{"id":"PYSEC-2026-652","summary":"OpenStack Keystone allows context-dependent attackers to bypass access restrictions","details":"OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions.","aliases":["CVE-2013-0282","GHSA-8833-qrvm-wc3h"],"modified":"2026-07-06T08:00:46.213921080Z","published":"2026-07-02T14:13:22.090672Z","references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0282"},{"type":"WEB","url":"https://github.com/openstack/keystone/commit/7402f5ef994599653bdbb3ed5ff1a2b8c3e72b9f"},{"type":"WEB","url":"https://github.com/openstack/keystone/commit/9572bfc393f66f5ce3b44c0a77a9e29cc0374c6f"},{"type":"WEB","url":"https://github.com/openstack/keystone/commit/f0b4d300db5cc61d4f079f8bce9da8e8bea1081a"},{"type":"WEB","url":"https://bugs.launchpad.net/keystone/+bug/1121494"},{"type":"WEB","url":"https://launchpad.net/keystone/+milestone/2012.2.4"},{"type":"WEB","url":"https://launchpad.net/keystone/grizzly/2013.1"},{"type":"WEB","url":"https://review.openstack.org/#/c/22319"},{"type":"WEB","url":"https://review.openstack.org/#/c/22320"},{"type":"WEB","url":"https://review.openstack.org/#/c/22321"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2013/02/19/3"},{"type":"PACKAGE","url":"https://pypi.org/project/keystone"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-8833-qrvm-wc3h"}],"affected":[{"package":{"name":"keystone","ecosystem":"PyPI","purl":"pkg:pypi/keystone"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.0.0a0"}]}],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/keystone/PYSEC-2026-652.yaml"}}],"schema_version":"1.7.5"}