OpenStack Keystone 2013.1 Milestone 3

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:openstack:keystone:2013.1:milestone3:*:*:*:*:*:*

part: a version: 2013.1 update: milestone3

VendorOpenstack (7b0cf974-b2b5-592e-bdf4-6953805ef02a)
ProductKeystone (54be5cb9-7f0d-5cc5-bfca-6220fcd705e3)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:deb/debian/keystone purl2cpe 2026-06-01 10:17:03.366046
pkg:deb/ubuntu/keystone purl2cpe 2026-06-01 10:17:03.366048
pkg:github/openstack/keystone purl2cpe 2026-06-01 10:17:03.366049
pkg:pypi/keystone purl2cpe 2026-06-01 10:17:03.366051

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2013-0282 vulnerable 2026-06-03 14:32:42.624135 Details available
OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions.
Published: 2013-04-12T22:00:00.000Z
Updated: 2024-08-06T14:18:09.876Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2013-0270 vulnerable 2026-06-03 14:32:42.509214 Keystone: openstack keystone: denial of service via large http request with long tenant name
MEDIUM (6.5)
A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected system.
Published: 2013-04-12T22:00:00.000Z
Updated: 2026-04-07T06:55:17.958Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.