Openstack: >> Keystone >> 2013 Security Vulnerabilities
A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.
CVSS Score
7.4
EPSS Score
0.0
Published
2022-08-26
HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.
CVSS Score
5.9
EPSS Score
0.004
Published
2019-11-01
OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests.
CVSS Score
5.0
EPSS Score
0.028
Published
2014-06-02