9.9

CVE-2026-22797

An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The external_oauth2_token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged identity headers such as X-Is-Admin-Project, X-Roles, or X-User-Id, an authenticated attacker may escalate privileges or impersonate other users. All deployments using the external_oauth2_token middleware are affected.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.17
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.18
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.19
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.20
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat OpenShift Container Platform 4.21
Default Statusaffected
HerstellerRed Hat
Produkt Red Hat OpenStack Platform 13 (Queens)
Default Statusunaffected
HerstellerRed Hat
Produkt Red Hat OpenStack Platform 16.2
Default Statusunaffected
HerstellerRed Hat
Produkt Red Hat OpenStack Platform 17.1
Default Statusunaffected
HerstellerRed Hat
Produkt Red Hat OpenStack Platform 18.0
Default Statusunaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.58% 0.431
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
cve@mitre.org 9.9 3.1 6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 9.9 3.1 6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
CWE-290 Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

https://launchpad.net/bugs/2129018
https://www.openwall.com/lists/oss-security/2026/01/16/9
http://www.openwall.com/lists/oss-security/2026/01/15/1
http://www.openwall.com/lists/oss-security/2026/01/16/2
http://www.openwall.com/lists/oss-security/2026/01/16/3
http://www.openwall.com/lists/oss-security/2026/01/16/9
https://access.redhat.com/errata/RHSA-2026:3402
https://access.redhat.com/errata/RHSA-2026:3855
https://access.redhat.com/errata/RHSA-2026:4434
https://access.redhat.com/errata/RHSA-2026:5133
https://access.redhat.com/errata/RHSA-2026:5907
https://access.redhat.com/security/cve/CVE-2026-22797
https://bugzilla.redhat.com/show_bug.cgi?id=2430879
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22797.json