{"api_version":"1","generated_at":"2026-07-09T12:34:29+00:00","cve":"CVE-2015-7546","urls":{"html":"https://cve.report/CVE-2015-7546","api":"https://cve.report/api/cve/CVE-2015-7546.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2015-7546","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2015-7546"},"summary":{"title":"CVE-2015-7546","description":"The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers, which allows remote authenticated users to bypass intended access restrictions and gain access to cloud resources by manipulating byte fields within a revoked token.","state":"PUBLISHED","assigner":"redhat","published_at":"2016-02-03 18:59:04","updated_at":"2026-05-06 22:30:45"},"problem_types":["CWE-522","n/a"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"6","severity":"","vector":"AV:N/AC:M/Au:S/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:P","baseScore":6,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"https://security.openstack.org/ossa/OSSA-2016-005.html","name":"https://security.openstack.org/ossa/OSSA-2016-005.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"OSSA-2016-005: Potential reuse of revoked Identity tokens — OpenStack Security Advisories 2014.2.0.dev100 documentation","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/80498","name":"http://www.securityfocus.com/bid/80498","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"OpenStack Keystone PKI Token Revocation CVE-2015-7546 Security Bypass Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://wiki.openstack.org/wiki/OSSN/OSSN-0062","name":"https://wiki.openstack.org/wiki/OSSN/OSSN-0062","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"OSSN/OSSN-0062 - OpenStack","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugs.launchpad.net/keystone/+bug/1490804","name":"https://bugs.launchpad.net/keystone/+bug/1490804","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"],"title":"Bug #1490804 “[OSSA 2016-005] PKI Token Revocation Bypass (CVE-2...” : Bugs : OpenStack Identity (keystone)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","name":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"Oracle Solaris Bulletin - April 2016","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2015-7546","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7546","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2015","cve_id":"7546","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openstack","cpe5":"keystone","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"7546","vulnerable":"1","versionEndIncluding":"2015.1.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openstack","cpe5":"keystone","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"7546","vulnerable":"1","versionEndIncluding":"1.5.3","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openstack","cpe5":"keystonemiddleware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"7546","vulnerable":"1","versionEndIncluding":"2.3.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openstack","cpe5":"keystonemiddleware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"7546","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"oracle","cpe5":"solaris","cpe6":"11.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T07:51:28.547Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://wiki.openstack.org/wiki/OSSN/OSSN-0062"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugs.launchpad.net/keystone/+bug/1490804"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://security.openstack.org/ossa/OSSA-2016-005.html"},{"name":"80498","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/80498"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2016-01-29T00:00:00.000Z","descriptions":[{"lang":"en","value":"The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers, which allows remote authenticated users to bypass intended access restrictions and gain access to cloud resources by manipulating byte fields within a revoked token."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2016-11-25T19:57:01.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://wiki.openstack.org/wiki/OSSN/OSSN-0062"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugs.launchpad.net/keystone/+bug/1490804"},{"tags":["x_refsource_CONFIRM"],"url":"https://security.openstack.org/ossa/OSSA-2016-005.html"},{"name":"80498","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/80498"}]}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2015-7546","datePublished":"2016-02-03T15:00:00.000Z","dateReserved":"2015-09-29T00:00:00.000Z","dateUpdated":"2024-08-06T07:51:28.547Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2016-02-03 18:59:04","lastModifiedDate":"2026-05-06 22:30:45","problem_types":["CWE-522","n/a"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:P","baseScore":6,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openstack:keystonemiddleware:*:*:*:*:*:*:*:*","versionStartIncluding":"1.5.0","versionEndIncluding":"1.5.3","matchCriteriaId":"3ADA0574-1FD8-4A09-9B16-AAC8BBA04044"},{"vulnerable":true,"criteria":"cpe:2.3:a:openstack:keystonemiddleware:*:*:*:*:*:*:*:*","versionStartIncluding":"1.6.0","versionEndIncluding":"2.3.2","matchCriteriaId":"B6E38FC5-542C-4E28-B8A1-6B74BE2F2F09"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.0.2","matchCriteriaId":"45D1E8A3-296D-43C3-8E15-33DD1F538A73"},{"vulnerable":true,"criteria":"cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*","versionStartIncluding":"2015.1.0","versionEndIncluding":"2015.1.2","matchCriteriaId":"9D8CA36D-3998-45CC-812C-C8AF9B3E0D28"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*","matchCriteriaId":"79A602C5-61FE-47BA-9786-F045B6C6DBA8"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2015","CveId":"7546","Ordinal":"1","Title":"CVE-2015-7546","CVE":"CVE-2015-7546","Year":"2015"},"notes":[{"CveYear":"2015","CveId":"7546","Ordinal":"1","NoteData":"The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers, which allows remote authenticated users to bypass intended access restrictions and gain access to cloud resources by manipulating byte fields within a revoked token.","Type":"Description","Title":"CVE-2015-7546"},{"CveYear":"2015","CveId":"7546","Ordinal":"2","NoteData":"2016-02-03","Type":"Other","Title":"Published"},{"CveYear":"2015","CveId":"7546","Ordinal":"3","NoteData":"2016-11-25","Type":"Other","Title":"Modified"}]}}}