Bugs fixes in "keystone"
| Origin | Bug number | Title | Date fixed |
|---|---|---|---|
| CVE | CVE-2026-44394 | An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's | 2026-06-16 |
| CVE | CVE-2026-43001 | An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate that the caller-supplied project_id for an EC2-typ | 2026-06-16 |
| CVE | CVE-2026-43000 | An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker wi | 2026-06-16 |
| CVE | CVE-2026-42999 | An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforce_call unconditionally merges the raw JSON re | 2026-06-16 |
| CVE | CVE-2026-42998 | An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user | 2026-06-16 |
| CVE | CVE-2026-40683 | In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the user_enabled_invert | 2026-06-16 |
| CVE | CVE-2026-33551 | An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create | 2026-06-16 |
| CVE | CVE-2026-44394 | An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's | 2026-06-16 |
| CVE | CVE-2026-43001 | An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate that the caller-supplied project_id for an EC2-typ | 2026-06-16 |
| CVE | CVE-2026-43000 | An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker wi | 2026-06-16 |
| CVE | CVE-2026-42999 | An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforce_call unconditionally merges the raw JSON re | 2026-06-16 |
| CVE | CVE-2026-42998 | An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user | 2026-06-16 |
| CVE | CVE-2026-40683 | In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the user_enabled_invert | 2026-06-16 |
| CVE | CVE-2026-33551 | An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create | 2026-06-16 |
| CVE | CVE-2026-44394 | An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's | 2026-06-16 |
| CVE | CVE-2026-43001 | An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate that the caller-supplied project_id for an EC2-typ | 2026-06-16 |
| CVE | CVE-2026-43000 | An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker wi | 2026-06-16 |
| CVE | CVE-2026-42999 | An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforce_call unconditionally merges the raw JSON re | 2026-06-16 |
| CVE | CVE-2026-42998 | An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user | 2026-06-16 |
| CVE | CVE-2026-40683 | In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the user_enabled_invert | 2026-06-16 |
About
-
Send Feedback to @ubuntu_updates
