OpenStack Keystone 2013.1 Milestone 2

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:openstack:keystone:2013.1:milestone2:*:*:*:*:*:*

part: a version: 2013.1 update: milestone2

VendorOpenstack (7b0cf974-b2b5-592e-bdf4-6953805ef02a)
ProductKeystone (54be5cb9-7f0d-5cc5-bfca-6220fcd705e3)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:deb/debian/keystone purl2cpe 2026-06-01 10:17:03.366041
pkg:deb/ubuntu/keystone purl2cpe 2026-06-01 10:17:03.366042
pkg:github/openstack/keystone purl2cpe 2026-06-01 10:17:03.366044
pkg:pypi/keystone purl2cpe 2026-06-01 10:17:03.366045

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2013-0282 vulnerable 2026-06-03 14:32:42.624116 Details available
OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions.
Published: 2013-04-12T22:00:00.000Z
Updated: 2024-08-06T14:18:09.876Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2013-0270 vulnerable 2026-06-03 14:32:42.508677 Keystone: openstack keystone: denial of service via large http request with long tenant name
MEDIUM (6.5)
A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected system.
Published: 2013-04-12T22:00:00.000Z
Updated: 2026-04-07T06:55:17.958Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.