PYSEC-2026-832

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/keystone/PYSEC-2026-832.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-832
Aliases
Published
2026-07-06T08:03:22.962802Z
Modified
2026-07-07T11:45:41.935898460Z
Summary
OpenStack Keystone Improper Authentication vulnerability
Details

The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the roles for an arbitrary user or get, create, or delete arbitrary services.

References

Affected packages

PyPI / keystone

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2012.1
Fixed
2012.1.2

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/keystone/PYSEC-2026-832.yaml"