CVE-2026-42998

Source
https://cve.org/CVERecord?id=CVE-2026-42998
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-42998.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-42998
Aliases
Downstream
Related
Published
2026-05-28T00:00:00Z
Modified
2026-07-08T08:13:26.810395627Z
Severity
  • 6.0 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L CVSS Calculator
Summary
[none]
Details

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in the authentication request matches the owner of the application credential. An attacker can authenticate with their own application credential ID and secret while specifying a different user's name and domain in the request body. Keystone issues a token attributed to the victim user. The impersonated token is project-scoped and carries the intersection of the application credential's roles and the victim's actual roles on the project. This enables audit evasion, reading the victim's credentials, and acting as the victim within shared projects.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/42xxx/CVE-2026-42998.json",
    "cna_assigner": "mitre",
    "cwe_ids": [
        "CWE-863"
    ],
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "14.0.0"
                },
                {
                    "fixed": "27.0.2"
                },
                {
                    "introduced": "28.0.0"
                },
                {
                    "fixed": "28.0.2"
                },
                {
                    "introduced": "29.0.0"
                },
                {
                    "fixed": "29.0.2"
                }
            ],
            "source": "AFFECTED_FIELD"
        },
        {
            "extracted_events": [
                {
                    "introduced": "14.0.0"
                },
                {
                    "fixed": "27.0.2"
                },
                {
                    "introduced": "28.0.0"
                },
                {
                    "fixed": "28.0.2"
                },
                {
                    "introduced": "29.0.0"
                },
                {
                    "fixed": "29.0.2"
                }
            ],
            "source": "CPE_FIELD"
        },
        {
            "source": "DESCRIPTION",
            "extracted_events": [
                {
                    "fixed": "29.0.2"
                }
            ]
        }
    ]
}
References

Affected packages

Git / github.com/openstack/keystone

Affected ranges

Type
GIT
Repo
https://github.com/openstack/keystone
Events
Database specific
{
    "cpe": "cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "14.0.0"
        },
        {
            "fixed": "27.0.2"
        },
        {
            "introduced": "28.0.0"
        },
        {
            "fixed": "28.0.2"
        },
        {
            "introduced": "29.0.0"
        },
        {
            "fixed": "29.0.2"
        }
    ]
}

Affected versions

28.*
28.0.0
28.0.0.0rc1
28.0.1
29.*
29.0.0
29.0.0.0rc1
29.0.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-42998.json"