OpenStack Keystone 2013.2.2

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:openstack:keystone:2013.2.2:*:*:*:*:*:*:*

part: a version: 2013.2.2 update: *

VendorOpenstack (7b0cf974-b2b5-592e-bdf4-6953805ef02a)
ProductKeystone (54be5cb9-7f0d-5cc5-bfca-6220fcd705e3)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:deb/debian/keystone purl2cpe 2026-06-01 10:17:03.366063
pkg:deb/ubuntu/keystone purl2cpe 2026-06-01 10:17:03.366064
pkg:github/openstack/keystone purl2cpe 2026-06-01 10:17:03.366065
pkg:pypi/keystone purl2cpe 2026-06-01 10:17:03.366067

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2014-2828 vulnerable 2026-06-03 14:33:51.863213 Details available
The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the same authentication method in a request, aka "authentication chaining."
Published: 2014-04-15T14:00:00.000Z
Updated: 2024-08-06T10:28:45.404Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2014-2237 vulnerable 2026-06-03 14:33:50.084633 Details available
The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being invalidated by bulk token revocation and allows the trustee to bypass intended access restrictions.
Published: 2014-04-01T01:00:00.000Z
Updated: 2024-08-06T10:06:00.289Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.