VDB
KO
MEDIUM 5.9

PYSEC-2026-656

OpenStack Keystone and other components vulnerable to Improper Certificate Validation

Details

HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / keystone
Introduced in: 0 Fixed in: 8.0.0a0
Fix pip install --upgrade 'keystone>=8.0.0a0'

References