QSearchQSearch

CVE-2026-42998

6.0 MEDIUM

An issue was discovered in OpenStack Keystone before 29.0.2

Published: 2026-05-28 · Last updated: 2026-06-02

Severity and scoring

CVSS
6.0 MEDIUM
Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
CWE
CWE-863

Affected products

VendorProduct
openstackkeystone

Description

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in the authentication request matches the owner of the application credential. An attacker can authenticate with their own application credential ID and secret while specifying a different user's name and domain in the request body. Keystone issues a token attributed to the victim user. The impersonated token is project-scoped and carries the intersection of the application credential's roles and the victim's actual roles on the project. This enables audit evasion, reading the victim's credentials, and acting as the victim within shared projects.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-48681 OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image (5.9 MEDIUM)
  • CVE-2026-44917 OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via ... (4.9 MEDIUM)
  • CVE-2026-46447 OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info (5.8 MEDIUM)
  • CVE-2026-44394 An issue was discovered in OpenStack Keystone before 29.0.2 (6.0 MEDIUM)
  • CVE-2026-43000 An issue was discovered in OpenStack Keystone before 29.0.2 (6.0 MEDIUM)

Same CWE

  • CVE-2026-47777 Mastodon is a free, open-source social network server based on ActivityPub (7.5 HIGH)
  • CVE-2016-20075 WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor... (8.8 HIGH)
  • CVE-2026-34023 The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an incorrect authorization vulnerability in the WebSocket...
  • CVE-2026-2470 The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Incorrect Authorization in all versions... (4.3 MEDIUM)
  • CVE-2026-54398 An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with object editing permissions to assign a MISP o...