalid to ...
CVE-2012-5571CVE-2012-5571 OpenStack: Keystone EC2-style credentials invalidation i ...
CVE-2012-5563CVE-2012-5563 OpenStack: Keystone extension of token validity through ...
CVE-2012-5483CVE-2012-5483 OpenStack: Keystone /etc/keystone/ec2rc secret key expos ...
CVE-2012-4457CVE-2012-4457 OpenStack Keystone 2012.1.1: fails to raise Unauthorized ...
CVE-2012-4456CVE-2012-4456 Openstack Keystone 2012.1.1: fails to validate tokens in ...
CVE-2012-4413CVE-2012-4413 OpenStack-Keystone: role revocation token issues ...
CVE-2012-3542CVE-2012-3542 OpenStack Keystone: Lack of authorization for adding use ...
CVE-2012-3426OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before ...
CVE-2012-1572OpenStack Keystone: extremely long passwords can crash Keystone by exh ...

Security announcements

DSA / DLADescription
DSA-4679-1keystone - security update
DSA-4275-1keystone - security update

Search for package or bug name: Reporting problems