USN-8433-1
- Source
- https://ubuntu.com/security/notices/USN-8433-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8433-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-8433-1
- Upstream
- Related
- Published
- 2026-06-16T13:45:21Z
- Modified
- 2026-06-17T02:19:13.771532891Z
- Summary
- keystone vulnerabilities
- Details
-
It was discovered that OpenStack Keystone allowed restricted application credentials to create EC2 credentials. An authenticated attacker with only a reader role could possibly use this issue to bypass the role restrictions imposed on the application credential. (CVE-2026-33551)
It was discovered that the OpenStack Keystone LDAP identity backend did not correctly convert the user enabled attribute to a boolean value. An attacker could possibly use this issue to authenticate as a user disabled in LDAP. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. (CVE-2026-40683)
It was discovered that OpenStack Keystone's application credential authentication plugin did not verify that the user supplied in an authentication request matched the credential owner. An authenticated attacker could possibly impersonate another user and gain access to their tokens and credentials. (CVE-2026-42998)
It was discovered that OpenStack Keystone's RBAC policy enforcer unconditionally merged the raw JSON request body into the policy enforcement dictionary, overwriting trusted target data. An authenticated attacker could possibly use this issue to inject arbitrary policy attributes to bypass RBAC checks. (CVE-2026-42999)
It was discovered that OpenStack Keystone allowed an attacker with the member role to escalate privileges to admin by chaining application credential impersonation with Keystone trusts. An attacker could possibly use this issue to create a persistent trust delegating the victim's admin role to themselves. (CVE-2026-43000)
It was discovered that OpenStack Keystone did not validate that the project_id for an EC2 credential matched the project of the authenticating application credential. An attacker with valid credentials for one project could possibly use this issue to create EC2 credentials targeting a different project. (CVE-2026-43001)
It was discovered that OpenStack Keystone's federated token rescoping mechanism did not propagate the original token's expiry to the newly issued token. A remote attacker could possibly use this issue to maintain access indefinitely by repeatedly rescoping tokens before expiry. (CVE-2026-44394)
- References
-
- https://ubuntu.com/security/notices/USN-8433-1
- https://ubuntu.com/security/CVE-2026-33551
- https://ubuntu.com/security/CVE-2026-40683
- https://ubuntu.com/security/CVE-2026-42998
- https://ubuntu.com/security/CVE-2026-42999
- https://ubuntu.com/security/CVE-2026-43000
- https://ubuntu.com/security/CVE-2026-43001
- https://ubuntu.com/security/CVE-2026-44394
Affected packages
Ubuntu:22.04:LTS / keystone
Package
- Name
- keystone
- Purl
- pkg:deb/ubuntu/keystone?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2:21.0.1-0ubuntu2.4
Affected versions
2:20.*
2:20.0.0-0ubuntu1
2:20.0.0+git2021120815.2ddf8f321-0ubuntu1
2:20.0.0+git2022011217.771c943ad-0ubuntu1
2:20.0.0+git2022030313.a3fc9e7c3-0ubuntu1
2:21.*
2:21.0.0-0ubuntu1
2:21.0.1-0ubuntu1
2:21.0.1-0ubuntu2
2:21.0.1-0ubuntu2.1
2:21.0.1-0ubuntu2.2
Ecosystem specific
{
"binaries": [
{
"binary_version": "2:21.0.1-0ubuntu2.4",
"binary_name": "keystone"
},
{
"binary_version": "2:21.0.1-0ubuntu2.4",
"binary_name": "keystone-common"
},
{
"binary_version": "2:21.0.1-0ubuntu2.4",
"binary_name": "python3-keystone"
}
],
"availability": "No subscription required"
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8433-1.json"
cves_map
{
"cves": [
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2026-33551"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2026-40683"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2026-42998"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2026-42999"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2026-43000"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2026-43001"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2026-44394"
}
],
"ecosystem": "Ubuntu:22.04:LTS"
}
Ubuntu:24.04:LTS / keystone
Package
- Name
- keystone
- Purl
- pkg:deb/ubuntu/keystone?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2:25.0.0-0ubuntu1.4
Affected versions
2:24.*
2:24.0.0-0ubuntu1
2:24.0.0+git2024011916.adfa92b4-0ubuntu1
2:25.*
2:25.0.0~rc1-0ubuntu1
2:25.0.0-0ubuntu1
2:25.0.0-0ubuntu1.1
2:25.0.0-0ubuntu1.2
Ecosystem specific
{
"binaries": [
{
"binary_version": "2:25.0.0-0ubuntu1.4",
"binary_name": "keystone"
},
{
"binary_version": "2:25.0.0-0ubuntu1.4",
"binary_name": "keystone-common"
},
{
"binary_version": "2:25.0.0-0ubuntu1.4",
"binary_name": "python3-keystone"
}
],
"availability": "No subscription required"
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8433-1.json"
cves_map
{
"cves": [
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2026-33551"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2026-40683"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2026-42998"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2026-42999"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2026-43000"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2026-43001"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2026-44394"
}
],
"ecosystem": "Ubuntu:24.04:LTS"
}
Ubuntu:25.10 / keystone
Package
- Name
- keystone
- Purl
- pkg:deb/ubuntu/keystone?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2:28.0.0-0ubuntu1.3
Affected versions
2:27.*
2:27.0.0-0ubuntu1
2:27.0.0+git2025080113.e066e18ab-0ubuntu1
2:28.*
2:28.0.0~rc1-0ubuntu1
2:28.0.0-0ubuntu1
2:28.0.0-0ubuntu1.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "2:28.0.0-0ubuntu1.3",
"binary_name": "keystone"
},
{
"binary_version": "2:28.0.0-0ubuntu1.3",
"binary_name": "keystone-common"
},
{
"binary_version": "2:28.0.0-0ubuntu1.3",
"binary_name": "python3-keystone"
}
]
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8433-1.json"
cves_map
{
"cves": [
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2026-33551"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2026-40683"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2026-42998"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2026-42999"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2026-43000"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2026-43001"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2026-44394"
}
],
"ecosystem": "Ubuntu:25.10"
}
Ubuntu:26.04:LTS / keystone
Package
- Name
- keystone
- Purl
- pkg:deb/ubuntu/keystone?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2:29.0.0-0ubuntu1.2
Affected versions
2:28.*
2:28.0.0-0ubuntu1
2:28.0.0-0ubuntu2
2:28.0.0+git20260119.61.8a42793e7-0ubuntu1
2:29.*
2:29.0.0~rc1-0ubuntu1
2:29.0.0-0ubuntu1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "2:29.0.0-0ubuntu1.2",
"binary_name": "keystone"
},
{
"binary_version": "2:29.0.0-0ubuntu1.2",
"binary_name": "keystone-common"
},
{
"binary_version": "2:29.0.0-0ubuntu1.2",
"binary_name": "python3-keystone"
}
]
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8433-1.json"
cves_map
{
"cves": [
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2026-33551"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2026-42998"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2026-42999"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2026-43000"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2026-43001"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2026-44394"
}
],
"ecosystem": "Ubuntu:26.04:LTS"
}