A remote, authenticated attacker can exploit a vulnerability in Red Hat OpenStack Keystone to bypass authentication and gain unauthorized access to the system.
| Vendor | Product | Versions |
|---|---|---|
| openstack | keystone | pip/keystone: < 28.0.1 |
Downstream vendors/products affected by this vulnerability
| Vendor | Product | Source | Confidence |
|---|---|---|---|
| red hat | openstack | cert_advisory | 90% |
Updated vendor to Red Hat, added new description detailing authentication bypass, and marked exploit as available and actively exploited.
Updated description with new details about the vulnerability and corrected exploit availability to false.
Initial creation
