keystone@20.0.0.0rc1 vulnerabilities
OpenStack Identity
-
latest version
25.0.0
-
latest non vulnerable version
-
first published
6 years ago
-
latest version published
a month ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the keystone package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
keystone is a package that provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. Affected versions of this package are vulnerable to Information Exposure during account locking. By guessing the name of an account and failing to authenticate multiple times, any unauthenticated actor could both confirm the account exists and obtain that account's corresponding How to fix Information Exposure? Upgrade |
[,16.0.2)
[17.0.0,17.0.1)
[18.0.0,18.1.0)
[19.0.0,20.0.0)
|